Unit I
Unit I
Unit I
Syllabus
The Web Security, The Web Security Problem, Risk Analysis and Best Practices
Cryptography and the Web: Cryptography and Web Security, Working Cryptographic
Systems and Protocols, Legal Restrictions on Cryptography, Digital Identification.
1) Securing the web server and the data that is on it. You need to be sure that the server can
continue its operation, the information on the server is not modified without authorization,
and the information is only distributed to those individuals to whom you want it to be
distributed.
2) Securing information that travels between the web server and the user. You would like
to assure that information the user supplies to the web server (usernames, passwords,
financial information, etc.) cannot be read, modified, or destroyed by others. Many network
technologies are especially susceptible to eavesdropping, because information is broadcast
to every computer that is on the local area network.
3) Securing the user's own computer. You would like to have a way of assuring users that
information, data, or programs downloaded to their systems will not cause damage -
otherwise, they will be reluctant to use the service. You would also like to have a way of
assuring that information downloaded is controlled thereafter, in accordance with the user's
license agreement and/or copyright.
Along with all of these considerations, we may also have other requirements. For instance, in
some cases, we have the challenges of:
a. Devising and implementing a system for verifying the identity of users who connect to
the web server to view their bank statements, a process also known as authentication.
One approach to authentication involves implementing a system of usernames and
passwords, devising a technique for distributing the initial passwords to the users, and
creating a mechanism for users to securely change their passwords or obtain new
passwords when their old passwords are forgotten.
b. Analyzing the programs and scripts that operate the web site for flaws and
vulnerabilities (e.g., making sure that a web page that leads to the display of one user’s
account can’t be tricked into displaying the account of another user).
c. Providing for secure, off-site backup of user information.
d. Creating a secure logging and auditing facility that can be used for billing, conflict
resolution, and so-called “nonrepudiation”.
e. Balancing the load among multiple servers to protect against usage spikes and
hardware failures, and to provide responsive service.
f. Creating a second data center so that in the event of a disaster (e.g., an earthquake,
blizzard, explosion, or invasion from outer space) affecting the primary data center,
services will continue.
g. Providing for redundant Internet connections, using multiple service providers, to
minimize the chances that a service disruption on the Internet will prevent users from
reaching the web site.
h. Securing your Domain Name Service (DNS) service so that an attacker can’t change
the domain name to point to another organization’s server.
i. Protecting your billing records so customers will be charged accurately for services
rendered.
j. Creating a 24-hour Network Operations Center, or employing the services of an
outside monitoring organization, so that if there is a security incident the bank will be
able to respond to it in a timely fashion.
k. Providing for the physical security of your site and servers.
l. Providing adequate training for your personnel so they know what to do in an
emergency and can resist a social engineering attack.
1. Firstly, the computer itself needs to be protected using standard computer security
methods.
2. Secondly, special programs responsible for providing web services must be secured.
3. Lastly, it's essential to examine how the operating system and web service interact to
identify any unexpected issues that could jeopardize overall security.
Securing a server is complex because many web servers operate on versatile operating
systems like Unix or Windows NT. There's a potential risk where the web server can exploit
weaknesses in the host computer's security. Additionally, vulnerabilities in the host security
can be used to probe for problems within the web server. So, it's crucial to address security
at multiple levels to ensure the web server remains protected.
• A poorly written script or application may make it possible to change a web server’s
configuration file, which can then be modified so that the web server runs with excess
privileges. By exploiting a host security flaw, an attacker could then create a privileged
script that would lead to the attacker’s obtaining full access to the entire computer system.
• A web server may have well-written scripts and be running on a secure operating system,
but a related database server may contain a default account that allows full access to anyone
on the Internet. By connecting to the database server and typing a few commands, an
attacker may be able to get access to the names, email addresses, and credit card numbers of
every customer who has purchased something from the web site.
The first step in securing a server involves thoroughly checking the computer's hardware, its
operating system, and any additional programs. The aim is to ensure that users with
permission have the necessary abilities to do their work but nothing beyond that. It's about
making sure only the right people can do what they need to do on the computer system.
To secure your computer's web service, you need to understand how the program that
shows web pages operates and how it's set up. Check the server's configuration to ensure
the right levels of access are given to the files on the server. Also, review the scripts, which
can be written in different languages like Perl, VBScript, or C, to make sure they follow
your security rules and can't be misused by someone with harmful intentions on the internet.
Essentially, it's about making sure the web server and its scripts are set up correctly and
safely.
In the end, it's important to check for any possible connections or interactions among all the
different parts running on the computer. This task can be challenging and time-consuming.
To make it easier, try to reduce connections between different parts of your system and
ensure each part doesn't rely too much on the environment it's working in. This helps
minimize complications and potential issues.
a) Simplification of services
A great way to enhance a web server's security is to reduce the number of services it
provides. If you need both a mail server and a web server, it's safest to have them on
separate computers. For the computer running your web service, set it up to run only the
web services. Choose an operating system and web server without unnecessary options and
remove any services you don't need. Simplifying the system reduces the chances of things
going wrong or being exploited by attackers.
