Critical Infrastructure Research paper

Ch8.pdf

Home >Government homework help >Critical Infrastructure Research paper

145

8 InformatIon technology

Information technology (IT) sector vulnerability is defined by the U.S. Congress as “the vulnerability of any computing system, software program, or critical infrastructure, or their ability to resist, intentional interference, compromise, or incapacitation through the misuse of, or by unauthorized means of, the Internet, public or private telecommunications systems or other similar conduct that violates Federal, State, or international law, that harms interstate commerce of the United States, or that threatens public health or safety.”1 For our purposes, cybersecurity is the study and practice of securing assets in cyberspace—the world of computers and computer networks. Cybersecurity is more than defending against viruses and worms, as described in the previous chapter. It encompasses information assurance in enterprise computing.

This chapter surveys the policies and technologies of securing information and the IT systems that process information—the IT sector. The phrases cybersecurity and IT sector security will be used interchangeably. The essence of IT security centers on the notion of trusted computing—a trusted computing base (TCB) containing hardware and software, plus trusted paths (TP) between and among various computing bases. In laymen’s terms, this means encapsulating hardware, software, and data in a protected zone and protecting communication transactions between and among users.

The rules of trusted computing have been known for many decades, so what is the challenge? For the most part, trusted computing depends on human processes as much, if

not more, than on technology. IT security is a human process problem. However, securing an enterprise computing system is not easy or inexpensive. Security introduces inconve- niencies and requires additional effort. Therefore, IT secu- rity policies must strike a balance between ease of use and protection of users and user’s data.

Specifically, this chapter discusses the following:

• Principles: The four fundamental principles of IT sec- tor security as defined by the IEEE X.509 standard are authentication, information integrity, information con- fidentiality, and nonrepudiation of ownership. For example, authentication is typically achieved by pass- words, and integrity, confidentiality, and nonrepudia- tion are achieved by encryption.

• Policies: Cybersecurity involves a wide range of information assurance policies and practices including but not limited to loss of access to information, loss of data, and loss of security associated with IT and human information-handling processes.

• Trusted computing: Secure IT systems are founded on a TCB and employ TP through a network of IT compo- nents and human users to ensure the security of information stored and processed by the IT system.2 To be secure, all IT processes must run within a TCB and communicate via a TP.

1HR 4246 introduced into the 106th Congress 2nd session, April 2000.

2A trusted path is a mechanism by which a person using a terminal can com- municate directly with the TCB. The trusted path can only be activated by the person or the TCB and cannot be imitated by untrusted software.

Lewis, T. G., & Lewis, T. G. (2014). Critical infrastructure protection in homeland security : Defending a networked nation. ProQuest Ebook Central <a onclick=window.open('http://ebookcentral.proquest.com','_blank') href='http://ebookcentral.proquest.com' target='_blank' style='cursor: pointer;'>http://ebookcentral.proquest.com</a> Created from apus on 2020-12-10 18:57:14.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

146 InFoRmATIon TECHnology

• Components: The major components of a TCB and TP are firewalls, proxies, intrusion detection systems (IDS), encryption, public key encryption (public key infrastructure (PKI)), and policies that enforce a certain level of security. Security is not an absolute “secure” or “not secure” decision, but rather a trade-off with other factors.

• Encryption: There are two basic types of encryption: symmetric and asymmetric. Symmetric encryption is used to secure information between trusted parties; asymmetric is used to secure information between anonymous parties. Both kinds of encryption have political implications because ciphers have historically been viewed as munitions.

• Data encryption standard (DES) and advanced encryp- tion standard (AES): Symmetric ciphers such as the standard DES, triple-DES (3DES), and AES have evolved out of the lucifer project started in the 1960s by IBm, but the ideas go further back—perhaps as far as the classified work of the British during World War II. As computers get faster, symmetric codes are broken, requiring longer and longer keys. one major disadvan- tage of symmetric codes is that they are symmetric, which leads to a vulnerability.

• Current standard encryption: AES is the latest symmetric code to be standardized by the U.S. national Institute of Standards and Technology (nIST) (2002), and besides being strong (256-bit keys), it is suitable for small computers such as those used in SCADA systems. 3DES and AES have been adopted by the U.S. federal government and are required in order for an IT system to be FIPS compliant.3

• Diffie–Hellman cipher: Asymmetric ciphers rediscov- ered by Diffie and Hellman in 1976 use a public key to encode and a private key to decode. The private key is not shared; hence, it is less vulnerable to cracking. The Rivest, Shamir, and Adleman (RSA) algorithm implements the ideas of Diffie–Hellman and makes it possible to authenticate users (digital signatures) as well as protect the privacy of both sender and receiver. Rivest, Shamir, and Adleman invented a practical method of performing the Diffie–Hellman algorithm.

• Certificates: PKI authenticates the identity of users by assuring that the sender is who he or she claims; guarantees the integrity and security of the message by assuring that it has not been modified by an intermediary; assures privacy by making sure the message is decod- able only by intended recipient; guarantees authentica- tion, security, and privacy are enforceable by assuring that the message is signed by the verified parties; and guarantees nonrepudiation by assuring that both

parties cannot disavow or deny involvement with the transaction.

• Strategy: Cybersecurity will improve when the follow- ing information infrastructure improves: TCP/IP encryption of source/destination addresses; vendors remove software flaws; software defaults are config- ured for the highest level of security; users are better informed and trained to prevent security breaches; organizations adopt stronger standard operating procedures; consumers demand better IT security; and vulnerability and risk analysis are standardized and used routinely.

• Incomplete knowledge: more research needs to be done to make software virus proof, reduce software errors that hackers can exploit, standardize risk anal- ysis including the use of quantitative techniques, and develop new methods to analyze cascade effects, pre- dictive methods, and recovery.

8.1 PrIncIPles of It securIty

The IT sector is notoriously nonsecure, and yet the principles for a secure IT infrastructure have been known for decades. The IEEE X509 and RFC 2459 (1999) standards define cybersecurity in terms of four fundamental principles:

1. Authentication: Ability to verify authenticity of users and data

2. Integrity: Ability to guarantee document or message has not been altered

3. Confidentiality: Ability to conceal the content of documents and messages

4. nonrepudiation: Inability to deny authenticity, non- concealment of ownership

Authentication means the identity of a user is known— typically through the use of a username and password but also through various biometric identification technologies such as fingerprints or voice recognition. Integrity means that email, attachments, and documents such as spread- sheets, photos, audio, and text arrive at their destination unaltered. Confidentiality means it is possible to store and transmit information without prying eyes “in the middle.” Confidentiality is typically achieved by encryption. Nonrepudiation means the sender cannot deny sending the document or message. For example, a message cannot be spoofed. Email from whitehouse.gov actually came from the Whitehouse, and contracts from your attorney actually came from your attorney.

These four principles may seem simple on the surface, but they have proven to be difficult to implement in practice. one of the major barriers has been the very people they were 3FIPS is the Federal Information Processing Standards.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

EnTERPRISE SySTEmS 147

meant to protect—consumers. Authentication requires the user to remember relatively long passwords; integrity, confi- dentiality, and nonrepudiation require strong encryption and secure key escrow accounts. Users have been loath to adopt these technologies because they are inconvenient and unfriendly. nonetheless, progress has been made over the past two decades as consumers opt for security even at the expense of convenience. The major technology responsible for this progress is called PKI, and the basic technology that PKI depends on is the certificate authority (CA).

In general, PKI is a combination of public key encryption and a hierarchical storage system based on certificates. A certificate is a digital document containing a user’s authenti- cation and encryption information. At a minimum, a digital certificate contains:

• The user’s name

• The user’s public key

• The public key’s expiration date

• The CA that issued the certificate

• Digital signature of the CA

Digital certificates are like many common identification cards such as a birth certificate, driver’s license, or credit card. But digital certificates are entirely digital and live in a CA database. CAs are hierarchical—local certificates are verified by higher-level authorities, working their way up to the highest level CA in the hierarchy.

The general idea of cybersecurity is to enclose an IT system in a protected shell called the demilitarized zone (DmZ). All transactions occur within the DmZ along TP— nodes and links that are guaranteed to be secure as defined by the four security principles—authentication, integrity, confidentiality, and nonrepudiation. Trusted systems man- age TP, which in turn deliver trusted IT services to users. Trusted systems, however, are difficult to implement.

