Unit 5
Unit 5
Unit 5
PGP has grown explosively and is now widely used. A number of reasons
can be cited for this growth.
Operational description
The actual operation of PGP consists of five services: authentication,
confidentiality, compression, e-mail compatibility and segmentation.
1. Authentication
§ The hash code is encrypted with RSA using the sender‟sprivatek yands
private key and the result is prepended to the message
§ The receiver uses RSA with the sender‟sprivatek yands public key to
decrypt and recover the hash code.
2. Confidentiality
Confidentiality is provided by encrypting messages to be transmitted or to be
stored locally as files. In both cases, the conventional encryption algorithm
CAST-128 may be used. The 64-bit cipher feedback (CFB) mode is used.
In PGP, each conventional key is used only once. That is, a new key is
generated as a random 128-bit number for each message. Thus although
this is referred to as a session key, it is in reality a one time key. To
protect the key, it is encrypted with the receiver‟sprivatek yands public key.
The session key is encrypted with RSA, using the receiver‟sprivatek yands public key and is
prepended to the message.
The receiver uses RSA with its private key to decrypt and recover
the session key. The session key is used to decrypt the message.
Confidentiality and authentication
Here both services may be used for the same message. First, a signature is
generated for the plaintext message and prepended to the message. Then the
plaintext plus the signature is encrypted using CAST-128 and the session key
is encrypted using RSA.
3. Compression
It is preferable to sign an uncompressed message so that one can store only the
uncompressed message together with the signature for future verification. If
one signed a compressed document, then it would be necessary either to store
a compressed version of the message for later verification or to recompress the
message when verification is required.
Even if one were willing to generate dynamically a recompressed message fro
verification, PGP‟s private key ands compression algorithm presents a difficulty. The algorithm
is not deterministic; various implementations of the algorithm achieve different
tradeoffs in running speed versus compression ratio and as a result, produce
different compression forms.
4. e-mail compatibility
Many electronic mail systems only permit the use of blocks consisting of
ASCII texts. To accommodate this restriction, PGP provides the service of
e.g., consider the 24-bit (3 octets) raw text sequence 00100011 01011100
10010001, we can express this input in block of 6-bits to produce 4 ASCII
characters.
keys is needed.
Each PGP entity must maintain a file of its own public/private key pairs
as well as a file of public keys of correspondents.
Each session key is associated with a single message and is used only for
the purpose of encryption and decryption of that message. Random 128-
bit numbers are generated using CAST-128 itself. The input to the
random number generator consists of a 128-bit key and two 64-bit
blocks that are treated as plaintext to be encrypted. Using cipher
feedback mode, the CAST-128 produces two 64-bit cipher text blocks,
which are concatenated tO
form the 128-bit session key. The plaintext input to CAST-128 is itself derived from a
stream of 128-bit randomized numbers. These numbers are based on the keystroke
input from the user.
2. Key identifiers
If multiple public/private key pair are used, then how does the recipient
know which of the public keys was used to encrypt the session key? One
simple solution would be to transmit the public key with the message
but, it is unnecessary wasteful of space. Another solution would be to
associate an identifier with each public key that is unique at least within
each user.
The solution adopted by PGP is to assign a key ID to each public key that
is, with very high probability, unique within a user ID. The key ID
associated with each public key consists of its least significant 64 bits.
i.e., the key ID of public key KUa is
Session key component – includes session key and the identifier of the recipient
public key.
3. Key rings
PGP provides a pair of data structures at each node, one to store the
public/private key pair owned by that node and one to store the public
keys of the other users known at that node. These data structures are
referred to as private key ring and public key ring.
3. The general structures of the private and public key rings are shown
Rings Signature trust field – indicates the degree to which this PGP user
Owner trust field – indicates the degree to which this public key is trusted to
sign other public key certificates.
PGP retrieves the sender‟sprivatekyands private key from the private key ring
using user ID as an index.
If user ID was not provided, the first private key from the ring is retrieved.
PGP retrieves the recipient‟sprivatekyands public key from the public key ring
using user ID as index.
PGP retrieves the receiver‟sprivatekyands private key from the private key ring,
using the key ID field in the session key component of the message
as an index.
PGP retrieves the sender‟sprivatekyands public key from the public key ring,
using the key ID field in the signature key component of the
message as an index.
PGP computes the message digest for the received message and compares it
to the transmitted message digest to authenticate.