Another effective strategy is to limit access to the web server. Place the server in a secure
location to prevent physical unauthorized access. Control the number of users who can log
in, and use the server exclusively for your intended application. This prevents unauthorized
access or accidental changes that could compromise information. Also, ensure that remote
administrative access to the server is done securely, using methods like SSH, SecureID, or
S/Key.
b) Policing copyright
Many web developers want to safeguard their website content from unauthorized use. For
instance, sites offering pay-per-view content aim to prevent users from downloading and
sharing it without payment. Similarly, websites providing free information often prefer
users to access data directly to track downloads and potentially display ads.
However, technical solutions to limit information spread face challenges. Once data is
viewed on a user's screen, it can be easily copied, printed, or saved. Copy protection
systems for web data exist but can be bypassed by determined attackers. Some sites opt for
digital watermarking instead. This involves making subtle, hidden changes to the data to
embed identification. These alterations are not noticeable to users and are resistant to
removal attempts. Programs can reveal this identification, indicating the true owner and
possibly the initial recipient of the copy.
Among various techniques, encryption is the only practical method on a large public
network like the Internet. Physical security for the Internet is not possible, and information
hiding is effective only if those you want to hide from don't know it's hidden. Encryption,
on the other hand, can prevent tampering and make it clear when information has been
altered.
A significant development in the World Wide Web's launch was Netscape Communications'
creation of SSL (Secure Sockets Layer). SSL made it easy for regular users to use
cryptographic security, a level of protection previously reserved for banks and governments.
SSL encryption allowed people to securely transmit credit card information on the web,
which was crucial for the growth of online commerce. Before SSL, people used to send
credit card numbers via email, posing security risks.
SSL enables secure transmission of sensitive data like usernames and credit card numbers.
However, it doesn't protect the information at the connection ends. There's a risk of denial-
of-service attacks, where network disruptions, either physical or logical, can occur. In 2000,
a significant denial-of-service attack targeted several Internet sites, creating widespread
impact. Defending against such attacks as an individual is challenging, but redundancy,
strong connections, and backup systems can help minimize their effects. Ultimately, using
the legal system to pursue and prosecute attackers is crucial for reducing the frequency of
these attacks.
- Risk analysis involves assessing the likelihood and potential damage of each risk
systematically.
- Drawing parallels with public safety and civil engineering, where risk analysis helps
design robust structures like bridges.
- Due to challenges in risk analysis, a newer approach called best practices or due care has
emerged.
- Best practices are considered "rules of thumb" for implementing sound security
measures.
- The idea that one-size-fits-all for securing computers is problematic; many organizations
claiming to follow best practices may adopt minimum standards.
- Start with best practices and, through educated design, evaluate risks and trade-offs to
choose reasonable solutions.
Authentication
Digital signatures can be used to identify a participant in a web transaction or the author of
an email message; people who receive a message that is signed by a digital signature can
use it to verify the identity of the signer. Digital signatures can be used in conjunction with
passwords and biometrics or as an alternative to them.
Authorization
Confidentiality
Encryption is used to scramble information sent over networks and stored on servers so that
eavesdroppers cannot access the data’s content. Some people call this quality “privacy,” but
most professionals reserve that word for referring to the protection of personal information
(whether confidential or not) from aggregation and improper use.
Integrity
Methods that are used to verify that a message has not been modified while in transit. Often,
this is done with digitally signed message digest codes.
Nonrepudiation
Cryptographic receipts are created so that an author of a message cannot realistically deny
sending a message.
A cryptographic system is a collection of software and hardware that can encrypt or decrypt
information. A typical cryptographic system is the combination of a desktop computer, a
web browser, a remote web server, and the computer on which the web server is running. A
cryptographic protocol, by contrast, describes how information moves throughout the
cryptographic system. In our examples, the web browser and the remote web server
communicate using the Secure Sockets Layer (SSL) cryptographic protocol. More than a
dozen cryptographic protocols have been developed for Internet security and commerce.
These systems fall into two categories. The first category of cryptographic programs and
protocols is used for encryption of offline messages—mostly email. The second category of
cryptographic protocols is used for confidentiality, authentication, integrity, and non
repudiation for online communications SSL
a. PGP
b. S/MIME
PGP/OpenPGP
PGP (Pretty Good Privacy) is a complete working system for the cryptographic protection
of electronic mail and files. OpenPGP is a set of standards (RFC 2440) that describe the
formats for encrypted messages, keys, and digital signatures. PGP offers confidentiality,
integrity, and nonrepudiation. PGP was the first widespread public key encryption program.
The original version was written between 1990 and 1992 by Phil Zimmermann and released
on the Internet in June 1991. Later versions were the result of efforts by Zimmermann and
programmers around the world. PGP is available in two ways: as a command-line program,
which can be run on many different operating systems, and as an integrated application,
which is limited to running on the Windows and Macintosh platforms. The integrated
application comes with plug-in modules that allow it to integrate with popular email
packages such as Microsoft Outlook, Outlook Express, Eudora, and Netscape
Communicator. With these plug-ins, the standard email packages can automatically send
and receive PGP-encrypted messages.
Current versions of PGP allow users to create two kinds of private keys: encryption keys,
which are used for actually encrypting email messages, and signing keys, which are used
for digitally signing messages. Older versions of PGP supported only a single key that was
used for both encryption and signing.