8.2 enterPrIse systems

An enterprise system is an IT system that is used by an enterprise—corporation, government agency, school, mili- tary command, etc. regardless of size. Because an entire orga- nization depends on it, an enterprise system demands high availability, data integrity, reliability, and security. A desktop computer may be a member of an enterprise system, but it is not an enterprise system on its own. Enterprise systems span entire organizations and provide a stable core of hardware and software components that support the mission of an orga- nization. They consist of computers of all sizes, networks for connecting them, and software for making them useful. The software typically consists of email programs, word-processing software, payroll applications, database applications, etc.

Unfortunately, it is theoretically impossible to determine whether or not an enterprise system is secure.4 The best we can do is institute policies that diminish the likelihood that an enterprise system is compromised—either maliciously or inadvertently. Therefore, cybersecurity is largely a practice rather than an exact science.

generally, the goal of cybersecurity is to protect an enterprise system from loss of service, loss of data, and loss of security. Loss of service typically means the system is down, slow, or otherwise unable to respond to its users. Loss of data means that information is lost, and loss of security means the system has been compromised, either by a break-in or lack of proper controls such as access rights (failed password, user privileges, etc.).

8.2.1 loss of service

loss of service can occur in at least three ways: power failure, telecommunication failure, and a denial-of-service attack. Power and telecommunication failures may be acci- dental or perpetrated incidents. A denial-of-service attack is an exploit perpetrated by an attacker. Various methods of DoS were described in the previous chapter.

of course, there are many ways for loss of service to occur, such as malfunction of equipment and software defects that cause the enterprise system to stop. For example, power outages can be mitigated by backup power, and tele- communication outages can be mitigated by redundancy. Software defects can be partially mitigated by updates and patches, and databases can be backed up. DoS exploits are detected by IDS placed between the enterprise system and the outside network. Each analysis must be tailored to the enterprise system under investigation.

8.2.2 loss of Data

loss of data can occur for a number of reasons: a file might be inadvertently deleted, a virus might be responsible for file deletions, or the deletion might be the result of an exploit that uses a flaw in an application such as microsoft Excel, oracle database, or human relations management software. Data loss is typically mitigated by backing up databases and storing the backup off-site.

For example, a break-in made possible by a clear pass- word file may result in a malicious act such as an important file being deleted, but if there is a backup, then the file can be restored. Thus, a backup policy can assure the security of information even when files are deleted. How often should the enterprise make backup copies?

4Deciding whether or not a computer system is secure has been shown to be impossible, by mathematical logic. Consider the following paradox: Tom says, “Sally always tells the truth,” and Sally says, “Tom always lies.” Is Sally lying, now? It is impossible to decide. In a similar fashion, system security can be shown to be undecidable.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

148 InFoRmATIon TECHnology

An application may be vulnerable to an attack or inadver- tent loss of data because of a flaw in the application soft- ware. For example, an ActiveX control may be downloaded through a browser that operates in the clear—or by allowing a malicious certificate to access a worker’s desktop com- puter. If the ActiveX control is allowed to delete the user’s files, it may also spread throughout the enterprise and delete other files as well.

8.2.3 loss of security

loss of security is what most people think of when they think of cybersecurity. This category includes a vast number of faults, described in greater detail in the previous chapter. Password violations are the most prevalent type of exploit. They occur because users fail to protect them, the enterprise system itself fails to protect the password file by encrypting it, or the enterprise system implements a weak public key encryption (PKI) system.

malicious insiders are the most prevalent category of hacker. Passwords can be discovered or obtained in a number of ways. War dialing is the act of systematically dialing phone numbers until a computer answers and then systemat- ically trying all the words in the dictionary until one of them works. This is why passwords should be nonsense strings of characters including numbers and special symbols.

log-in and password strings can also be obtained by recording keystrokes of the user (key-logging) or observing traffic over the network connecting the user to the Internet. If the user’s log-in and password are transmitted in the clear, instead of encrypted, a man-in-the-middle attack may be used to get the user’s password and username. To prevent this, a browser should always connect with the enterprise system through a hypertext transport protocol secure (HTTPS) server using secure socket layer (SSl) encryption.

loss of security can also occur because of a worm attack that succeeds in entering a victim’s enterprise computer and then spreading to users connected to the enterprise com- puter. As described in the previous chapter, one such exploit begins with a buffer overflow, which succeeds because the victim has not installed the latest patch and the attacker has found an open port. A worm that achieves enough privileges can take control of the entire enterprise system.

8.3 cyber Defense

Cyber defense is more a matter of policy than technology. on the one hand, security is costly and inconvenient for users. on the other hand, defense is necessary—at some level—in order to secure the information managed by an enterprise system. Therefore, cybersecurity policy will end up reflecting many compromises between assurance and convenience. This leads to a question, “what is the minimum

security possible?” This section surveys a set of minimum policies for ensuring a basic or foundational level of cyber- security called TCB.

Definitions of TCB vary, but for our purposes, a TCB is the totality of protection mechanisms within a computer system—including hardware and software—that is respon- sible for enforcing a security policy. It creates the most fundamental protection environment possible along with some additional user services required for a trusted com- puter system. The ability of a TCB to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input of parameters by system administrative personnel (e.g., a user’s clearance) related to the security policy.

Figure 8.1 shows a TCB made up of a TCB system and a TP between the computing system and user. The user will typically be a person sitting at a desktop, laptop, tablet, or smartphone connected to an enterprise system through the Internet. The TP will typically be a secured Internet connection.

The core component of a TCB is an enterprise server running behind a firewall that establishes a security zone called the DmZ (see Fig. 8.2). The DmZ forms a protective shell surrounding the components necessary for enforcing security policies such as user authentication, encrypted data, and access privileges. Security is guaranteed within the DmZ.

outside of the DmZ is a TP connecting users to the DmZ. While a TP can be implemented by any kind of network, our example uses an encrypted Internet connection. In addition, a TCB must ensure that the users are who they say they are. The identity of the system’s end users must be authenticated, usually by employing a user log-in and password. of course, mobile devices such as tablets and smartphones often employ biometric methods of authentication such as fingerprints and voice pattern recognition.

The goal of this architecture is to establish a TCB made up of the components protected within the DmZ, a TP bet- ween user and DmZ, and a trusted user. The list of mecha- nisms at the bottom of Figure 8.2 suggests ways to ensure the correctness of the TCB, TP, and authenticated users. Short explanations of common mechanisms for enforcing the TCB and TP follow.

Trusted user

Trusted computing

base

Trusted path

fIgure 8.1 The architecture of a trusted computing base (TCB) consists of secure users, computers, and paths connecting them.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

CyBER DEFEnSE 149

8.3.1 authenticate users

Starting from the user’s perspective, the first step in estab- lishing a TP is to verify the authenticity of the users. The log-in/password mechanism currently used by most enterprise systems is perhaps the simplest. But more sophis- ticated biometric techniques should be used if a higher level of trusted computing is desired. For example, callback mechanisms such as relaying permissions via an offline email account may be employed to increase the strength of authentication. Selection of authentication technology is an example of a policy decision that will affect the implementa- tion of cybersecurity.

Suppose, for example, a certain enterprise is required to guarantee the security of classified information. In this case, it is likely that a log-in/password mechanism will be inade- quate for user authentication. Instead, users might be authen- ticated using retinal scanning, temporal passwords with a 30-s lifetime, and smart cards containing very long keys.

8.3.2 tP

The TCB needs a TP that connects users to the information they need to do their jobs. The purpose of a TP is to guard against man-in-the-middle attacks or fraudulent impersona- tion of valid users. Using a naval metaphor, we not only want to protect the ports but also ships on the high seas. Similarly, cybersecurity aims to protect information stored in the core of the TCB as well as information that is in transit between users and the TCB.

The most elementary means of protecting communica- tion links is to use a browser that supports SSl encryption. SSl requires HTTPS running on the enterprise server. SSl encrypts each session so that an intercepted communication cannot be hacked. E-commerce sites should always use the SSl/HTTPS combination to provide a TP for their online customers—especially when account numbers and personal data are transmitted. Credit card information is encrypted by SSl, for example, and delivered by HTTPS to the e- commerce store.

