copyright 2000 randy smith and the darden school do not ... · trusted third parties and provide...
TRANSCRIPT
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
1
DO NOT DISTRIBUTE
Tech Two – Security Threats and Countermeasures
• Threats• Firewall and Proxy Servers• Encryption• Dell Example• Assurance • Privacy
Should Dell Worry ? So we killed a few people, big deal
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
2
DO NOT DISTRIBUTE
Should Dell Worry ? Spiceworld go BOOM !
Should Dell Worry ? Starvin’ 4 Kevin
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
3
DO NOT DISTRIBUTE
Source: InformationWeek, July 12, 1999
Internet Security Threats
• Viruses– Recently:
– Melissa– Worm– LoveBug– GAZ Trojan
– Gain access to systems through email and infected documents
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
4
DO NOT DISTRIBUTE
Internet Security Threats
• Problem: Impersonation– Hacker tries to masquerade as E-Business partner
• Solution: Need to authenticate the E-Business partner with digital certificates
Hacker
Dell
?
Internet Security Threats
• Problem: Interception and modification of packets • Solution:
– Confidentiality - insure that that intercepted packets are not in readable form by using encryption
– Integrity – insure detection of modified packets by using digital signatures Dell
Hacker
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
5
DO NOT DISTRIBUTE
Internet Security Threats
• Problem: Denial of Service (DOS) Attacks – Flood servers with millions of messages– Send a malformed packet designed to crash the server
• Solution : Firewalls with packet filtering
History of DOS Attacks
Sept ’96 ISP Panix - 1000 Corporate Sites Down
Oct ’96 Vendors Revise Software to Plug
Nov ’99 CMU’s Computer Emergency Response Team (CERT) Warns of Planted DOS Tools
Feb 7 & 8, 2000 Massive Distributed Attacks on Yahoo, Buy.com, ebay, Amazon, CNN and e*Trade
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
6
DO NOT DISTRIBUTE
Distributed SYN Attacks
Slave Servers
Master Server
TCP “Syn Requests”
TCP “Syn ACKS”
Distributed “Ping”Attacks
Slave Servers
Master Server
Bounce Sites
PING Requests
Ping Responses
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
7
DO NOT DISTRIBUTE
Known Denial of Service (DOS) Tools
• Publicly available attack tools– Trin 00 and Tribal Flood Network - discovered Nov ’99– TFN2K , a NT version that encrypts its packets, Feb ‘00– Stachel-draht – German for barbed wire, Feb ’00
• Previous DOS tools directed attacks from one server• New versions use a master server to control large number
of slave servers that carry out the attack.• The slave servers owners’ systems have been seeded with
the attack software without their knowledge
Firewalls
• Defends the access point to the corporate intranet from the Internet– Attempts to stop unauthorized access from the Internet– May limit internal users’ access to certain Internet sites
YesFirewall
Control Access byPassword Authentication
No
bb
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
8
DO NOT DISTRIBUTE
Authentication
• Smart Cards – RSA SecurID, ActivCard, GemPlus• RF Token Devices - RSA SecurID Key Fob• Biometric Devices
– Fingerprint Scanners – Digital Personna, U.are U.– Iris/Retina Scanners – IriScan, Eyedentify – Face Geometry Recognition – BioNetrix– Voice Recognition – VeriVoice– Signature Verification – Cyber-Sign
IP Firewalls
• Attempts to control access to internal network by checking the IP addresses of in-bound packets
• Allows only packets with addresses of approved hosts to pass through
• Can be defeated by “spoofing”– Discovering an acceptable source IP address and placing in the
packets IPFirewall
IP Packets
Yes
No
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
9
DO NOT DISTRIBUTE
Proxy Servers
Used to hide internal internet addresses– Receives HTTP request from internal user– Replaces internal user’s internet address with a false IP
address and forwards on to specified host– Replaces false IP address and with internal user’s IP
address forwards on to the internal userHTTP
RequestRequest with
False IP Address
Response to False IP Address
HTTPResponse
Proxy Servers
Serve as intermediaries between outside users and internal systems– Outside user sends an request to access an intranet
system– Proxy server forwards request to application server– Proxy server receives response and sends to outside
user
Outside Request
Application Server
Response
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
10
DO NOT DISTRIBUTE
Encryption
• Encryption: Change message so that it cannot be understood even if intercepted– Plaintext – original message– Ciphertext – scrambled message used for transmission– Encryption and Decryption Method and Key
Plaintext Ciphertext Plaintext
CITI BHSH CITI
MethodKey
MethodKey
Transmitted
Encryption Decryption
Encryption
• Encryption Method and Key– Method’s algorithm: Add N letters– Key has a specific value: N = -1 – Method is publicly available– Key must be secretly held
Plaintext Ciphertext Plaintext
CITI BHSH CITI
MethodKey
Transmitted