Each PGP key consists of two parts: a person’s name and the actual mathematical key that
is used to perform cryptographic operations, as shown in Figure 4-1
The simplest way to be sure of a key’s authenticity is to get a copy of the key from its
owner. Unlike other email encryption systems, every PGP user can certify any key that he
wishes: if you have a key, it is up to you to decide if you believe that the key actually
belongs to the person who is named on the key’s certificate. When you get a person’s key
and add it to your PGP key ring, you can tell your copy of PGP whether or not to trust the
key.
S/MIME
The Multipurpose Internet Mail Extensions (MIME) is a standard for sending files with
binary attachments over the Internet. Secure/MIME extends the MIME standard to allow
for encrypted email. Unlike PGP, S/MIME was not first implemented as a single program,
but as a toolkit that was designed to be added to existing mail packages. Because this toolkit
comes from RSA Data Security and includes licenses for all necessary algorithms and
patents, and because the major companies selling email systems already have a business
relationship with RSA Data Security, it is possible that S/MIME will be adopted by many
email vendors in preference to PGP.
To send people encrypted mail with S/MIME, you must first have a copy of their public
keys. It is expected that most S/MIME programs will use X.509 v3 public key
infrastructures such as those being built by VeriSign and other certification authorities.
Online Cryptographic Protocols and Systems
1. SSL
PCT
PCT is a transport layer security protocol similar to SSL that was developed by Microsoft.
Reportedly, the acronym has had several expansions: the current favored one is Private
Communications Technology. PCT was developed in response to problems with SSL 2.0;
these problems were also addressed in SSL 3.0. Although Microsoft is supporting SSL 3.0
and TLS, the new Transport Layer Security model, Microsoft intends to continue
supporting PCT because it is being used by several large Microsoft customers on their
corporate intranets.
SET
SET is a cryptographic protocol designed for sending encrypted credit card numbers over
the Internet. Unlike the other protocols described here, it is still under development. There
are three parts to the SET system: an "electronic wallet" that resides on the user's computer;
a server that runs at the merchant's web site; and the SET Payment Server that runs at the
merchant's bank. To use the SET system, you must first enter your credit card number into
the electronic wallet software. Most implementations will store the credit card number in an
encrypted file on your hard disk or in a smart card. The software also creates a public and a
secret key for encrypting your financial information before it is sent over the Internet. When
you want to buy something, your credit card number is encrypted and sent to the merchant.
The merchant's software digitally signs the payment message and forwards it to the
processing bank, where the Payment Server decrypts all of the information and runs the
credit card charge. Finally, a receipt gets sent back to both the merchant and you, the
customer. Banks that process credit cards are excited about SET because it keeps credit card
numbers out of the hands of the merchants. That should cut down on a lot of fraud, because
it is merchants (and their employees), and not teenage hackers, who are responsible for
much of the credit card fraud in the world today. SET offers confidentiality for credit card
numbers, as they are encrypted using the RSA algorithm. But it does not offer
confidentiality (and thus privacy) for the other elements of a user's transaction: this was a
compromise necessary to gain approval to export the SET software without restriction. SET
does provide for integrity, authentication, and nonrepudiation through the use of message
digest functions and digital signatures.
DNSSEC
The Domain Name System Security ( DNSSEC) standard is a system designed to bring
security to the Internet's Domain Name System (DNS). DNSSEC creates a parallel public
key infrastructure built upon the DNS system. Each DNS domain is assigned a public key.
A domain's public key can be obtained in a trusted manner from the parent domain or it can
be preloaded into a DNS server using the server's "boot" file.
Kerberos
Kerberos is a network security system developed at MIT and used throughout the United
States. Unlike the other systems mentioned in this chapter, Kerberos does not use public
key technology.61 Instead, Kerberos is based on symmetric ciphers and secrets that are
shared between the Kerberos server and each individual user. Each user has his own
password, and the Kerberos server uses this password to encrypt messages sent to that user
so that they cannot be read by anyone else. Support for Kerberos must be added to each
program that is to be protected. Currently, "Kerberized" versions of Telnet, FTP, POP, and
Sun RPC are in general use. A system that used Kerberos to provide confidentiality for
HTTP was developed but never made it out of the lab. Kerberos is a difficult system to
configure and administer. To operate a Kerberos system, each site must have a Kerberos
server that is physically secure. The Kerberos server maintains a copy of every user's
password. In the event that the Kerberos server is compromised, every user's password must
be changed.
SSH
SSH is the secure shell. It provides for cryptographically protected virtual terminal (Telnet)
and file transfer (rcp) operations. Noncommercial versions of SSH are available for many
versions of UNIX. SSH is available for UNIX, Windows, and the Macintosh from Data
Fellows (http://www.datafellows.com).
2. However, it's important to realize that the original, unencrypted files are still stored on
your web server. If someone gains access to your server, they can potentially access
these unencrypted files.
4. Even though encryption is strong, if someone manages to steal or somehow obtain the
encryption keys used in SSL, they can decrypt the protected data. SSL stores a copy of
the server's secret key on the server's hard drive, and although it's usually encrypted
itself, it's not impossible for a skilled attacker to access it.
Cryptographic protocols like SSL are really good at protecting your information from being
secretly monitored or listened to by hackers. But, there's a problem. Sometimes, attackers
don't just want to spy on your data; they want to do other harmful things, like causing chaos
or deleting your encrypted files.
In fields like banking, these attackers can cause a lot of trouble and make you lose money
by messing up your communication or getting rid of your protected files.