S/MIME
2. SMTP cannot transmit text data that includes national language characters
because these are represented by 8-bit codes with values of 128 decimal or
higher, and SMTP is limited to 7-bit ASCII.
4. SMTP gateways that translate between ASCII and the character code EBCDIC
do not use a consistent set of mappings, resulting in translation problems.
5. SMTP gateways to X.400 electronic mail networks cannot handle nontextual data
included in
X.400 messages.
2. Overview
The MIME specification includes the following elements:
1. Five new message header fields are defined, which may be included in an
RFC 822 header. These fields provide information about the body of the
message.
3. Transfer encodings are defined that enable the conversion of any content
format into a form that is protected from alteration by the mail system.
In this subsection, we introduce the five message header fields. The next two
subsections deal with content formats and transfer encodings.
Content-Type: Describes the data contained in the body with sufficient detail
The bulk of the MIME specification is concerned with the definition of a variety
of content types. This reflects the need to provide standardized ways of dealing
with a wide variety of information representations in a multimedia
environment.
Below lists the content types specified in RFC 2046. There are seven different
major types of content and a total of 15 subtypes
For the text type of body, no special software is required to get the full meaning
of the text, aside from support of the indicated character set. The primary
subtype is plain text, which is simply a string of ASCII characters or ISO 8859
characters. The enriched subtype allows greater formatting flexibility. The
multipart type indicates that the body contains multiple, independent parts.
The Content-Type header field includes a parameter, called boundary, that
defines the delimiter between body parts.
The MIME standard defines two methods of encoding data. The Content-
Transfer-Encoding field can actually take on six values. For SMTP transfer, it is
safe to use the 7bit form. The 8bit and binary forms may be usable in other
mai transport contexts. Another Content-Transfer- Encoding value is x-token,
which indicates that some other encoding scheme is used, for which a name is
to be supplied. The two actual encoding schemes defined are quoted-printable
and base64.
The quoted-printable transfer encoding is useful when the data consists
largely of octets that correspond to printable ASCII characters. In
essence, it represents nonsafe characters by the hexadecimal
representation of their code and introduces reversible (soft) line breaks to
limit message lines to 76 characters.
Canonical Form
INTRUDERS
Intruder attacks range from the benign to the serious. At the benign end
of the scale, there are many people who simply wish to explore internets
and see what is out there. At the serious end are individuals who are
attempting to read privileged data, perform unauthorized modifications
to data, or disrupt the system. Benign intruders might be tolerable,
although they do consume resources and may slow performance for
legitimate users. However there is no way in advance to know whether an
intruder will be benign or malign.
An analysis of previous attack revealed that there were two levels of hackers:
· The high levels were sophisticated users with a thorough knowledge of the technology.
· The low levels were the „foot soldiers‟saceontrlxpigmaeusr‟cont. who merely use the supplied cracking
programs with little understanding of how they work.
one of the results of the growing awareness of the intruder problem has been
the establishment of a number of Computer Emergency Response Teams
(CERT). these co-operative ventures collect information about system
vulnerabilities and disseminate it to systems managers. Unfortunately, hackers
can also gain access to CERT reports.
· Access control – access to the password file is limited to one or a very few accounts.
· Try default passwords used with standard accounts that are shipped with the
system.
Many administrators do not bother to change these defaults.
· Collect information about users such as their full names, the name of
their spouse and children, pictures in their office and books in their office
that are related to hobbies.
· Try user‟saceontrlxpigmaeusr‟cont.s phone number, social security numbers and room numbers.
· Tap the line between a remote user and the host system.
Figure 5.2.1 suggests, in very abstract terms, the nature of the task
confronting the designer of an intrusion detection system. Although the typical
behavior of an intruder differs from the typical behavior of an authorized user,
there is an overlap in these behaviors. Thus, a loose interpretation of intruder
behavior, which will catch more intruders, will also lead to a number of "false
positives," or authorized users identified as intruders. On the other hand,
an attempt to limit false positives by a tight interpretation of intruder behavior
will lead to an increase in false negatives, or intruders not identified as
intruders. Thus, there is an element of compromise and art in the practice of
intrusion detection.