SSl implements a modest level of cybersecurity. A stronger form is called virtual private network (VPn).5 Recall that each TCP/IP packet is transmitted in the clear, meaning that both source and destination address can be seen by a man-in-the-middle attacker. While the data may be encrypted, the remainder of the packet is not. IP version 6 (Ipv6) supports encryption of the TCP/IP packets, them- selves, but less than half of all websites deploy Ipv6.

A VPn conceals not only the contents but the sender and receiver’s identity, as well. The “V” in VPn stands for “virtual,” which means that virtual source and destination addresses are used in place of real addresses. To get through a firewall, these virtual addresses must be recognized and translated back into their real address equivalents. This is called IP tunneling, or VPn tunneling, because the VPn establishes a “tunnel” through the firewall. Tunneling

Authenticate users

Firewall

Internet IDS intrusion detection system

Proxy server Web

server

XML server

Storage servers (Database)

DMZ: Demilitarized zone

LDAP server

eMail servers

Users

HTTPS/SSL encrypt

Filter packets block

Scan ports for attacks

PKI certi�cates LDAP

Encrypt data from insiders

Applications

fIgure 8.2 A detailed view of a typical TCB and the security technologies in common use by enterprise computing systems.

5A network that uses the Internet rather than leased lines for connections. Security is guaranteed by means of a R connection in which the entire TCP/ IP packet (content and addresses) is encrypted and encapsulated.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

150 InFoRmATIon TECHnology

involves establishing and maintaining a logical network connection with possibly intermediate hops. A VPn allows corporations to establish a proprietary network on an open public network such as the Internet.

The bottom line is this: a VPn can be constructed on top of Ipv4 or Ipv6, making the TP much more secure—even though data travels over the open Internet. This can be costly in terms of hardware and software, and it can slow down a network because of the translation between virtual and real addresses. So the trade-off is cost, speed, and convenience versus enhanced security. Thus, the decision to use a VPn must be a policy decision.

8.3.3 Inside the DmZ

once inside the DmZ of Figure 8.2, implementation of cybersecurity becomes a more complex and sophisticated challenge, because a successful hack into the DmZ can have disastrous repercussions. If the DmZ is compromised, all users and data are compromised. The question is, “what are the minimum mechanisms for achieving a minimally secure DmZ?”

A typical minimum set of mechanisms for assuring the security of a DmZ are the following:

• Firewalls

• Proxies

• IDS

• Secure web servers

• Secure Xml servers

• lightweight Directory Access Protocol (lDAP) servers

• PKI software and policies for enforcing the TCB

The first line of cyber defense is the firewall. A firewall is a special-purpose computer that manages ports, inspects and filters network packets, and determines whether to allow packets into the DmZ. Firewalls come in two varieties: static packet filtering firewalls that block packets based on the source and destination addresses in each packet and stateful packet filtering firewalls that block packets based on content, level of protocol, and history of packets. Stateful firewalls are sometimes called dynamic filtering firewalls.

Firewalls are not perfect. In fact, they are far from perfect, because they cannot block all malicious programs. Simply stated, a firewall is mainly used to manage ports and VPns. They may not be adequate for detecting Trojan horses, pre- venting DoS attacks, and thwarting email viruses. Therefore, they should not give the administrator a false sense of secu- rity, but instead constitute the first step in establishing a TP between users and information.

A proxy server is a special-purpose computer that sits between a user and the enterprise server. It intercepts all requests to the real server to see if it can fulfill the requests

itself. If not, it forwards the request to the enterprise server. The purpose of a proxy server is twofold: to improve secu- rity and to enhance performance. It improves performance and security by caching incoming requests on behalf of an external website or user. In this way, unauthorized requests can be thwarted by the proxy and never reach the inner com- ponents of the TCB. The enterprise system does not expose all of its information to the outside world—only the public portions.

A proxy server can also perform the functions of a gateway by accessing external pages on behalf of an internal user. Each time a user requests a page from a remote web- site, the proxy server is consulted, and if the page is already inside of the DmZ, the proxy server supplies the page, instead. This avoids delays and enhances security because the entire transaction is performed within the DmZ. It is not necessary to venture beyond the firewall. gateway proxies are also used to prevent employees from viewing unautho- rized websites.

Every good TCB needs an IDS. This is a special-purpose computer that inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate that a network or system attack is underway. It uses a variety of algorithms to detect when someone is attempting to break into or compromise the DmZ. For example, it may employ misuse detection—the process of comparing “signatures” against a database of attack signatures to determine if an attack is underway. or the IDS may employ anomaly detec- tion by comparing the state of the network against a “normal” baseline.

An IDS can be network based or host based. A network- based IDS protects an entire network, whereas a host-based IDS protects a single computer such as a home PC. It can also be passive or reactive. A passive IDS simply logs net- work traffic status and only signals a human operator when an unusual pattern is observed. A reactive IDS automatically terminates a user session or blocks network traffic from the suspected source when it detects a suspicious pattern.

A web server is a computer with special software to host web pages and web applications. It is the component that hosts HTTP/HTTPS and delivers HTml/Xml pages to users. Figure 8.2 shows how a web server acts like a traffic cop, handing off actual processing to other computers. For example, email messages are handed off to an email server, Xml messages are handed off to the Xml server for pars- ing, database queries are handed off to a database applica- tion server, and security functions are handed off to the lDAP directory server.

Some well-known examples of web servers:

• Apache

• mS Internet Information Server (IIS)

• google web server

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

BASICS oF EnCRyPTIon 151

An lDAP server is an essential part of any TCB.6 Its function is twofold: to participate in the authentication of users through password storage and verification and to hand out permissions—called privileges—to running applications.7 microsoft Active Directory is a commercial example of an lDAP server. It holds the usernames and passwords of all authenticated users of an enterprise system.

Access privileges are transferred among users of TCBs through a ticketing system called X.509 certificates. A certif- icate is a digitally signed message that transfers privileges from the sender to the recipient. X.509 is a recommended standard as defined by the IEEE and International Telecommunications Union (ITU).8 most computer users see certificates as dialog boxes that pop up in the middle of a web browsing session. The dialog asks the user to allow the foreign request access to his or her computer. If the user agrees, the certificate transfers permission from the user to the foreign requestor.

How do users get privileges? They do so by providing a user log-in and password to an authentication program to verify the authenticity of the log-in. The authentication program obtains each user’s access privileges from a (lDAP) directory that is safely stored within the DmZ. As the user moves from one application to another, each application consults the list of user privileges to determine if he or she has the necessary access rights. For example, one user may have the right to read a database record and another user may have the right to change the record. In this way, the user does not have to log in repeatedly to different applications, and the entire system is protected from unauthorized internal access. Certificates and access privileges form the basis of a security infrastructure called PKI, which is described in more detail later in this chapter. But first, we need to under- stand the basics of encryption, because PKI is based on public–private key encryption.

8.4 basIcs of encryPtIon

Encryption—turning plaintext messages into secret codes— is at least 4000 years old. Encryption converts plaintext words into ciphertext using a key and an encoding algorithm.

The result is called a cipher. The reverse process—converting ciphertext into plaintext—is called decryption. The key is a special word that enables encoding. If the same key is used to encode and decode the secret message, we say the encryp- tion is symmetric. If a different key is used, we say the encryption is asymmetric. Cryptology is the study of ciphers, keys, and encryption algorithms.9

During most of its history, cryptography didn’t change much. Find a way to translate plaintext into ciphertext and then transfer the ciphertext to a recipient, who reverses the process using the secret key. The cipher is symmetric, because both parties use the same key to encode and decode the secret message. Thus, the key must be protected, because anyone with the key can unravel the cipher.

Perhaps the best-known symmetric cipher is the logical EXClUSIVE-oR cipher—widely known because of its simplicity. It performs the logical EXClUSIVE-oR opera- tion on each bit of the binary representation of plaintext (see Table 8.1). It works bit by bit across the plaintext by taking one bit from the plaintext word and another bit from the key and writing the EXClUSIVE-oR as the ciphertext. To reverse the process—from ciphertext to plaintext—do the same thing over again: EXClUSIVE-oR the key with the ciphertext.