Now, there have been some smart people who tried to figure out how to use cryptography to
defend against certain types of attacks that disrupt your services, like puzzles or special
codes. However, these solutions don't work for every situation, and they're not a one-size-
fits-all solution.
So, while cryptography is great at stopping eavesdropping, it's not always the perfect
answer to protect against all the other tricky things attackers can do.
c. Cryptography can’t protect you against records of message traffic or the fact that a
message was sent
Suppose you send an encrypted message to Blake Johnson, and Blake murders your lover’s
spouse, and then Blake sends you an encrypted message back. A reasonable person might
suspect that you have some involvement in the murder, even if that person can’t read the
contents of your messages. Or suppose there is a record of your sending large, encrypted
messages from work to your company’s competitor. If there is a mysterious deposit to your
bank account two days after each transmission, an investigator is likely to draw some
conclusions from this behavior.
Today the field of public key cryptography is largely governed by three patents
The Hellman-Merkle patent covers a public key cryptography system called the knapsack
algorithm. This patent was the first patent to mention the words "public key cryptography."
Throughout the 1980s and early 1990s, this patent was represented as anticipating the entire
field of public key cryptography - and thus, any use of public key cryptography in the
United States presumably required a license from the patent holder. This, despite the fact
that the claimed invention doesn't work!
This patent is for the RSA encryption method, a widely used way to protect information. In
1996, an arbitrator decided that all the rights to this patent would go to RSA Data Security,
which was later bought by a company called Security Dynamics that same year. Unlike the
two previous patents we talked about, this one seems to have a strong legal basis, as long as
patents on encryption methods are considered legal under patent laws.
Until recently, many business leaders without technical backgrounds mistakenly believed
that keeping encryption algorithms secret would enhance the security of their encrypted
data. Some companies proudly claimed to use proprietary encryption algorithms, refusing to
publish them, arguing that disclosure would compromise security. However, today, most
security professionals agree that this approach is largely incorrect and, in many cases,
counterproductive.
The prevailing trend in the security community now leans towards open academic discourse
on cryptographic algorithms. Published algorithms undergo rigorous analysis, and flaws are
occasionally discovered. Trusted algorithms that have withstood academic scrutiny are
widely adopted for data protection.
Some companies try to avoid this scrutiny by keeping their algorithms secret, while others
use secret algorithms with broad licensing to gain market control. However, historical
experience has shown that it's nearly impossible to keep the details of a successful
encryption algorithm secret. Once widely used, the algorithm inevitably becomes available
in a form that can be analyzed and reverse-engineered.
1. In the 1980s Ronald Rivest developed the RC2 and RC4 data encryption algorithms as an
alternative to the DES. The big advantage of these algorithms was that they had a variable
key length—the algorithms could support very short and unsecure keys, or keys that were
very long and thus impossible to guess. The United States adopted an expedited export
review process for products containing these algorithms, and as a result many companies
wished to implement them. But RSA kept the RC2 and RC4 algorithms secret, in an effort
to stimulate sales of its cryptographic toolkits. RSA Data Security widely licensed these
encryption algorithms to Microsoft, Apple, Lotus, and many other companies. Then in
1994, the source code for a function claiming to implement the RC4 algorithm was
anonymously published on the Internet. Although RSA Data Security at first denied that the
function was in fact RC4, subsequent analysis by experts proved that it was 100 percent
compatible with RC4. Privately, individuals close to RSA Data Security said that the
function had apparently been “leaked” by an engineer at one of the many firms in Silicon
Valley that had licensed the source code.
2. Likewise, in 1996 the source code for a function claiming to implement the RC2 algorithm
was published anonymously on the Internet. This source code appeared to be derived from a
copy of Lotus Notes that had been disassembled.
Over the past 50 years, many governments worldwide have increasingly agreed on the
necessity to regulate cryptographic technology. Initially, this push for regulation had
military roots. During World War II, breaking the Nazi Enigma machine codes significantly
benefited the Allies, shortening the war by several years. This success led military
intelligence officials in the United States and the United Kingdom to believe they should
control the dissemination of robust encryption technology, ensuring they could eavesdrop
on enemy communications in future conflicts.
In the early 1990s, concerns about encryption expanded beyond the military. Law
enforcement organizations, as technology became more affordable and widespread, feared
losing their ability to execute search warrants and wiretaps. With encryption becoming
more prevalent, there were worries about seizing computers and being unable to access
encrypted data. The advent of cellular phones added to their concerns, as the technology
lacked provisions for wiretaps. These experiences fueled the determination of law
enforcement and intelligence officials to impede the widespread adoption of unbreakable
cryptography, aiming to maintain their investigative capabilities.
Back in the 1980s, if a company in the U.S. wanted to sell a machine or a program that used
cryptography to other countries, they had to get permission from the U.S. government.
Getting this permission, known as a license, was not easy—it was a complicated, expensive,
and time-consuming process.
In 1992, the Software Publishers Association talked with the State Department to make this
process faster, especially for widely-used consumer software. They agreed to allow the
export of programs that used certain cryptographic algorithms (RC2 and RC4 by RSA Data
Security). However, there was a catch—the encryption key had to be set to 40 bits or less.
This compromise aimed to balance the need for security with the interests of allowing
technology to be used globally.