1. The approaches to intrusion detection:
Audit Records
A fundamental tool for intrusion detection is the audit record. Some record of
ongoing activity by users must be maintained as input to an intrusion
detection system. Basically, two plans are used:
of users.
issued by Smith to copy an executable file GAME from the current directory to
the <Library> directory. The following audit records may be generated:
In this case, the copy is aborted because Smith does not have write permission to
<Library>. The decomposition of a user operation into elementary actions has three
advantages:
Because objects are the protectable entities in a system, the use of elementary
actions enables an audit of all behavior affecting an object. Thus, the system
can detect attempted subversions of access
Single-object, single-action audit records simplify the model and the implementation.
As was mentioned, statistical anomaly detection techniques fall into two broad
categories: threshold detection and profile-based systems. Threshold
detection involves counting the number of occurrences of a specific event
type over an interval of time. If the count surpasses what is considered a
reasonable number that one might expect to occur, then intrusion is assumed.
o Users who log in after hours often access the same files they used earlier.
o Users should not be logged in more than once to the same system.
One or more nodes in the network will serve as collection and analysis
points for the data from the systems on the network. Thus, either raw
audit data or summary data must be transmitted across the network.
Therefore, there is a requirement to assure the integrity and
confidentiality of these data.
Below figure shows the overall architecture, which consists of three main components:
· Central manager module: Receives reports from LAN monitor and host
agents and processes and correlates these reports to detect intrusion.
The scheme is designed to be independent of any operating system or system
auditing implementation.
4 Honeypots
· encourage the attacker to stay on the system long enough for administrators to
respond
These systems are filled with fabricated information designed to appear valuable
but that a legitimate user of the system wouldn't access. Thus, any access to the
honeypot is suspect.
1. Password Protection
· This is converted into a 56-bit value (using 7-bit ASCII) that serves as the
key input to an encryption routine.
· Typically, this value is related to the time at which the password is assigned to the
user.
· The modified DES algorithm is exercised with a data input consisting of a 64-bit block
of zeros.
· The output of the algorithm then serves as input for a second encryption.
· It prevents duplicate passwords from being visible in the password file. Even
if two users choose the same password, those passwords will be assigned at
different times. Hence, the "extended" passwords of the two users will differ.
· It effectively increases the length of the password without requiring the user
to remember two additional characters.
When a user attempts to log on to a UNIX system, the user provides an ID and
a password. The operating system uses the ID to index into the password file
and retrieve the plaintext salt and the encrypted password. The salt and user-
supplied password are used as input to the encryption routine. If the result
matches the stored value, the password is accepted.The encryption routine is
designed to discourage guessing attacks. Software implementations of DES
are slow compared to hardware versions, and the use of 25 iterations
multiplies the time required by 25.
Thus, there are two threats to the UNIX password scheme. First, a user can
gain access on a machine using a guest account or by some other means and
then run a password guessing program, called a password cracker, on that
machine.
As an example, a password cracker was reported on the Internet in
August 1993. Using a Thinking Machines Corporation parallel computer,
a performance of 1560 encryptions per second per vector unit was
achieved. With four vector units per processing node (a standard
configuration), this works out to 800,000 encryptions per second on a
128-node machine (which is a modest size) and 6.4 million encryptions
per second on a 1024-node machine.
Password length is only part of the problem. Many people, when permitted to
choose their own password, pick a password that is guessable, such as their
own name, their street name, a common dictionary word, and so forth. This
makes the job of password cracking straightforward.
Following strategy was used:
Try the user's name, initials, account name, and other relevant personal
information. In all, 130 different permutations for each user were tried.
3. Access Control
· Computer-generated passwords
Users can be told the importance of using hard-to-guess passwords and can be
provided with guidelines for selecting strong passwords. This user education
strategy is unlikely to succeed at most installations, particularly where there is
a large user population or a lot of turnover. Many users will simply ignore the
guidelines
The first approach is a simple system for rule enforcement. For example, the
following rules could be enforced:
· All passwords must be at least eight characters long.
· In the first eight characters, the passwords must include at least one each of
uppercase, lowercase, numeric digits, and punctuation marks. These rules
could be coupled with advice to the user. Although this approach is superior to
simply educating users, it may not be sufficient to thwart password crackers.
This scheme alerts crackers as to which passwords not to try but may still
make it possible to do password cracking.
· Time: The time required to search a large dictionary may itself be large
2. For each bigram ij, calculate f(i, j,∞) as the total number of trigrams beginning
with ij. For example, f(a, b,∞) would be the total number of trigrams of the form
aba, abb, abc, and so on.
where
Xj = jth word in password dictionary
D = number of words in password dictionary
· For each password, its k hash values are calculated, and the corresponding
bits in the hash table are set to 1. Thus, if Hi(Xj) = 67 for some (i, j), then the
sixty-seventh bit of the hash table is set to 1; if the bit already has the value 1,
it
remains at 1.