For example, suppose the secret key is 1101, and the sender wants to encrypt the plaintext 1001 and send it to the receiver, who also knows the key. Encoding is done by EXClUSIVE-oRing each bit of the message 1001 with each corresponding bit in the key. The same process is repeated to recover the plaintext from the ciphertext.

Sender Encodes 1001 using key 1101, as follows:

1101 1001 0100EXCLUSIVE OR ciphertext− = =

Receiver decodes 0100 as follows:

1101 0100 1001EXCLUSIVE OR plaintext− = =

Keys in the EXClUSIVE-oR cipher are limited to no more than 2k possible values for a key with k bits. That is, the time it takes to enumerate all possible keys is proportional to 2k. For example, a 20-bit key can have no more than 220—approximately 4 million—distinct values. This may seem like a lot, but even a key with 128 bits is not too large

table 8.1 eXclusIVe-or logic: only one of the two operands can be 1 in order to produce 1. otherwise, eXclusIVe-or logic produces a 0

EXClUSIVE-oR B = 0 B = 1

A = 0 0 1 A = 1 1 0

6lDAP—defined by the IETF—defines a relatively simple protocol for updating and searching directories running over TCP/IP. 7Additions to version 3 of lDAP rectified many of the shortcomings of the original lDAP and allowed lDAP servers to correctly store and retrieve X.509 attributes, but searching for them was still impossible. This is because the protocol fields, that is, the X.509 attributes, are simply transferred and stored as binary blobs by lDAPv3, with the server having no knowledge about their structure and contents. “modifying lDAP to Support X.509- basedPKIs,” D.W. Chadwick, E. Ball, m.V. Sahalayev, University of Salford, Salford, m5 4WT. 8X.509 is actually an ITU recommendation. nonetheless, it has been widely adopted by the Internet community. 9A simple definition of cryptology is the study of secret messages.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

152 InFoRmATIon TECHnology

for a modern computer to run through in a relatively short period of time. The EXClUSIVE-oR cipher can be cracked by simply trying every key value from 0 to 2k − 1. But a key with 256 bits would take a computer 2256 units of time to crack—many times more than the time to crack a cipher with half as many bits. In other words, the strength of a cipher is exponentially related to the number of bits in the key. Key length determines encryption strength. Cybersecurity needs strong encryption and this means ciphers with large keys.10

8.4.1 Des

In the 1960s, a team of IBm researchers designed a symmetric cipher for commercial applications they called the Lucifer algorithm. lucifer was not unique, but it was destined to become the first standard encryption technique for the U.S. federal government. Indeed, lucifer was adopted by the nIST for use by nonmilitary customers in 1977 and revised in 1994. Simply called the DES, the lucifer algorithm has been widely used by banks, insurance companies, and hand- held devices such as cellular phones. It is also known as “56-bit encryption,” because it uses a 56-bit key:

In the late 1960’s, IBm’s chairman Tomas Watson, Jr., set up a cryptography research group at his company’s yorktown Heights research laboratory in new york. The group, led by Horst Feistel, developed a private key encryption system called “lucifer.” IBm’s first customer for lucifer was lloyd’s of london, which bought the code in 1971 to protect a cash-dispensing system that IBm had developed for the insurance conglomerate.

In 1968, the national Bureau of Standards (nBS, since renamed national Institute of Standards and Technology, or nIST) began a series of studies aimed at determining the US civilian and government needs for computer security. one of the results indicated that there was a strong need for a single, interoperable standard for data encryption that could be used for both storage and transmission of unclassified data (clas- sified stuff was still the domain of the nSA).11

DES uses 64 bits: 56 for data and 8 for parity. It is also called a block cipher because it breaks the message into 64-bit blocks and encodes each block, separately. There are actu- ally four variants of DES:

1. ECB = electronic codebook (standard DES algorithm)

2. CBC = cipher block chaining

3. CFB = cipher feedback

4. oFB = output feedback mode

The DES algorithm is described in more detail in algorithm 1: DES Encryption.

Unfortunately, DES was cracked in 3 days in 1998 using a special-purpose computer. In 1999, it was cracked in 22 h using 100,000 personal computers working together over the Internet. Today, cracking the 56-bit DES cipher is child’s play for most home computers. Using longer keys, however, can strengthen DES.

8.4.2 3Des

The easiest way to make DES stronger is to make the keys longer—three times longer, in fact. 3DES simply applies DES three times with three keys: Key1, Key2, and Key3. This effectively increases key length threefold, from 56 to 168 bits. It also increases the difficulty of breaking the code by a factor of 2112, or about 168 years of doubling in com- puter processing speed.12 3DES is strong, but somewhat cumbersome.

8.4.3 aes

modern symmetric encryption uses the AES, adopted by nIST and officially standardized by the U.S. government in 2002. It is an alternative to DES and 3DES that uses even longer keys: 128-, 192-, or 256-bit keys. In may 2002, nIST adopted the Rijndael (Daemen–Rijmen) algorithm as the basis of AES [1]. A 256-bit Rijndael cipher is 2200 times stronger than DES and 288 times stronger than 3DES. In other words, it will take 120 years of progress in computing to achieve the necessary speeds to crack AES the way that DES was cracked in 1999.

one major advantage of AES, in addition to its strength, is that Rijndael works on small machines, which means AES is suitable for industrial control applications. But it takes 10, 12, or 14 rounds, depending on key size, to encode and then to decode messages. This is slower than other symmetric codes, but not too much of a burden for modern processors—even the commodity processors used in most industrial controls. The future of symmetric encryption is AES.

10The strength of a cipher is measured by how long it takes for a computer to break it. Today, strong encryption means a computer the size of the uni- verse would need all of recorded time to break the cipher. 11http://library.thinkquest.org/27158/concept2_1.html

12moore’s law says processing speed doubles every 1.5 years. So, 1.5 × 112 = 168.

algorIthm 8.1 Des encryPtIon

Encode: Use permutation tables to scramble the plaintext to be encoded: The 56-bit key + tables produce sixteen 48-bit subkeys: K

1 , K

2 , …, K

16 .

Do this 16 times:

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

ASymmETRIC EnCRyPTIon 153

8.5 asymmetrIc encryPtIon

Code breakers have learned to use exhaustive brute-force methods to defeat symmetric key ciphers. In fact, high- powered computers have become very good at finding keys for symmetric encryption. While the future of symmetric encryption is AES, even AES has faults. one of these is the exposure that comes with sharing the secret key among many users. In symmetric encryption, both the sender and receiver use the same key, which exposes the most critical piece of the cipher—the key.

Fortunately, two clever mathematicians named Diffie and Hellman in 1976 closed the cryptographic loophole left open by key sharing [2].13 They found an elegant way for two parties to share a secret message without sharing the same secret key. Instead, each party shares a public key but con- ceals his or her own private key. Public keys are used to encode and private keys used to decode the secret message. In this way, two parties can keep both the message and their private keys a secret. Public key encryption is asymmetric, because a different key is used to encode than to decode.

The Diffie–Hellman invention of asymmetric cryptography using a public key was profound and disconcerting to intelli- gence agencies of the U.S. federal government, because it allowed anyone to build ciphers that nobody could crack—not even the powerful national Security Agency (nSA). Before the Diffie–Hellman algorithm was invented, the nSA rou- tinely cracked ciphers. Afterward, criminals and law-abiding citizens alike were able to keep their messages completely secure and completely unbreakable by governments.

The history of cryptology is long and colorful—too long and colorful to do it justice in this chapter. But one of the most interesting events of recent history is the peculiar case of Phil Zimmermann and the U.S. Customs. Zimmerman was accused of trafficking in munitions simply because he wrote a computer program that implemented the Diffie– Hellman asymmetric algorithm. In 1995, Charles gimon described the essence of asymmetric encryption and Phil Zimmermann’s program called Pretty Good Privacy (PgP):

In 1976, a completely new way to encrypt messages was published by Whitfield Diffie and martin Hellman. This new method was called public key encryption. In this system, each person has two keys, a public key and a private key. The public key is broadcast around so anyone can use it, the private key is known only to the owner. you can encode a message with the recipient’s public key so that only they can decode it with their private key. This public key encryption not only provides privacy, it also makes it possible to be certain that only the sender wrote the secret message you received. It ensures both privacy and identity.