After the 40-bit compromise in 1992, many people were unhappy because they felt that 40
bits of encryption wasn't strong enough for security. The U.S. government deliberately
chose this limit so they could decrypt messages if needed. Law enforcement officials were
worried that even 40-bit encryption could pose challenges to their surveillance efforts if
widely adopted.
Following this compromise, in the Clinton Administration, there were proposals to allow
consumers to use stronger encryption to protect their communication and data. These
proposals were based on a method called key escrow. The first one was called the Escrowed
Encryption Standard (EES), also known as the Clipper chip.
Here's how key escrow works: When the Clipper chip encrypts a message, it also encrypts
the key used to encrypt that message with a second key. This encrypted key, along with the
encrypted message, is stored in a block of data called the Law Enforcement Access Field
(LEAF). Each Clipper chip has a unique second key, and the government has a copy of each
one. If a communication encrypted with a Clipper chip is intercepted, the government
figures out which key was used, gets a copy of the chip's second key, and uses it to decrypt
the LEAF. This process allows them to first decrypt the message key and then use it to
decrypt the actual message.
The Clipper chip proposal was met with much hostility from industry and the general public
(see Figure 4-3). Criticism centered upon two issues. The first objection was hardware
oriented: PC vendors said that it would be prohibitively expensive to equip computers with
a Clipper chip. The second objection was philosophical: many people thought that the
government had no right mandating a back door into civilian encryption systems; Clipper
was likened to living in a society where citizens had to give the police copies of their front
door keys. In early 1996, the Clinton Administration proposed a new system called software
key escrow. Under this new system, companies would be allowed to export software that
used keys up to 64 bits in size, but only under the condition that a copy of the key used by
every program had been filed with an appropriate escrow agent within the United States, so
that if law enforcement required, any files or transmission encrypted with the system could
be easily decrypted. This proposal, in turn, was replaced with another one called key
recovery, that didn’t require escrowing keys at all, but that still
In 1997, an ad hoc group of technologists and cryptographers issued a report detailing a
number of specific risks regarding all of the proposed key recovery, key escrow, and trusted
third-party encryption schemes (quotations are from the report):*
There is fundamentally no way to prevent the compromise of the system “by authorized
individuals who abuse or misuse their positions. Users of a key recovery system must trust
that the individuals designing, implementing, and running the key recovery operation are
indeed trustworthy. An individual, or set of individuals, motivated by ideology, greed, or
the threat of blackmail, may abuse the authority given to them. Abuse may compromise the
secrets of individuals, particular corporations, or even of entire nations. There have been
many examples in recent times of individuals in sensitive positions violating the trust
placed in them. There is no reason to believe that key recovery systems can be managed
with a higher degree of success.”
Securing a communications or data storage system is hard work; the key recovery systems
proposed by the government would make the job of security significantly harder because
more systems would need to be secured to provide the same level of security.
The envisioned key recovery system would have to work with thousands of products from
hundreds of vendors; it would have to work with key recovery agents all over the world; it
would have to accommodate tens of thousands of law enforcement agencies, tens of
millions of public-private key pairs, and hundreds of billions of recoverable session keys:
“The overall infrastructure needed to deploy and manage this system will be vast.
Government agencies will need to certify products. Other agencies, both within the U.S.
and in other countries, will need to oversee the operation and security of the highly-
sensitive recovery agents—as well as ensure that law enforcement agencies get the timely
and confidential access they desire. Any breakdown in security among these complex
interactions will result in compromised keys and a greater potential for abuse or incorrect
disclosures.
A functioning key recovery system would deal with hundreds of requests for keys every
week coming from many difficult sources. How could all these requests be properly
authenticated?
The cost
Operating a key recovery system would be incredibly expensive. These costs include the
cost of designing products, engineering the key recovery center itself, actual operation costs
of the center, and (we hope) government oversight costs. Invariably, these costs would be
passed along to the end users, who would be further saddled with “both the expense of
choosing, using, and managing key recovery systems and the losses from lessened security
and mistaken or fraudulent disclosures of sensitive data.”
b) The Digital Millennium Copyright Act
In easy terms, there's a big market for digital media like pictures, e-books, music, and
movies, and it's worth billions of dollars. The internet is a great way to share and sell these
things, but there's a problem. Since digital items can be easily copied, there's a risk of fraud
and theft. This is known as copyright violation, and it worries people who create and sell
digital stuff.
Companies that make digital media have tried different methods to stop unauthorized
copying, hoping to collect fees for their products. However, most of these methods, which
are usually software-based and use cryptography, have been figured out and bypassed by
people who want to copy without permission. Some of these protection methods are weak,
and free programs have been made available to break the protection.
In response to this, big companies that create and sell digital media asked the government
(Congress) for help. In 1998, they got the Digital Millennium Copyright Act (DMCA),
which was supposed to follow international copyright standards. However, the DMCA went
beyond those standards and added rules against making, selling, or talking about tools that
could bypass copyright protection technology. This was an attempt to strengthen the
protection of digital media and prevent unauthorized copying.
As of 2001, this has been shown to have unexpected0 side-effects and overbroad
application. For example
c) International agreements on cryptography
In 1995, discussions began for a new control agreement called the Wassenaar Arrangement
on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. This
treaty was signed in July 1996 by 31 countries, including Argentina, Australia, Canada,
France, Germany, Japan, the United States, and many others. Over time, Bulgaria and
Ukraine also became part of the arrangement. The initial Wassenaar Agreement initially
followed COCOM's exemptions, allowing the export of mass-market and public-domain
encryption software. However, in December 1998, the restrictions were expanded.
