Security on the Internet

6CCS3INS Internet Systems

2014-15 Toktam Mahmoodi, Department of Informatics, KCL
 Internet security threats
 HTTP authentication
 Digests and encryption
 Public key encryption
 Pretty Good Privacy
 Transport Layer Security and HTTPS
 Digital certificates

Outline
 The particular risks posed by connecting a host to the
internet can be classified as:
 Someone sends data to your host which causes it to do
something it shouldn't
 Someone retrieves data from your host that they shouldn't have
access to
 Someone captures (a copy of) the data communicated from you
to another host
 First two are examples of illegitimate access to a host,
the last is eavesdropping

Security threats
 Preventing illegitimate access can be split into two
issues
 Authentication: Determining who is trying to gain access to your
host
 Access Control: Determining whether that individual is allowed
to access a resource on your host
 Access control is not particular to the internet
 Authentication poses problems in an network with
billions of people you don't know

Illegitimate access
 Authentication mechanisms of web servers prevent
illegitimate access to resources
 Resources are often grouped into named realms, which
users can be allowed access to
 They require clients to demonstrate who they are, from
extra data sent with their messages

Authentication
 If a client tries to access a secured web server with no
authentication, it receives a response with status code:
401 Authentication Required
 This tells the client to supply identification

 The response will contain a field:

WWW-Authenticate: ...
 specifying the authentication scheme required
 The client provides authentication in new request

Authentication HTTP status

 Common forms of proof of identity are:
 Username plus password
 Digital certificate

 Software applications must also authenticate

themselves, and may have identities different from but
based on that of their owner

Proof of identity
 Basic authentication is indicated by the Basic scheme
being passed in the 401 response:
WWW-Authenticate: Basic realm="somerealm"

 Basic secure request gives credentials as base64

encoding of text
username:password

 Encoding put into Authorization request field:

Authorization: Basic QWxhZGR=

HTTP basic authentication

 With password authentication, the web server holds a
list of username-password pairs
 The client sends the username and password (in some
form) with every request, and the web server matches
against its list to see whether access is allowed
 Do not want your password read by others so
eavesdropping is a problem with this method and
digests are commonly used

Password authentication
 A digest of some data is a transformation of that data
into a fixed length string, from which the original cannot
be deduced
 Use a digest wherever data across places or times need
to be compared to check they are the same: if digests
match this is almost proof
 Value of algorithm depends on:
 Difficulty of deducing original from digest
 Lack of collisions: 2 messages with same digests

Digests
 Digests are used in password authentication to send an
obscured version of a password from the sender to be
checked against that held by the receiver
 Sender and receiver perform digest on same data,
including password as known by each, and receiver
compares results

Password digests
Receiver Sender

1. Create digest
of username
and password

Password digests
 2. Send username
Receiver Sender
and digest

1. Create digest
of username
and password

Password digests
 2. Send username
Receiver Sender
and digest

3. Look up 1. Create digest

password of username
from username and password

Password digests
 2. Send username
Receiver Sender
and digest

4. Create digest 1. Create digest

of username of username
and password and password

Password digests
 2. Send username
Receiver Sender
and digest

If digests
match,
strong evidence
of correct
5. Compare password 1. Create digest
digest created of username
with digest received and password

Password digests
 MD5 is a digest function devised by Ronald L. Rivest
 It takes an arbitrarily long string and produces a string of
fixed length, the digest
 Collisions are possible in MD5
 Can try it out with UNIX command md5sum

“digest” abfd2c0ecb4e9dec4a6b1159d5fea334
“Digest” 5a20c77381e982467465dd18facf0807
“digest ” e21681785dc42cfc30867e4fcf78edaf

MD5
1. Client tries to access a realm on the server
2. Server responds asking for authentication (HTTP 401)
using digests and providing a unique identifier, a
number used once (nonce), for the request
3. Client sends a digest of the concatenation of:
 username, realm, password, URL, request method and nonce id

HTTP digest authentication

 Digest authentication is indicated by the Digest scheme
passed in the 401 response:
WWW-Authenticate: Digest
realm="somerealm" algorithm=”MD5”
nonce=”564dsd” ...

 Create digest of password plus other data

 Digest put into Authorization request field:
Authorization: Digest Username=“Peter”,
response="6629fae49393a053",
realm=“somerealm”, nonce=”564dsd” ...