Public key encryption is fantastically difficult for even computers to break. The longer you make the keys, the more difficult public key encryption is to break. you can make the keys long enough so that, using today’s tech- nology, anyone’s best guess is that it would take so-and-so many billions of years to break the code. one cute phrase you hear to describe this situation is “acres of Crays.”14 There’s even wild talk of making keys so long that using the code breaking methods we have right now, you’d need a computer with more circuits than there are atomic particles in the known universe working for a longer period of time than has passed since the Big Bang to break it. In other words, a metaphysically unbreakable code—talk about tough math homework.

many companies, including AT&T, SCo and Sun microsystems, have used public key encryption in their products. In order to give the power of public key encryption to folks like you and me, a programmer in Boulder, Colorado named Phil Zimmermann put together a shareware program called PgP—“Pretty good Privacy”—which lets anyone with a PC use public key cryptography.

governments like ours have a healthy respect for cryp- tography; it’s sometimes said that the U.S. and Britain won the Second World War by breaking german and Japanese codes. In the United States, strong, “unbreakable” encryp- tion is considered a weapon for export purposes, just like hand grenades or fighter planes are. In theory, it’s illegal to export public key cryptography, on paper or as a computer program.

In 1991, right after the gulf War, there was a bill before the U.S. Senate (S.266) that would have had the effect of banning public key encryption altogether. Faced with this situation, some activists in the [San Francisco] Bay Area decided that if they could spread public key encryption

Split 64-bit input data into two halves, l and R of 32-bits each.

Expand and permute R into 48 bits and XoR with K i ,

i = 1–16.

Further scramble with a table that produces eight 4-bit blocks.

Permute the result again, then XoR with l and swap l and R.

l and R are joined back together to form the 64-bit preoutput.

Use a table to permute the preoutput one last time.

Decode: Apply subkeys in reverse order: K 16

, K 15

, …, K 1

using the encode algorithm.

note: XoR is the EXClUSIVE-oR operation.

13Actually, three British Security Service researchers, Ellis, Cocks, and Williamson, discovered public key encryption in 1968/1969, but because their work was classified, they could not publish their results. Diffie and Hellman discovered public key encryption, independent of the British Security Service researchers. 14At one time, Cray computers were the fastest computers on the planet.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

154 InFoRmATIon TECHnology

around widely enough, the genie would be out of the bottle and there’d be no way for Uncle Sam to get it back in again. They took a copy of Zimmermann’s program and uploaded it to as many bulletin boards and Internet sites as they could.

It took the Feds two years to react. In February 1993, mr. Zimmermann received a visit from Customs. Even though he didn’t do the uploading himself, the Feds say that Zimmermann allowed his program to be uploaded to Internet sites that can be reached from anywhere in the world, and therefore he has supposedly exported a munition without a license. It sounds like something an oily guy in miami or Beirut would be involved in—but a computer geek in Boulder, Colorado?

David and goliath aspects aside, the case is important for two reasons. The obvious one is the First Amendment one— computer software ought to be considered speech, something that Congress isn’t supposed to pass any law abridging the freedom of. Anyway, encryption is just math, and restricting or banning it isn’t that much different than banning the knowledge that two plus two equals four.

The other thing about the [Zimmermann incident] is its impact on America’s software industry. Restricting the export of strong encryption is a joke—you can buy it shrink- wrapped in moscow. The restrictions are an outdated, artificial leg-iron on American companies, and if they were enforced on everybody, it would make American encryption software a second-rate choice in every other part of the world. Public key encryption lets you do secure transactions on the Internet. That means buying and selling and free enterprise—all the things that we won the Cold War for— with little risk of theft or fraud. It’s a shame that exporting what could be a great crime-fighting device could end up being a crime itself. [3]

The sociopolitical implications of encryption mathematics are obvious from the description above. Encryption is criti- cal to secure operation of IT infrastructure. But it isn’t just a topic for computer experts, because it affects everyone. The remainder of this chapter will be devoted to the discussion of encryption’s role in establishing a PKI. A thorough discussion of the politics of encryption will be left to another author.

8.5.1 Public Key encryption

The nontechnical reader may want to skip the following sec- tion, which describes, by example, how public key encryp- tion works. It is the backbone of trusted computing. Without public key encryption, privacy would not be possible in the Internet Age.

The Diffie–Hellman paper described the concept of public key encryption, but it did not describe how to actually do it. The problem was that translation from plaintext to ciphertext had to be one-way. That is, the process had to be irreversible. otherwise, the receiver of a secret message could work

backward and discover the sender’s key. most mathematical operations are two-way: 3 + 2 = 5 is reversible to 3 = 5 − 2, and division, 6/3 = 2, can be reversed by multiplication, 2 × 3 = 6. Asymmetric encryption needed a mathematical operation that worked one-way but not the other way.

In 1977, three mathematicians, Ronald Rivest, Adi Shamir, and leonard Adleman (RSA), started their journey into the annals of encryption history by attempting to prove Diffie and Hellman wrong. Instead, they showed how to implement the Diffie–Hellman idea, which led to the famous RSA cipher in 1977 [4]. Today, RSA is the most common form of encryption used in PKI. algorithm 2 (RSA Encryption) shows how to do public key encryption using RSA.

Public key encryption is an extremely clever application of big numbers—really big numbers!15 RSA is based on prime numbers raised to large powers, which result in extremely large numbers.16 The numbers are so large that it takes a computer to add, subtract, multiply, and divide them. In fact, the larger the number, the better, because a code breaker must be able to find extremely large prime numbers just to start the process of cracking an RSA cipher. Prime numbers containing hundreds of digits are common, and primes with millions of digits are well known to the intelli- gence community.

RSA translates a series of plaintext words into a series of code words that look random (see Fig. 8.3). This makes it difficult for code breakers to analyze long sequences of code words using pattern-matching software to unravel the key. Instead of producing an intelligible pattern, pattern analysis produces random noise.

Algorithm 2 illustrates the RSA technique using December 7, 1941 (12/2/41), as an example of a message to be sent from Honolulu to Washington, DC. Honolulu uses Washington’s public key to encode, and Washington uses its own private key to decode. So 12/2/41 is encoded as {23, 13, 6} using Washington’s public key P = (55, 3). When Washington receives the ciphertext, it decodes {23, 13, 6} into (12, 7, 41) using its private key, V = (55, 27).

Honolulu does not know V, and so only Washington can decode the message. However, there are other private keys that can also decode the message. For example, V = (55, 67) also unscrambles the cipher. But nobody knows the exact values used in these other keys. Why?

Public key encryption cleverly uses the one-way property of modulo arithmetic. Its strength is based on the (large) size of keys, which are large prime numbers. While these are not difficult to compute, there are so many of them with hun- dreds of digits that it takes a long time to crack.

15Public key encryption uses numbers in excess of 200 digits long! 16A prime number is a positive number that is divisible by one and itself, only. Prime numbers can be found by computerized mathematical sieve techniques that take time proportional to the size of the prime number.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

ASymmETRIC EnCRyPTIon 155

C ip

he rt

ex t w

or d

0 1 4 7 10 13 16 19 22 25 28

Plaintext

Ciphertext word vs. Plaintext

31 34 37 40 43 46 49 52 55

fIgure 8.3 RSA encryption produces a seemingly random stream of code words from plaintext. The code words were produced from the public key P = (55, 3).

algorIthm 8.2 rsa encryPtIon

let a public key P be a pair of integers (n, e), and a private key V be a pair (n, d).

The public and private keys share, n = p × q, where p and q are randomly chosen primes.

make sure that n is larger than the largest plaintext character you want to encode.

To encrypt a plaintext character m:

Encode where is the m dulo functionm m modne( ) = , mod o

To decrypt a ciphertext character c:

Decode c c modnd( ) =

How are the numbers n, e, and d in P:(n, e) and V:(n, d) found?

1. Select large prime numbers p and q at random.

2. Calculate the product n = p × q.

3. Choose a number e such that:

e is less than n.

e has no factors in common with either (p − 1) or (q − 1).

4. Find d such that e × d mod (p − 1) × (q − 1) = 1. on way to find d is to search for values of k and d that make this true: e × d = 1 + k (p − 1) × (q − 1) for some k > 1.