Need of identification
For much of the 20th century, driver's licenses, passports, and other kinds of identity cards
have been the primary tools that people have used to prove their identities.
Need
a) We use them when cashing checks, when opening accounts with new businesses,
when applying for a job, and when buying property.
b) Customers also need to be able to know who the business they are dealing
with are.
c) Identification cards create a stable business environment by themselves: they
work hand-in-hand with the legal system.
d) In the physical world, business are usually easy to identify because they have a
physical location. If customer has a problem with a business, they can usually
go to the business’s physical location to get it resolved.
e) In digital world, t is not always easy to identify business. This is because
business can operate online and may not have a physical location.
There are two types of identification techniques
1. Paper based identification Techniques.
2. Computerized Identification techniques
The most common way of determining the identity of a person in the physical world is to
examine documents that are issued from a trusted authority. Consider passports and driver’s
licenses. Governments issue these documents to show affiliation (e.g., citizenship) or
privileges (e.g., the right to drive), but these documents are also commonly used to
authenticate identity, because the issuing of these documents is carefully controlled, they
show a person’s name, and they are difficult to forge.
Paper-based identification systems, like the U.S. passport, are so common that we often
overlook how they function. Take a U.S. passport, for instance. It contains a photo, details
about the person's appearance, date and place of birth, a signature, and the U.S. government
seal. To verify someone's identity, you first inspect the passport for authenticity, checking
for features like special seals on laminations.
If the passport seems genuine, the next step is to compare the person in front of you with
the description in the passport. Identifying someone solely based on a photograph can be
challenging. If there are suspicions, you may ask the person to sign something or inquire
about details from the document, such as the birthplace.
However, complications arise when the passport photo is outdated, and the person has
undergone significant changes. For instance, the person might have a tan, lost weight, or
experienced other alterations. Making a decision in such cases relies on the available
information and your judgment.
Personal computers didn’t really care who was using them. They just let anyone
sitting at the keyboard do whatever they wanted. That’s why they are called personal
computers- they were meant for one person.
But things have changed. Now a days computers can be connected the internet, and
sometimes many people share one computer with important stuff on it. So just
relying on who’s physically there isn’t enough to keep things safe. We need a way
to know who’s using the computer
Now , lots of us have different IDs like passwords or even our faces. So, why not
use those to prove who we are, when we use a computer?
Unfortunately, most computers can't look at your face and then glance at your driver's
license to decide if you should be allowed access or not:
The earliest digital identification systems were based on passwords. Every user of the
system is assigned a username and a password; to “prove” your identity to the computer,
you simply type your password. If the password that you type matches the password that is
stored on the computer, then the assumption is that you must be who you claim to be (see
Figure 6-2).
Because they are simple to use and require no special hardware, passwords continue to be
the most popular authentication system used in the world today. As a result of this
popularity, most of us now have dozens of passwords that we need to remember on an
almost daily basis, including PINs (personal identification numbers) or passwords for
accessing ATM cards, long-distance calling cards, voicemail systems, and answering
machines, and for disabling “V-Chips” installed in modern televisions, unlocking cell
phones, unlocking desktop computers, accessing dialup Internet service providers,
downloading electronic mail, and accessing web sites.
b) Physical tokens: Something that you have
Another way to prove who you are is by using something physical, like a access
card. These cards are often used in business. When you want to open a door, you
just put the card near a reader. Each card has its own special number. The system
knows which cards can open which doors at certain times.
a) The token doesn't really "prove" who you are. Anybody who has physical
possession of the token can gain access to the restricted area.
b) If a person loses his token, he cannot enter the restricted area, even though his
identity hasn't changed.
c) Some tokens are easily copied or forged.
d) Location.
With the development of computer systems that can readily determine the location of their
users, it is now possible to deploy position-based authentication systems. The Global
Positioning System (GPS) can be readily used for obtaining location information, there are
two serious hindrances for GPS in this application: the fact that GPS doesn’t usually work
indoors, and the fact that there is no way to securely get the positional information from the
GPS receiver to the remote service that needs to do the verification. A better choice for
position-based authentication is the positional services offered by some mobile telephone
networks. With these systems, the network can determine the user’s location and then
directly report this information to the service, without risking that the information may be
compromised while the user is authenticated.
Replay Attacks
To understand replay attacks, consider the case of a computer that verifies its user’s
identity with a fingerprint scanner. Under ideal conditions, a person sits down at the
computer, presses his thumb to the scanner, and the computer verifies his identity. But
consider the case shown in Figure 6-5, in which one computer acquires the fingerprint and
another performs the verification. In this case, it is possible for a attacker to intercept the
code for the digitized fingerprint as it moves over the network. Once the attacker has the
fingerprint transmission, the attacker can use it to impersonate the victim.
Replay attacks aren’t a problem for biometrics alone: they represent a fundamental attack
against all of the digital identification systems mentioned in this chapter. For example,
passwords can be eavesdropped and re-used by an attacker. Even positionbased systems
can be attacked with replay attacks. Simple encryption provides a measure of protection
against replay attacks because encryption makes it more difficult for an attacker to
intercept passwords, digitized fingerprints, and other kinds of information used to prove
identity. But straightforward encryption has an important limitation: although encryption
protects the identification information while it is in transit, if the information is ever
revealed to a hostile party, then the information is forever compromised!.