When a new password is presented to the checker, its k hash values are calculated. If all the
corresponding bits of the hash table are equal to 1, then the password is rejected
1. Malicious Programs
Malicious software can be divided into two categories:
those that need a host program, and those that are independent.
A virus can do anything that other programs do. The only difference is that it
attaches itself to another program and executes secretly when the host
program is run. Once a virus is executing, it can perform any function, such as
erasing files and programs.
During its lifetime, a typical virus goes through the following four phases:
· Dormant phase: The virus is idle. The virus will eventually be activated by
some event, such as a date, the presence of another program or file, or the
capacity of the disk exceeding some limit. Not all viruses have this stage.
· Propagation phase: The virus places an identical copy of itself into other
programs or into certain system areas on the disk. Each infected program will
now contain a clone of the virus, which will itself enter a propagation phase.
· Triggering phase: The virus is activated to perform the function for which it
was intended. As with the dormant phase, the triggering phase can be caused
by a variety of system events, including a count of the number of times that
this copy of the virus has made copies of itself.
3. Virus Structure
An infected program begins with the virus code and works as follows.
The first line of code is a jump to the main virus program. The second line is a
special marker that is used by the virus to determine whether or not a
potential victim program has already been infected with this virus.
When the program is invoked, control is immediately transferred to the main
virus program. The virus program first seeks out uninfected executable files
and infects them. Next, the virus may perform some action, usually detrimental
to the system.
This action could be performed every time the program is invoked, or it could
be a logic bomb that triggers only under certain conditions.
Finally, the virus transfers control to the original program. If the infection
phase of the program is reasonably rapid, a user is unlikely to notice any
difference between the execution of an infected and uninfected program.
A virus such as the one just described is easily detected because an infected
version of a program is longer than the corresponding uninfected one. A way to
thwart such a simple means of detecting a virus is to compress the executable
file so that both the infected and uninfected versions are of identical length..
The key lines in this virus are numbered. We assume that program P1 is
infected with the virus CV. When this program is invoked, control passes to its
virus, which performs the following steps:
1. For each uninfected file P2 that is found, the virus first compresses that
file to produce P'2, which is shorter than the original program by the size of
the virus.
2. A copy of the virus is prepended to the compressed program.
3. The compressed version of the original infected program, P'1, is uncompressed.
4. The uncompressed original program is executed.
In this example, the virus does nothing other than propagate. As in the
previous example, the virus may include a logic bomb.
4. Initial Infection
VIRUS COUNTERMEASURES
Antivirus Approaches
The ideal solution to the threat of viruses is prevention: The next best
approach is to be able to do the following:
· Identification: Once detection has been achieved, identify the specific virus
that has infected a program.
· Removal: Once the specific virus has been identified, remove all traces of the
virus from the infected program and restore it to its original state. Remove the
virus from all infected systems so that the disease cannot spread further.
Generic Decryption
Integrated mail systems: Systems such as Lotus Notes and Microsoft Outlook
make it very simple to send anything to anyone and to work with objects that
are received.
· Subscribers around the world receive regular antivirus updates that protect
them from the new virus.
The success of the digital immune system depends on the ability of the virus
analysis machine to detect new and innovative virus strains. By constantly
analyzing and monitoring the viruses found in the wild, it should be possible to
continually update the digital immune software to keep up with the threat.
Behavior-Blocking Software
· Scripting of e-mail and instant messaging clients to send executable content; and
DDoS attacks have been carried out by diverse threat actors, ranging from
individual criminal hackers to organized crime rings and government agencies.
In certain situations, often ones related to poor coding, missing patches or
generally unstable systems, even legitimate requests to target systems can
result in DDoS-like results.
Botnets can be comprised of almost any number of bots; botnets with tens or
hundreds of thousands of nodes have become increasingly common, and there
may not be an upper limit to their size. Once the botnet is assembled, the
attacker can use the traffic generated by the compromised devices to flood the
target domain and knock it offline.
Types of DDoS attacks
While it is clear that the target of a DDoS attack is a victim, there can be many
other victims in a typical DDoS attack, including the owners of the systems
used to execute the attack. Although the owners of infected computers are
typically unaware their systems have been compromised, they are nevertheless
likely to suffer a degradation of service during a DDoS attack.