The mod operation is simply the remainder of a/b after division. For example, if a = 8 and b = 5, a/b = 8/5 = 1 with a remainder of 3. Therefore, 8 mod 5 = 3.

Here is an example. We want to send a secret message containing the date December 7, 1941—the three plain- text words {12, 7, 41}—from Honolulu to Washington, DC, using p = 5 and q = 11, n = 55, which is large enough to encrypt plaintext words ranging from 0 to 54. Using the algorithm above, we select e less than 55 and make sure it has no factors in common with either (p − 1) = 4 or (q − 1) = 10. note that (p − 1) × (q − 1) = 4 × 10 = 40. The number e must be prime relative to 40. Suppose e = 3, which satisfies this requirement (as does many other numbers such as 7 and 11). Because p × q = 5 × 11 = 55, the public key is P = (55, 3), which the sender in Honolulu uses to encrypt plaintext {12, 7, 41} into {23, 13, 6} as follows:

Ciphertext word 1 = 123 mod 55 = 1728 mod 55 = 31 with remainder 23.

Ciphertext word 2 = 73 mod 55 = 343 mod 55 = 6 with remainder 13

Ciphertext word 3 = 413 mod 55 = 68,921 mod 55 = 1253 with remainder 6.

now, we need a public key V = (55, d), where d satisfies the requirement (e × d) mod 40, which is the same as saying e × d = 1 + 40 × k for some k. We have already chosen e = 3, so we want to find a, d, and k such that

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

156 InFoRmATIon TECHnology

8.6 rsa IllustrateD

The following illustrates the RSA encryption of Algorithm 2 as shown in Figure 8.4. given two prime numbers, p and q, and a plaintext message such as “now is the time,” RSA cal- culates a public and private key, encodes the plaintext mes- sage using the public key, and then decodes the cipher using the private key. Keyboard characters are converted into numerical equivalents, numerically processed, and then con- verted back into alphanumeric characters as needed.

For example, to encrypt a plaintext character m:

Encode where is the modulo function

and

m m modn

n pq

e( ) = =

, mod ,

Inversely, to decrypt a ciphertext character c:

Decode where satisfies

for some

c c modn d ed

k p q k

d( ) = = + − −( ) − −( )

1 1 1

The RSA algorithm finds the smallest k and d that produces a satisfactory d. Figure 8.4 displays the numerical value of code words (encrypted plaintext characters) versus the alphanumeric plaintext characters “0” through “9,” “A” through “Z,” and “a” through “z.” note that each public key (p, q, e) produces a different graphical display, but they all look random. Also note that each private key (p, q, d) pro- duces the same result—they all correctly decode the cipher. only the public key determines the cipher. The private key simply decodes the cipher, returning it back to its original plaintext.

Inputs: Prime p, q

Graph: Numerical codewords

Vs. Alphanumeric characters

Public Key e Public Key d

Output: Public key Encoding

Input: Plaintext message

Output: Private Key Decoding

fIgure 8.4 Screen display showing “randomized” ciphertext output from the RSA algorithm.

3 × d = 1 + 40 × k. The smallest value is d = 27, for k = 2. (Check: 3 × 27 = 1 + 40 × 2 = 81). Thus, Washington’s private key is V = (55, 27).

Washington, DC, receives the cipher containing code words {23, 13, 6} and uses its private key V = (55, 27) to reverse the encryption, transforming each code word back into plaintext as follows:

Plaintext word 1 = 2327 mod 55 = 12

Plaintext word 2 = 1327 mod 55 = 7

Plaintext word 3 = 627 mod 55 = 41

Computing large numbers such as 2327 can tax even the most capable computer, so we take advantage of the fact that 27 = 3 × 3 × 3 and 2327 = ((233)3)3. At each step in the calculation, we can apply the mod function to reduce the size of the number. Therefore, 2327 mod 55 = ((233)3)3 mod 55 = (12,167 mod (55)3)3 mod 55 = ((12)3)3 mod 55 = (1,728 mod 55)3 mod 55 = (23)3 mod 55 = 121,677 mod 55 = 12. If we keep reducing the number modulo 55 after each expo- nentiation, the intermediate result never gets too large.

note that the choice of private key exponent, d, is arbi- trary, except that it must be relatively prime to (p − 1) × (q − 1). We used d = 27, but d = 67 is also relatively prime to 40, because there are no factors of 67 that are also factors of 40. (Actually, 67 is a prime.) If we used the private key V = (55, 67), we would get the same result: {12, 7, 41}. There are many private keys that decrypt messages produced by P = (55, 3). Does this weaken the cipher?

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

PKI 157

8.7 PKI

The following is a superficial introduction to the vast and complex topic of PKI. Some accuracy will be sacrificed in favor of simplicity. The foundation of TP in cybersecurity is public key encryption, which is only as good as the public and private keys used to encrypt and decrypt messages. Thus, secure key management becomes critical. Hackers and crackers will try to break into a system and steal passwords, for example. If the attacker unravels the encryption key, all passwords will be exposed. Cracked password files give attackers access to bank accounts and critical databases, for example.

PKI combines encryption, key management, and user authentication into a comprehensive system for implement- ing TP and TCB. It enables users who do not know each other, and perhaps may never meet in reality, to trust one another in cyberspace. PKI defines the way users exchange mutual trust regardless of their location in the global Internet.

PKI has to manage authentication, privileges, keys, and secrecy. In addition, PKI has to be standardized so that authentication, privileges, keys, and secrecy can be exchanged among different systems. Standardization is a critical element of PKI.

Two IETF working groups—PKIX (PKI X.509) and simple PKI (SPKI)—continue the process of developing PKI standards. Some of the more important RFCs related to PKI are:

RFC 2401 (Security Architecture for the Internet Protocol, november 1998)

RFC 2437 (PKCS #1: RSA Cryptography Specifications Version 2.0, october 1998)

RFC 2527 (Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, march 1999)

RFC 2692 (SPKI Requirements, September 1999)

RFC 2693 (SPKI Certificate Theory, September 1999)

RFC 2898 (PKCS #5: Password-Based Cryptography Specification Version 2.0, September 2000)

8.7.1 Definition of PKI

PKI has been defined in a number of ways, but the following definition was selected because of its simplicity:

A public-key infrastructure (PKI) is a full system for cre- ating and managing public keys used for encrypting data and exchanging those keys among users. A PKI is a complete system for managing keys that includes policies and working procedures. PKI is about distributing keys in a secure way. Whitfield Diffie and martin Hellman developed the concept of asymmetric public-key cryptography in 1976, but it was

RSA (Rivest, Shamir, Adleman) Data Systems that turned it into a workable and commercial system. Today, RSA is the most popular public-key scheme.17

The PKI system described above includes the management of certificates—permissions or privileges shared by a sender and receiver of documents—the management of encryption, and the management of authentication. Therefore, it is more comprehensive than simple encryption or simple authentica- tion. When combined with Xml, PKI is called XKI and usu- ally incorporates log-in and password authentication services as well as certificate services.18

The goals of PKI are:

• Authentication: PKI assures that the sender is whom he or she claims. This is done by a combination of public key encryption and the use of certificates.

• Integrity: PKI guarantees the integrity of the message, for example, that an intermediary has not modified the message during transit.

• Confidentiality: PKI assures the message is decodable only by the intended recipient. Encrypting the mes- sage and authenticating the recipient guarantees confidentiality.

• Nonrepudiation: PKI assures that verified parties signed the message. This is implemented in PKI by authenticating the users and trusting the certificate authorities. Therefore, PKI guarantees that both parties cannot disavow or deny involvement with the transac- tion. This is achieved by attaching the private keys of the sender (receiver) to the message.

In the following, we illustrate how a typical PKI system works and how each goal above is met by public key encryption.

8.7.2 certificates

Certificates are tickets for communicating trust. like a pass- port or birth certificate, X.509 certificates have become the ad hoc standard for exchanging trust over the Internet. The assumption underlying certificates is that they emanate from a trusted source—the so-called CAs. Ultimate trust is based on a root authority that says you are who you say you are and that you have the privileges stated on your certificate.