HTTP digest authentication

 Eavesdropping is a problem on the internet:
 Happens at any point in route between hosts
 Whole physical network cannot (realistically) be secured
 Promiscuous Mode: Ethernet allows hosts to request
that all data sent through a network be passed to it, even
if not a router or destination
 A sniffer is a device/program to monitor all data across a
network, and so can be used to extract passwords etc.
 To solve, eavesdroppers must be prevented from
understanding the data
 Encryption is the transformation of data to a form
unreadable by anyone but the intended recipient

Eavesdropping
 Encryption on the internet takes several forms:
 Link encryption: Encrypts all communication across a physical
link, but it is expensive and unrealistic over large scale
 Document encryption: Documents encrypted, sent, then
decrypted by document-handling applications
 Transport Layer Security: TLS encrypts all messages at the
TCP layer

Encryption types
 Both a digest and an encryption of a message are a
transformation of that message into some new data that
gives no clue to the original
 The original message can be computed from the
encrypted data (decrypted) given the right information,
but this is not true of a digest
 Two different messages can transform into the same
digest (a collision), but every encrypted message is
unique for the message

Digests and encryption

 A key is a secret piece of data that sender and receiver use
to encrypt and decrypt messages
 As no-one else knows the key, no-one else can decrypt the
message
 In single key encryption, the same key is used by both parties
to both encrypt and decrypt
 But the key must first be communicated between parties
 If parties are distant, this is a problem: people may eavesdrop
on the key communication
 IBM developed Data Encryption Standard (DES), a commonly
used scheme for a long time, but regarded as insecure now
 It uses a 56-bit key to encrypt a 64-bit message into 64-bit
encrypted data

Single key encryption

 In public key cryptography, each user has a pair of keys:
a public one and a private one
 The public key can be made available to anyone wanting
to send an encrypted message to the user
 Sender encrypts their messages with the public key: the
algorithm ensures the message can only be decrypted
with the private key
 On receiving an encrypted message, the user uses the
private key to decrypt the messages

Public key encryption

 Receiver Sender
1. Send public key

3. Send encrypted data

4. Decrypt data No private data 2. Encrypt data

was transmitted
with own publicly with receiver's
private key public key

Scenario 1: Secret message

 Another problem related to authentication is checking
that data comes from the source it claims to
 Data can be intercepted and replaced without the
receiver knowing
Data Y from Sender Data X from Sender

Receiver
Sender

 Public key cryptography, used in a different way, can

help solve this integrity problem

Using public keys for integrity

 Receiver Sender
1. Send public key

3. Send encrypted data

Integrity: data
4. Decrypt data could only have 2. Encrypt data
with sender's been encrypted with own
public key by sender private key

Scenario 2: Data integrity

 One of the best known public key encryption algorithms
is RSA, named after the inventors: Rivest, Shamir and
Adleman
 The idea of RSA is to use two very large prime numbers
for the keys

RSA
1. Generate two large primes: p, q
2. Calculate the product: n = pq
3. Calculate the totient: m = (p - 1)(q - 1)
4. Find a co-prime to totient m: e
5. Choose integers d, i so that: d = (1 + im) / e
6. The public key is (n, e)
7. The private key is (n, d)

RSA key generation

1. Generate two large primes: 7, 11

RSA generation example

1. Generate two large primes: 7, 11
2. Calculate the product: 77

RSA generation example

 1. Generate two large primes: 7, 11
2. Calculate the product: 77
3. Calculate the totient: 60

RSA generation example

1. Generate two large primes: 7, 11
2. Calculate the product: 77
3. Calculate the totient: 60
4. Find a co-prime to totient: 7
To find co-prime, count up each prime, and find
first not divisible into totient:
Is 60 divisible by 2? Yes
Is 60 divisible by 3? Yes
Is 60 divisible by 5? Yes
Is 60 divisible by 7? No

RSA generation example

1. Generate two large primes: 7, 11
2. Calculate the product: 77
3. Calculate the totient: 60
4. Find a co-prime to totient: 7
5. Choose integers i, d: 5, 43
(1 + (5 x 60)) / 7 = 43
To find i and d, count up i from 1 until find first
(1 + (i x 60)) divisible by 7:
(1 + (1 x 60)) divisible by 7? No
(1 + (2 x 60)) divisible by 7? No
...
(1 + (5 x 60)) divisible by 7? Yes, d = 43

RSA generation example

 1. Generate two large primes: 7, 11
2. Calculate the product: 77
3. Calculate the totient: 60
4. Find a co-prime to totient: 7
5. Choose integers i, d: 5, 43
(1 + (5 x 60)) / 7 =
43
6. The public key is (n, e): (77, 7)
7. The private key is (n, d): (77, 43)