While the things comprising the internet of things (IoT) may be useful to
legitimate users, in some cases, they are even more helpful to DDoS attackers.
The devices connected to IoT include any appliance into which some computing
and networking capacity has been built, and, all too often, these devices are
not designed with security in mind.
Devices connected to the IoT expose large attack surfaces and display minimal
attention to security best practices. For example, devices are often shipped
with hard-coded authentication credentials for system administration, making
it simple for attackers to log in to the devices. In some cases, the
authentication credentials cannot be changed. Devices also often ship without
the capability to upgrade or patch device software, further exposing them to
attacks that leverage well-known vulnerabilities.
Internet of things botnets are increasingly being used to wage massive DDoS
attacks. In 2016, the Mirai botnet was used to attack the domain name service
provider Dyn, based in Manchester, N.H.; attack volumes were measured at
over 600 Gbps. Another late 2016 attack unleashed on OVH, the French
hosting firm, peaked at more than 1 Tbps.
DDoS defense and prevention
DDoS attacks can create significant business risks with lasting effects.
Therefore, it is important for IT and security administrators and managers, as
well as their business executives, to understand the threats, vulnerabilities
and risks associated with DDoS attacks.
In addition, solid patch management practices, email phishing testing and user
awareness, and proactive network monitoring and alerting can help minimize
an organization's contribution to DDoS attacks across the internet.
Firewall characteristics:
· All traffic from inside to outside, and vice versa, must pass through the
firewall. This is achieved by physically blocking all access to the local network
except via the firewall.
· Various configurations are possible.
· Only authorized traffic, as defined by the local security policy, will be allowed to pass.
· Various types of firewalls are used, which implement various types of security
policies.
· The firewall itself is immune to penetration. This implies that use of a trusted
system with a secure operating system. This implies that use of a trusted
system with a secure operating system.
Four techniques that firewall use to control access and enforce the site‟sace ontrl expialgtmeusr‟acont.s
security policy is as follows:
1. Service control – determines the type of internet services that can be accessed,
inbound or outbound. The firewall may filter traffic on this basis of IP address
and TCP port number; may provide proxy software that receives and interprets
each service request before passing it on; or may host the server software itself,
such as web or mail service.
Capabilities of firewall
A firewall defines a single choke point that keeps unauthorized users out of the
protected network, prohibits potentially vulnerable services from entering or
leaving the network, and provides protection from various kinds of IP spoofing
and routing attacks.
A firewall provides a location for monitoring security related events. Audits and
alarms can be implemented on the firewall system.
A firewall is a convenient platform for several internet functions that are not
· The firewall cannot protect against attacks that bypass the firewall. Internal
systems may have dial-out capability to connect to an ISP. An internal LAN
may support a modem pool that provides dial-in capability for traveling
employees and telecommuters.
· The firewall does not protect against internal threats. The firewall does not
protect against internal threats, such as a disgruntled employee or an
employee who unwittingly cooperates with an external attacker.
Types of firewalls
· Packet filters
·
· Application-level gateways
·
· Circuit-level gateways
Application level gateways tend to be more secure than packet filters. It is easy
to log and audit all incoming traffic at the application level. A prime
disadvantage is the additional processing overhead on each connection.
5 Consequently, the fact that an IT product has been evaluated has meaning only
in the context of the security properties that were evaluated and the evaluation
methods that were used. Evaluation authorities are advised to carefully check the
products, properties and methods to determine that an evaluation will provide
meaningful results. Additionally, purchasers of evaluated products are advised to
carefully consider this context to determine whether the evaluated product is
useful and applicable to their specific situation and needs.
7 Certain topics, because they involve specialised techniques or because they are
somewhat peripheral to IT security, are considered to be outside the scope of the
CC. Some of these are identified below.
a) The CC does not contain security evaluation criteria pertaining to
administrative security measures not related directly to the IT security
functionality. However, it is recognised that
significant security can often be achieved through or supported by
administrative measures such as organisational, personnel, physical, and
procedural controls. Introduction Page 12 of 106 Version 3.1 April 2017
c) The CC does not address the evaluation methodology under which the
criteria should be applied. This methodology is given in the CEM.
d) The CC does not address the administrative and legal framework under
which the criteria may be applied by evaluation authorities. However, it is
expected that the CC will be used for evaluation purposes in the context of
such a framework.