X.509 certificates are created by a CA, that is, a trusted lDAP server or trusted third party. minimally, they contain the identities and keys of the parties that want to enter into a trusted relationship. For example, the following certificate

17http://www.linktionary.com/p/pki.html 18Defining boundaries between lDAP directories, authentication, and PKI is a moving target because these technologies appear to be merging into a comprehensive system of security.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

158 InFoRmATIon TECHnology

contains the identity and public keys of Alice and Bob, two users who want to enter into a trusted relationship:

Real name Username Public key

Alice A Public (3, 3233) Bob B Public (17, 6345)

For simplicity, assume Alice’s username is A and Bob’s username is B. The certificate contains other information, but this simple example will be sufficient to illustrate how PKI works.

Figure 8.5 illustrates how PKI works. Alice (working within her TCB) sends a message to Bob (working within his TCB) through a TP established by encryption, authentica- tion, and certificates. The process is started by Alice, who obtains Bob’s public key from her CA, signs the message labeled msg_to_Bob, encrypts it, and sends it to Bob. The CA can be an lDAP server where certificates like the one above are stored and served up whenever the TCB needs to transfer trust from one user to another.

next, Alice digitally signs her message and encodes her signature using her private key, so only she can unlock her signature. This guarantees that only Alice has signed the message. She then appends her public key to the encoded message so that Bob can verify that she sent the message. A digital signature is an electronic code that authenticates the identity of the sender of a message or the signer of a docu- ment and possibly ensures that the original content of the message or document is unchanged. By using her private

key, Alice can determine that the message was actually cre- ated and sent by her, because only she knows her private key.

In the final step, Alice uses Bob’s public key to encrypt msg_to_Bob and then sends the encrypted and signed mes- sage to Bob. This message contains the original message content, Alice’s digital signature and Alice’s public key, all encrypted using Bob’s public key. By using Bob’s public key to encrypt the whole package, only Bob can decode it, and therefore, only Bob and Alice know what was sent. This assures privacy. By including Alice’s digital signature, only Alice could have sent the message, because only Alice knows her private key. And by including Alice’s public key, Bob can verify that Alice is the sender. Bob knows the mes- sage came from Alice because she is an authenticated user. Alice knows she is the author of the message because her private key is embedded, and both know the message has not been tampered with because it is encrypted.

At the other end, Bob receives the encrypted msg_to_ Bob from Alice. He looks up her identity from the CA, and it returns a certificate containing Alice’s public key. Bob uses his private key to decode the message, which also con- tains Alice’s public key. He verifies that this message actu- ally came from Alice by comparing the public key obtained from the CA with the public key decoded from msg_to_Bob. If Alice tries to repudiate that she sent the message, she will have a difficult time, because her private key was used to encrypt the signature. only she could have done this.

The only way someone besides Bob and Alice could have sent or received the message is if someone stole their private keys. Certificates guarantee that Bob and Alice are who they say they are; RSA encryption guarantees security; privacy

Certificate Authority (CA)

Bob’s Public Key

Alice Sends Msg_to_Bob

Alice’s Public Key

1. Alice gets Bob’s Public Key from CA.

2. Alice signs Msg_to_Bob using her

Private key.

3. Alice encrypts her signed Msg_to_Bob

using his Public key.

1. Bob gets Alice’s Public Key from CA.

2. Bob decodes Msg_to_Bob using his

Private Key.

3. Bob authenticates Alice’s identity using

her Public Key

Msg_to_Bob

Bob Receives Msg_to_Bob

fIgure 8.5 An example of PKI: Alice sends msg_to_Bob to Bob. Issuing certificates and encrypting the message using the RSA algorithm establish a TP.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

CoUnTERmEASURES 159

and enforceability is assured by certificates and CAs; and nonrepudiation is assured by digital signatures.

PKI establishes TP. If implemented correctly, PKI assures a TCB. But if the CA is cracked, PKI cannot guarantee secu- rity, privacy, enforceability, or nonrepudiation. Therefore, it is critically important that keys be protected, that CAs be secure, and that the RSA algorithm never be cracked.

CAs are hierarchical directories that vouch for one another. At the highest level within the hierarchy—the root CA—certificates are signed by the root CA, itself. That is, the root CA vouches for itself. The top-level CAs use digital signatures and certificates to vouch for sublevel CAs. Thus, trust is passed down from a root CA to sublevel CAs. Certificates are signed by trusted CAs using the trusted CAs private key and authenticated using the recipient’s public key, just like any other message. Remember, public keys are used to encrypt, and private keys to decrypt. Thus, a CA encrypts each certificate using the user’s public key. The user decrypts the certificate using his or her private key. The certificate can be verified just like any other message.

8.8 countermeasures

What countermeasures should an enterprise system use to assure cybersecurity? Table 8.2 contains a list of typical countermeasures for the vulnerabilities described in this and the previous chapters. In general, countermeasures consist of:

• Providing backup to power and telecommunication services.

• Installing and operating at least one IDS.

• Installing and operating at least one firewall.

• Installing and updating vender-released software patches.

• Encrypting password files and periodically updating passwords.

• Performing frequent backups.

• managing ports, especially dial-up modem ports.

• Using symmetric and asymmetric encryption to achieve desired level of security. Security can be achieved in layers: HTTPS/SSl at the low end and full PKI at the high end. 3DES/AES can be used where appropriate.

Cybersecurity is a trade-off between expense, effort, incon- venience, and privacy, security, and target hardening. Strong encryption protects the Internet from attack, but it also pro- tects the terrorist and hacker. Surveillance infringes on pri- vacy, but it is also a weapon in the global War on Terrorism. High-assurance systems may be secure, but users are inconvenienced and productivity suffers. Cybersecurity is a balancing act.

Richard Pethia, Director of CERT, gave the following tes- timony before the subcommittee of the U.S. House in 2003:

The current state of Internet security is cause for concern. Vulnerabilities associated with the Internet put users at risk. Security measures that were appropriate for mainframe com- puters and small, well-defined networks inside an organization are not effective for the Internet, a complex, dynamic world of interconnected networks with no clear boundaries and no central control. Security issues are often not well understood and are rarely given high priority by many software devel- opers, vendors, network managers, or consumers. [5]19

table 8.2 sample countermeasures to vulnerabilities typically found in enterprise systems

Vulnerability Countermeasure

Power failure Install backup power supply Telecom failure Buy redundant telecom service Syn attack Install IDS

Install firewall: filter ports no IDS Install IDS Break-in Install IDS

Install firewall: filter ports Install latest patches

Clear password file Encrypt password files no backup Do periodic backups no firewall filter Install firewall: filter ports no antivirus SW on desktop Install patches

Install antivirus SW Clear Xml/HTml Install HTTPS/SSl

Install PKI/VPn Clear browser use Time out inactive sessions Password not changed Change password periodically War dialing Close modem ports no HTTPS/SSl Install HTTPS/SSl Browser session open Time out inactive sessions Weak encryption Install 3DES or AES

Install PKI Weak lDAP in applications Install lDAP directory

modify applications Buffer overflow Install patches

Update patches Weak oS patches Update patches

Install IDS Install firewall: filter ports

open Wi-Fi ports Install IDS Install firewall: filter ports Encrypt Wi-Fi sessions Authenticate Wi-Fi users

open modem Close dial-up modems or use VPn open FTP ports Close FTP or filter ports Firewall filter off Turn on firewall filtering

19 Testimony given before the House Select Committee on Homeland Security Subcommittee on Cybersecurity, Science, and Research and Development, June 25, 2003. Available at http://www.globalsecurity.org/ security/library/congress/2003_h/06-25-03_cybersecurity.pdf

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

160 InFoRmATIon TECHnology

Pethia goes on to list the following general vulnerabilities of cyberspace:

• other critical infrastructures are becoming increasingly dependent on the Internet and are vulnerable to Internet- based attacks.

• Cyberspace and physical space are becoming one. The growing links between cyberspace and physical space are being exploited by individuals bent on causing mas- sive disruption and physical damage.

• System administration and management is often being performed by people who do not have the training, skill, resources, or interest needed to operate their sys- tems securely.

• Users often lack adequate knowledge about their net- work and security. Thus, misconfigured or outdated operating systems, mail programs, and websites result in vulnerabilities that intruders can exploit. A single naive user with an easy-to-guess password can put an entire organization at risk.