Stopping Replay Attacks with Public Key Cryptography
Properly implemented, public key cryptography can eliminate the risk of replay attacks.
PGP public keys
1. Probably the most secure way to create and use a set of keys is to employ a
cryptographic coprocessor such as a smart card. A typical public key-compatible smart
card has a small microprocessor with a hardware random number generator for creating
keys and performing the basic public key algorithms; it also has a region of memory
that can hold the keys and public key “certificates” (see Figure 6-8). In theory, the
private key never actually leaves the card. Instead, if you want to sign or decrypt a piece
of information, that piece of information has to be transmitted into the card, and the
signed or decrypted answer transmitted off the card. Thus, attackers cannot use the
private key unless they have possession of the smart card. Smart cards can be
augmented with fingerprint readers or other biometric devices, so that the card will not
create a signature unless the biometric is presented.
2. For those who do not wish to invest in special smart cards and smart card readers,
another technique to manage private keys is to generate them on a desktop computer
and then store the encrypted keys on a floppy disk or flash disk. When the key is
needed, the user inserts the floppy disk into the computer’s drive; the computer reads
the encrypted private key into memory, decrypts the key, and finally uses the key to
sign the requested information. This technique is less secure than the smart card
because it requires that the private key be transferred into the computer’s memory,
where it could be attacked and compromised by a computer virus, Trojan horse, or other
rogue program.
3. The simplest way to create and store a public key/private key pair is to generate the key
inside the computer, then to encrypt the key using a passphrase and store the key in a
file on the computer’s hard disk. This is the technique that programs such as PGP and
Netscape Navigator use to protect private keys. This technique is convenient. The
disadvantage is that if somebody gains access to your computer and knows your
passphrase, he or she can access your private key. And because the key must be
decrypted by the computer to be used, it is vulnerable to attack inside the computer’s
memory by a rogue program or a Trojan horse.
4. The least secure way to generate a public key/private key pair is to let somebody else do
it for you, and then to download the private and public keys. The fundamental problem
with this approach is that the private key is by definition compromised: somebody else
has a copy of it. Nevertheless, some organizations (and some governments) require that
people use third-party key generation for this very reason: so that the organization will
have a copy of each user’s key, allowing the organization to decrypt all email sent to
the individual
Pls the below given topics in text book page No: 136.
Digital certificates (shown in Figure 7-1) allow public key cryptography to be used as a
kind of general-purpose identification system. A digital certificate is a signed block of data
that contains a public key and other information, such as a person’s name, email address, or
affiliation. For example, a university might issue digital certificates to its students that state
that the students are enrolled at the university. The students could then get access to the
university’s web server by presenting their digital certificates along with their public keys.
PGP prompted us to enter our name and email address. This information was then attached
to the key that we created. With this key, we certified our own information. The ability for
people to create and certify their own keys is one of the reasons that PGP became so
popular in the 1990s. People could download a copy of PGP, create their own keys, and
instantly start using it.
PGP (Pretty Good Privacy) had a convenient feature for creating encryption keys, but it
came with a problem. If you searched for someone's key on the key server or received a
signed message, there was no reliable way to confirm that the key truly belonged to that
person. By 1995, the PGP key servers were full of fake keys claiming to be owned by
notable figures like U.S. President Bill Clinton, his cat Socks, Microsoft Chairman Bill
Gates, and even PGP author Phil Zimmermann. This situation was so widespread that even
the CERT/CC (Computer Emergency Response Team/Coordination Center) issued a
warning about a fake PGP key falsely associated with CERT/CC's name on the key server.
In reality, none of these keys actually belonged to the people or entities they claimed to
represent. The freedom that was a hallmark of PGP came with a cost: if you were given a
person’s PGP key, there was no way you could be sure that it belonged to that person. One
way that you can be reasonably sure to get a person’s actual PGP key is to get the key from
the person himself.
One of the strengths of PGP is that it has a system that mimics this community-based
approach to trust for helping users to decide if they should trust keys. With PGP, users are
able to sign the key certificates of other users. A signature on a key certificate is a promise
made by the signer that the key really does belong to the person whose name and email
address are listed on the key. If you believe a person’s promises, then you are said to trust
the key. If you have a key that has a signature (a promise) on it that you believe, then the
key is said to be valid. When you display your key ring with the PGP keys application, each
key appears with an indication of validity and trust:
Validity
An indication of whether you believe that the key you have in your possession actually
belongs to the person to whom it says it belongs. Keys are valid if you created them or if
they are signed with a key that you trust.
Trust
A measure of how much you believe the honesty and judgment of the person who holds the
key. The more you trust a key, the more you trust the person who created the key to certify
other people’s keys
b). The Web of Trust and the key servers
Today the Web of Trust is most visible on the PGP key servers. In April 2001, Simson
looked up his own key on the PGP public key server. He discovered that the key had five
signatures on it: two from his own keys, one by Dave Del Torto, one by Eugene H.