RSA generation example

1. Obtain receiver's public key (n, e)
2. Divide message bits to chunks, each treated as a positive
integer less than n M
3. Compute encrypted values C = Me mod n

1. Obtain receiver's public key (77, 7)

2. Represent data as +ve integer 6
3. Compute encrypted value 67 mod 77 = 41

RSA encryption algorithm

 1. Use private key (n, d)
2. Receive encrypted message C
3. Calculate original value M = Cd mod n

1. Use private key (77, 43)

2. Receive encrypted message 41
3. Calculate original value 4143 mod 77 = 6

RSA decryption algorithm

 Pretty Good Privacy (PGP) is a common algorithm using
a public key (e.g. RSA) to communicate a symmetric key
(e.g. DES) for use in one session of communication
 Faster and more secure than symmetric or public key
cryptography alone
 OpenPGP revises and standardises PGP

Pretty Good Privacy

 Sender:
1. Creates a message
2. Generates a random number to be used as the session key for
this message only
3. Encrypts session key using receiver's public key
4. Encrypts the message with the session key
5. Sends concatenation of encrypted session key and encrypted
message
 Receiver:
1. Decrypts session key using own private key
2. Decrypts message using the session key

PGP algorithm
 Secure Socket Layer (SSL) was developed by Netscape
Communications
 It operates between host-to-host protocols (TCP) and
the application layer protocols (e.g. HTTP)
 For each communication, SSL uses the most recent
secure communication protocol that both hosts can
support
 Transport Layer Security (TLS) is a more recent
variation on SSL, standardised by IETF

Transport Layer Security

 TLS initiates a cryptographic protocol between hosts
with a Hello message
 Both parties declare what they can support and the
strongest encryption available is chosen
 This allows for the change and development of
encryption methods
 The client will choose the stronger of the two protocols

TLS negotiating protocol

 The hosts then exchange certificates
 Digital certificates provide verifiable host data for
authentication
 They also provide public keys for encrypting the
communication
 We'll say more on certificates later
 The public keys in the certificates are used to encrypt
communication over TLS

TLS sharing certificates

 TLS tackles the problem of man-in-the-middle attacks
 A malicious host routes communication through itself,
without being apparent to either sender or receiver
 Data can then be copied and, if not encrypted, read

Man-in-the-middle attacks
 TLS operates over TCP, but under HTTP or other
application protocols
 Inserts a new layer into the four-layer internet layering
model
 This layer deals with the issue of secure communication
of application data

TLS and the internet architecture

 HTTPS is HTTP over SSL/TLS
 Uses its own URI scheme
 https:...
 Has a different default TCP port (443)
 Otherwise the same as HTTP over TCP
 An HTTPS web server must have a digital certificate that
it can use to authenticate itself with a client

HTTPS
 A digital certificate is a block of data about a
communicating host that is signed
 Signing a certificate means adding an encrypted digest
of the host data, so that other hosts can check that:
 You are who you say you are
 The host data has not been tampered with

Digital certificates
 Host data can include:
 Public key
 Validity period of certificate
 URL of revocation centre
 Name, institution, email address of owning user
 Public key is used to secure communication to the host
 Certificates are revoked if they are suspected of being
compromised (like credit cards)
 Revocation centres provide lists of revoked certificates to check
against

Host data
 A certification authority is an organisation responsible for
issuing and verifying the correctness of certificates
 If a host's certificate is signed by a CA, then any other
host trusting the CA may reliably know that the
certificate's public key belongs to the host as stated
 Publicly trusted CAs exist, such as VeriSign and CertCA

Certification authorities
 Certificate
Authority
2. Create
certificate,
1. Send identifying Encrypt with own
information, host private key
data 3. Send
encrypted
certificate
Sender Receiver

Applying for a certificate

 Certificate
Authority 2. Decrypt
certificate
with CA's public key

1. Send digital
certificate

Sender Receiver

Applying for a certificate

 X.509 is a popular form of certificate
 An X.509 certificate consists of three parts:
 The certificate details
 The signature of the certificate
 The algorithm used to sign the certificate
 The certificate details then include:
 A unique serial number for the certificate
 The period (from X to Y) that the certificate is valid
 The name of the certificate's issuer
 A unique identifier for the issuer
 The name of the certificate's owner
 The public key of the owner

X.509
 Internet security threats
 HTTP authentication
 Digests and encryption
 Public key encryption
 Pretty Good Privacy
 Transport Layer Security and HTTPS
 Digital certificates

What we’ve covered

Extra Reading