• Product security is not getting better: developers are not devoting sufficient effort to apply lessons learned about the sources of vulnerabilities. In 1995, CERT received an average of 35 new reports each quarter, 140 for the year. By 2002, the number of annual reports received had skyrocketed to over 4000. Vendors concentrate on time to market, often minimizing that time by placing a low priority on security features.

• It is often difficult to configure and operate many prod- ucts securely.

• There is increased reliance on “silver bullet” solutions, such as firewalls and encryption, lulling organizations into a false sense of security. The security situation must be constantly monitored as technology changes and new exploitation techniques are discovered.

• Compared with other critical infrastructures, the Internet seems to be a virtual breeding ground for attackers. Unfortunately, Internet attacks in general, and denial-of-service attacks in particular, remain easy to accomplish, hard to trace, and a low risk to the attacker. Technically, competent intruders duplicate and share their programs and information at little cost, thus enabling novice intruders to do the same damage as the experts. In addition to being easy and cheap, Internet attacks can be quick. In a matter of seconds, intruders can break into a system; hide evidence of the break-in; install their programs, leaving a “backdoor” so they can easily return to the now-compromised system; and begin launching attacks at other sites.

• Attackers can lie about their identity and location on the network. Senders provide their return address, but they can lie about it. most of the Internet is designed merely to forward packets one step closer to their destination

with no attempt to make a record of their source. There is not even a “postmark” to indicate generally where a packet originated. It requires close cooperation among sites and up-to-date equipment to trace malicious packets during an attack. moreover, the Internet is designed to allow packets to flow easily across geographical, administrative, and political boundaries. Consequently, cooperation in tracing a single attack may involve mul- tiple organizations and jurisdictions, most of which are not directly affected by the attack and may have little incentive to invest time and resources in the effort. This means that it is easy for an adversary to use a foreign site to launch attacks at U.S. systems. The attacker enjoys the added safety of the need for international coopera- tion in order to trace the attack, compounded by imped- iments to legal investigations. We have seen U.S.-based attacks on U.S. sites gain this safety by first breaking into one or more non-U.S. sites before coming back to attack the desired target in the United States.

• There is often a lack of unambiguous or firmly enforced organizational security policies and regulations.

• There is a lack of well-defined security roles and responsibilities or enforcement of accountability in many organizations, including failure to account for security when outsourcing IT services and provide security awareness training for all levels of staff, non- existent or weak password management, and poor physical security leading to open access to important computers and network devices.

• other practices lead to: ❍ Weak configuration management that leads to

vulnerable configuration ❍ Weak authentication practices that allow attackers to

masquerade as valid system users ❍ lack of vulnerability management practices that

require system administrators to quickly correct important vulnerabilities

❍ Failure to use strong encryption when transmitting sensitive information over the network

❍ lack of monitoring and auditing practices that can detect attacker behavior before damage is done

Finally, Pethia recommends the following remedies and actions:

• Incentives for vendors to produce higher-quality IT products with security mechanisms that are better matched to the knowledge, skills, and abilities of today’s system managers, administrators, and users. For example: ❍ Vendors should ship their products with “out of the

box” configurations that have security options turned on rather than require users to turn them on.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

EXERCISES 161

❍ The government should use its buying power to demand higher-quality software. The government should con- sider upgrading its contracting processes to include “code integrity” clauses, clauses that hold vendors more accountable for defects in released products.

• Wider adoption of risk analysis and risk management policies and practices that help organizations identify their critical security needs, assess their operations and systems against those needs, and implement secu- rity improvements identified through the assessment process. What is often missing today is management commitment: senior management’s visible endorse- ment of security improvement efforts and the provi- sion of the resources needed to implement the required improvements.

• Expanded research programs that lead to fundamental advances in computer security. For example: ❍ make software virus resistant/virus proof. ❍ Reduce implementation errors by at least two orders

of magnitude. ❍ Develop a unified and integrated framework for all

information assurance analysis and design. ❍ Invent rigorous methods to assess and manage the

risks imposed by threats to information assets. ❍ Develop quantitative techniques to determine the

cost/benefit of risk mitigation strategies. ❍ Develop methods and simulation tools to analyze

cascade effects of attacks, accidents, and failures across interdependent systems.

❍ Develop new technologies for resisting attacks and for recognizing and recovering from attacks, acci- dents, and failures.

• Increase the number of technical specialists who have the skills needed to secure large, complex systems.

• Increase awareness and understanding of cybersecurity issues, vulnerabilities, and threats by all stakeholders in cyberspace. For example, children should learn early about acceptable and unacceptable behavior when they begin using computers just as they are taught about acceptable and unacceptable behavior when they begin using libraries.

8.9 eXercIses

1. Which of the following is NOT in the IEEE X509 standard? a. Password standard b. Integrity of information c. Confidentiality of information d. nonrepudiation of ownership e. Authentication of users

2. A secure link between user and system is defined as (select only one): a. VPn b. PKI c. TCB d. Trusted path e. Certificate

3. A TCB is defined as: a. The country’s best yogurt b. An example of an Internet threat c. A mechanism for enforcing minimal security d. A malicious program that travels via the Internet e. A protocol for ensuring authentic users

4. The DmZ enforces: a. Enterprise computing standards b. PKI standards c. X.509 standards d. Complete security e. A security policy

5. Which of the following guarantees a secure enterprise system? a. Passwords b. Biometrics c. PKI d. X.509 certificates e. none of the above

6. HTTPS/Sll is a protocol for: a. Serving X.509 certificates to users b. Authenticating users c. Encrypting communication between user and web server d. Encrypting credit card numbers e. Catching man-in-the-middle thieves

7. Tunneling is a technique used in: a. 3DES b. RSA c. PKI d. DmZ e. VPn

8. RSA is a type of: a. Asymmetric encryption b. Authentication c. Password d. Biometric e. VPn

9. An IDS is a special-purpose computer (or software) for: a. Checking passwords b. Preventing break-ins c. nonrepudiation detection d. Information assurance e. Detecting suspicious data transmission patterns

10. DES and triple-DES evolved out of a project known as: a. lucifer b. Hannibal

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed

162 InFoRmATIon TECHnology

c. Diffie–Hellman d. Zimmerman e. Rivest, Shamir, and Adleman

11. The strength of an encryption algorithm is measured by: a. The algorithm b. The AES standard c. The number of bits in its keys d. The secrecy of its algorithm e. FIPS compliance

12. Public keys are stored in: a. Personal computer address books b. Certificate authorities c. Internet DnS d. nSA servers e. Autonomous systems

13. A proxy server is often used to: a. Increase efficiency b. Decrease the cost of an enterprise system c. Enforce PKI security d. Block unauthorized users e. Deflect DoS attacks

14. The heart of user authentication is a server called: a. lDAP server b. Email server c. Certificate authority d. RSA encryption e. HTTPS/SSl

15. In the example of Alice sending a message to Bob, what mechanism ensures nonrepudiation? a. The public key. b. The certificate. c. Alice’s private key is in the message. d. Bob’s private key is in the message. e. Alice’s public key is in the certificate.

references

[1] Daemen, J. and Rijmen, V. AES Proposal: Rijndael, AES Algorithm Submission, September 3, 1999. Available at http:// www.nist.gov/CryptoToolkit. Accessed June 29, 2014.

[2] Diffie, W. and Hellman, m. new Directions in Cryptography, IEEE Transactions on Information Theory, 22, 6, november 1976, pp. 644–654.

[3] gimon, C. The Phil Zimmerman Case, February 1995. Available at http://www.skypoint.com/members/gimonca/ philzima.html. Accessed June 29, 2014.

[4] Rivest, R. l., Shamir, A., and Adleman, l. on Digital Signatures and Public Key Cryptosystems. MIT Laboratory for Computer Science Technical Memorandum, April 1977, pp. 82.

[5] Pethia, R. D. Cyber Security—growing Risk from growing Vulnerability. CERT, Software Engineering Institute, Carnegie mellon University, Pittsburgh, PA, June 25, 2003, pp. 1–10.

C op

yr ig

ht ©

2 01

4. J

oh n

W ile

y &

S on

s, In

co rp

or at

ed . A

ll rig

ht s

re se

rv ed