Spafford, and one by an “Unknown Signer” (see Figure 7-6) If you look up Simson’s key
and you trust signatures by Dave Del Torto, Eugene H. Spafford, or the “Unknown
Signer,”* then you will know that the key is valid
Suppose you want to find our keys, but when you connect to the PGP key server you find
several keys with our names on them. You might not know which key is the real key for
each of us. However, if one of the keys on the key server is signed by someone whose key
you trust, then you can differentiate between the actual key and the keys that are possibly
fraudulent.
c). Key signing parties
One way that PGP users work to extend the Web of Trust is by holding key signing parties.
PGP users will gather, exchange floppy disks or business cards containing their keys, and
then show each other their driver’s licenses or passports. Having obtained a copy of
someone’s key and seen an apparently unimpeachable form of identification, people at the
key signing party will then sign each other’s keys and (usually) upload the signed keys to
the key server.
Conceptually, a CA’s certificate looks like a cryptographically signed index card. The
certificates, signed by the certification authority’s own private key, contain the name of the
CA, that CA’s public key, a serial number, and other information, as shown in Figure 7-7.
To date, most certificates are a promise by the CA that a particular public key belongs to a
particular individual or organization. But certificates can also be used for assertions.
There are many different ways that a certification authority can offer service
Internal CA
For example,
A computer system used for purchasing could be set up so that any employee presenting a
valid certificate saying that the employee was in the Purchasing Department would be given
access. Internal CAs allow organizations to centralize access control to a large number of
systems without having to distribute usernames, passwords, and access control lists
throughout the enterprise. These systems can also implement so-called single sign-on, so
that an employee needs to log into his or her computer only once, and then have access to
the entire enterprise
Outsourced employee CA
An organization might want to partake in the benefits of using digital certificates, but not
have the technical ability to run its own certificate servers. Such an organization could
contract with an outside firm to provide certification services for its own employees, exactly
as a company might contract with a photo lab to create identification cards.
Outsourced customer CA
Trusted third-party CA
A company or a government can operate a CA that binds public keys with the legal names
of individuals and businesses. Such a CA can be used to allow individuals with no prior
relationship to establish each other’s identity and engage in legal transactions. Certificates
issued by such a CA would be exactly analogous to driver’s licenses and identity cards
issued by a state’s Department of Motor Vehicles.
The certification practices statement (CPS) is a legal document CAs publish that describes
their policies and procedures for issuing and revoking digital certificates. CPS documents
are designed to be read by humans, not by machines. It’s possible that in the future the
terms and conditions of CAs will become standardized enough that it will be possible for
programs to automatically process CPS documents. A business might be willing to accept
certification from a CA that guarantees minimum certification policies and a willingness to
assume a certain amount of liability in the event that its certification policies are not
followed—and provided that the CA is bonded by an appropriate bonding agency.
Some proposed uses of digital certificates include the following:
CRLs and CDPs are interesting technology; they allow computers that are not connected to
a network to determine if a certificate is valid or if it has been revoked. In practice, though,
this technology has a variety of problems:
• If a CA is very popular, it is likely that the CRLs will grow very large. VeriSign’s 900K
CRL for its SSL server certificates can take more than 20 minutes to download over a
dialup connection.
• There is a period between the time that a certificate is revoked and the time that the new
CRL is distributed when a certificate appears to be valid but is not.
Instead of using Certificate Revocation Lists (CRLs) to check if a certificate is valid, there's
another approach called real-time validation. In this method, a system checks the
authenticity of a certificate by consulting an online database operated by the certification
authority whenever needed.
Advantages:
Challenges:
- Faces scalability issues as more users use certificates, requiring faster validation servers to
handle the growing user community.
Short-lived certificates
Fast forward to today, the need for a widespread PKI is even more critical due to increasing
internet fraud.
Building the envisioned PKI faces hurdles. The current plan involves a system with
multiple Certificate Authorities (CAs) and thousands or millions of users managing
certificates and public keys. Surprisingly, despite 30 years passing, this technology has
mostly been tested in labs and controlled environments.
Digital signatures are not proofs of identity by themselves. They only prove that the signer
has access to a particular private key that matches a public key that has been signed by a
certificate authority (CA). This system relies on the security of the end user's computer,
which is often lacking.
The companies that issue digital certificates do not have a solution to this problem. They
simply require certificate applicants to securely generate their own private keys and take
steps to protect them. However, this does not solve the underlying computer security
problems that make it possible for malware to modify programs on the user's computer,
such as the random number generator, which could be used to forge digital signatures.
However, if you have certificate that just says “Robert Smith” that’s a problem
because there are many people with that name, and you can’t be sure which Robert
Smith it belongs to. Certificates need more than just a name to identify someone
uniquely and legally. So, if you are trying to use a certificate with a a common
name like Robert Smith, it might not be clear which specific person it belongs to.
In the last two decades, widely used identifiers like the U.S. Social Security number have
become tools for invading people's privacy. These universal identifiers allow the collection
of information from various sources to create detailed profiles of individuals.
Digital certificates, issued centrally, have the potential to be even more effective than Social
Security numbers in aggregating information. The key advantage is that digital signatures
address a significant issue faced with Social Security numbers – inaccurate data. People
may provide false information or make mistakes when typing these numbers.
Currently, matching individually identified records between businesses can be challenging
due to discrepancies in numbers. Digital certificates aim to simplify this process by
facilitating verified electronic entry of the numbers. Consequently, the practice of building
extensive databases with personal information gathered from various sources is likely to
increase.