Encryption
MethodKey
Decryption
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
11
DO NOT DISTRIBUTE
Encryption: Key Length
• Data Encryption Standard (DES) – Developed by US government 1977 - 56 bit Key
• Brute force attacks attempt to discover key by exhaustive search– Try all combinations
• Electronic Frontier Foundation – Built a 1,500 chip PC for $220,000– Was able to break DES
– 56 bit message in 56 hours– 64 bit message 34 days– But would take years for 128 bits
Single Key Encryption
• Data Encryption Standard - DES • Weaknesses:
– Need to distribute and keep key secret– All business partners need a different key
• Strength – Operates at high speed
Key A
Key BB
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
12
DO NOT DISTRIBUTE
Public Key Encryption Methods
• Different keys for encryption and decryption– Sender encrypts with receiver’s public key– Decryption with receiver’s private key– Only receiver can decrypt the encrypted message
Plaintext Ciphertext Plaintext
CITI CITI
Public Key Private Key
100101
DecryptionEncryption
Public Key Encryption
• Business partners have public and private key sets– Maintain secrecy of private key – key owner is the only
entity in the universe with access to this particular key– Freely distribute public key to everyone
PublicKey
PublicKey
PrivateKey
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
13
DO NOT DISTRIBUTE
Combining Public & Single Key
• Takes advantage of the strengths of both methods– A creates a single session key– Encrypt the session key with B’s Public Key– B decrypts the session key with its private key– Use the session key to encrypt messages sent in both
directions
Single Keyfor Session
Encryption with B’s Public KeyA B
Example
Advantages
Disadvantages
Secret Key System Public-key Cryptography Digital Envelope
DES
• Fast• Secure*
• Difficulty to distribute keys securely
• Administratively complex: each party needs a separate set of keys
*As long as you change keys frequently. Absolute security with one-time keys and keys longer than the message.
RSA
• Robust**• Reach: anyone can
communicate with you securely
• Only you have the private key
• Slow
**Very difficult to invert.
Combination
• Fast• Secure• Reach
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
14
DO NOT DISTRIBUTE
Key to Public-Key Encryption
• Based on “hard” mathematics• Very difficult to factor the product of two large
prime numbers• 3?7 = 21 is simple• ? ?? = 35 is simple• ? ?? = 873,652,880,631,…
Public Key Infrastructure (PKI)
• PKI is implemented by the companies that serve as trusted third parties and provide cryptography services– Certificate Authorities (CA) – The third parties that hold, distribute
and authenticate public keys – Certificates – Contain a company’s public key and other information
necessary to engage in secure E-Commerce with that company– Certificate Revocation Lists (CRL) – List of certificates that are no
longer valid – Providers
– Verisign (RSA spin -off) – CyberTrust (GTE)
– Digital Signatures - Sender can sign the document with their private key and receiver can verify both the identity of the sender and the integrity of the message using the sender’s public key
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
15
DO NOT DISTRIBUTE
Buying a Dell Online
• Secure Socket Layer - SSL• Secure HTTP - HTTPS
Request for Account #
and Password
Dell’sWebserver
Dell’sDatabase Server
SSL in Browser
Secure HTTP
Login Form &Dell’s Digital
Certificate
Buying a Dell Online
Web Server sends account login form and digital certificate to customer
YOUR PC with Browser
Dell’sWebserver
Dell’sDatabase Host
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
16
DO NOT DISTRIBUTE
Buying a Dell Online
• Customer’s browser verifies Dell’s Certificate and public key
YOUR PC with Browser
Dell’sWebserver
Dell’sDatabase Host
Certificate Authority’sWebserver
Buying a Dell Online
• Customer’s browser – uses SSL to generate a single key for this session– encrypts session key with Dell’s public key– sends encrypted session key to Dell
Dell’sWebserver
Dell’sDatabase Host
YOUR PC with Browser
Session
Key
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
17
DO NOT DISTRIBUTE
Buying a Dell Online
• Dell’s Web server uses the Dell private key to unlock the session key sent from customer
Dell’sWebserver
Dell’sDatabase Host
YOUR PC with Browser
Session
Key
Unlock session key with Dell’s private key
Buying a Dell Online
• Customer inputs account number and password information
• Browser encrypts customer information with session key
Dell’s Webserver Dell’sDatabase Host
YOUR PC with Browser
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
18
DO NOT DISTRIBUTE
Buying a Dell Online
• Customer browser sends the encrypted customer information to Dell’s Secure Server
Browser Using SSL
Dell’sWebserver
Dell’sDatabase Host
Encrypted Customer
Information
Buying a Dell Online
• Dell’s Web server uses the session key to decrypt the customer information
• Customer information sent to back-end database server for further processing.
C/SDatabase
Account #
Dell’sWebserver
Dell’sDatabase Host
YOUR PC with Browser
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
19
DO NOT DISTRIBUTE
Digital Signature
Message Digest
Document Document
17
Consumer Private Key
Digital Certificate/Public Key
Message Digest
17 17 = 17
Consumer Public Key
Virtual Private Networks - VPN
Access Point
Firewall Dropped Packets
DNS Server
Competitor
Foreign Government
Router
POPPOPMessageMessage POPPOP
“Bit Bucket”
SWTCHSWTCH
Eunet
UUNET
WorldCOM
NetCOM
Sprint
DNS Directory
DNS Directory
SWTCHSWTCH MessageMessage
Hackers Cannot Read Packets
Firewall
Message Encrypted Entire Route
Router
VPN VPN
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
20
DO NOT DISTRIBUTE
Privacy Statement - DoubleClick
What it says: "Abacus Online will maintain a database consisting of personally identifiable information about those Internet users who have received notice that their personal information will be used for online marketing purposes and associated with information about them available from other sources, and who have been offered the choice not to receive these tailored messages."
Source: Industry Standard March 13, 2000
Privacy Statement - DoubleClick
What a privacy expert says it means: "We have agreements with some popular Web sites under which they give to us information such as your name, address and e-mail address for inclusion in our database. We tie this information to a unique identifier that we've set on your computer and use it to track you and your activities at various other Web sites that we have contracts with. All this information is fed back into a profile we've created about you."
- Deirdre Mulligan, privacy counsel, Center for Democracy and Technology
Source: Industry Standard March 13, 2000
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
21
DO NOT DISTRIBUTE
Privacy Statement - DoubleClick
What the company says it means: "DoubleClick's policy is to only match online and offline information after consumers have been given notice that we're going to do it and the choice to opt out."
- Josh Isay, public policy director, DoubleClick
Source: Industry Standard March 13, 2000
Privacy Statement -iVillage
What it says: "You agree that iVillage may assign, sell, licenseor otherwise transfer to a third party your name, address, e-mail address, member name and any other personal information in connection with an assignment, sale, joint venture or other transfer or disposition of a portion or all of the assets or stock of iVillage or its affiliated entities."
Source: Industry Standard March 13, 2000
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
22
DO NOT DISTRIBUTE
Privacy Statement -iVillage
What a privacy expert says it means: "I hope this site is offering unusually valuable content, because users are likely topay a high price in personal privacy when they visit the site. What will the ultimate recipient of the personal information do with it? There's no way to predict that."
- David Sobel, general counsel, Electronic Privacy Information Center
Source: Industry Standard March 13, 2000
Privacy Statement -iVillage
What the company says it means: "We do not share personally identifiable information without our members' informed consent. ... We are looking proactively at ways to improve this key commitment to our members, including working with ... industry organizations dedicated to establishing best-of-breed privacy policies."
- Jason Stell, spokesman, iVillage
Source: Industry Standard March 13, 2000
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
23
DO NOT DISTRIBUTE
Privacy Statement -Microsoft
What it says: "Every registered customer has a unique personal profile. ... When you register, we create your profile, assign apersonal identification number, then send this personal identification number back to your hard drive in the form of a cookie, which is a very small bit of code. ... Even if you switch computers, you won't have to reregister – just use your e-mail address and password to identify yourself."
Source: Industry Standard March 13, 2000
Privacy Statement -Microsoft
What a privacy expert says it means: "Unique ID numbers destroy online anonymity. This was the reason why the Intel Pentium III, with its Processor Serial Number, was so controversial. Most users do not want their identities to be captured or to have 'unique personal profiles' created.”
– David Sobel
Source: Industry Standard March 13, 2000
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
24
DO NOT DISTRIBUTE
Privacy Statement -Microsoft
What the company says it means: "The convenience of having that ID in the cookie is that any personalization of the Microsoft.com site is available to anyone by coming to the site.No individual information is stored in the cookie or exposed on the site except to the person who submits the e-mail address and password."
- Richard Purcell, privacy director, Microsoft
Source: Industry Standard March 13, 2000
Privacy Statement -Barnesandnoble.com
What it says: "We do work with certain companies who, in conjunction with their own membership programs or rewards programs, require that we disclose purchasing information about their customers who visit the Barnesandnoble.com site through links from the partner sites. ... If you do not want us to disclose that information to the strategic partner, then you mus t contact them directly."
Source: Industry Standard March 13, 2000
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
25
DO NOT DISTRIBUTE
Privacy Statement -Barnesandnoble.com
What a privacy expert says it means: "These companies get a cut of the money spent by the people they send here. ... They require us to give them your name and e-mail address too but they should have notified you and gotten your permission to do so. We don't have a lot of leverage to make them change this policy, so if you want to complain, you should complain to them."
- Deirdre Mulligan
Source: Industry Standard March 13, 2000
Privacy Statement -Barnesandnoble.com
What the company says it means: "The information thatBarnesandnoble.com provides is limited to the identifier of the customer and the total amount of the purchase – never sharing the specifics of the purchase. ... In such cases, through their membership in such sites, the customers have consented to the information being shared in order for rebates to be paid."
- Carl Rosendorf, senior VP, Barnesandnoble.com
Source: Industry Standard March 13, 2000
Copyright 2000 Randy Smith and the Darden School
DO NOT DISTRIBUTE
26
DO NOT DISTRIBUTE
Wallet Companies
• Dash.com• Gator.com• Brodia.com• CyberCash – Instabuy• EntryPoint