!" # $%!" &$' *'! +&,% -./!&,%!!/ 0!" 1$! Eve. Bob. Alice. Bob. Alice

Transcription

1 !" # $%!" &% &$' ) $%" '$ '! +&,% -./!&,%!!/ 0!" '$ $" 1$! Alice Bob Alice Eve 2$ Bob 1

2 ! " Alice Malek Bob Spikey Bob tampering Exemplo: spoofing... " ## Alice Dan, the Devil Alice Exemplo: Web-Site Masquerading... 2

3 $ ". " %0'0%+$ $0 0$! 300%0$0" %0$ $0$0%'0 $%%%04$ % ' %' &# %'$ 5%0300' 2%04%!% ' %$' %0' % %0' % 60.'!3'%7 8 +$0% ' %0 3

4 SSL ) $% %$./01% ) $23%! ) $% Signatures Encryption Hashing DSA RSA RSA DES SHA1 MD5 +, , 6 # 5, 6 & K A K B K AB K Apriv K Apub {M}K [M] K Alice s secret key Bob s secret key Secret key shared between Alice and Bob Alice s private key known only to Alice) Alice s public key published by Alice for all to read) Message M encrypted with key K Message Msigned with key K 4

5 8 8+ $4! $ Alice Alice and Bob share a secret that they have discussed previously KAB) Bob Alice Bob has a Public Key KBpub) Bob M Hello, I like you! {M}KAB acew345ksdas M Hello, I like you! M Hello, I like you! {M}KBpub acew345ksdas M Hello, I like you! encryptm, KAB) decrypt{m}kab, KAB) encryptm, KBpub) decrypt{m}kbpub, KBpriv).9$.%$0$).2 ::;"0<$=.!'>!.'+ 9#021' :>>"?$ $.!'8!.'+ PROBLEM: How to share the symmetric key among two anonymous persons? If there is one Web-site and multiple Clients, there cannot be a single encryption key for all the communications. Solution: use a Key Distribution Center. %9 $1'$0 ::"A.$ #=.!'>!.'+ 9' ::>"=+.!' #0.% 88&BC 5

6 ): ; )$'$0 10 %D! #' $0.$!'E 10.! D.%0'3!0'0!'!0'0$< < $, ;.!' ;.$ 6'%$'0'0$E $'!.'.%.% =.!'9 =.$ #0%.$00%.$%$ $ '.%F G%7 $0%% Se uma chave tiver 128 bits então há cerca de x ) combinações. Se for possível arranjar um bilião 10 3 x 10 6 ) de computadores, capazes de testarem um bilião de chaves por segundo cada um, é possível testar chaves por segundo. Então são necessários anos para completar o ataque a uma chave de 128 bits. Ora estima-se que a idade do universo é de cerca de anos. )= 1 91$.' &02$.%$.!' H::>9A)I30!'301-0'J#030.!'3! H%::>9!0.'.% A%9.3;0 30%9%&B4% 0$0.!%!0!'93!0!K0!' 5%!'%'9&0$ B%#<"30%:&04 5%1.%70$' '$0$.$ A)A);A)81 81 '$3.%,%$!'4. 1.$'% '301%. %$.$ L : M 6

7 ''0.$.%.$$!9. % > / $ ### ): ;! " # " $ %& '! " $ " ) #0,%0'!' 3%0%%.$!'0,%J $09 %%.$!''0' %& ' % '! + $ " + 7

8 ### #%'$.". $" ### + & -, +,, $. &,, -, /! " #!, $0 ): ;, $.N / $%. 0,% O % 1,% $0 O O %% % 0 $%PO9% % 0 O % %.%PO 0,%$$. 8

9 , 5,6 0!'300 @1) %30@1)!/1 /1 5/1 /1 2/1!/1 3/1 4/1, 5,6 7 /1! # $ 6 $% /1 6!! $ 6 $ $ &# / $ &# $ $.$ %$% %%% P 0 6@1) 4 0 O % % % 6$,%,%$'?6 #@,+ & %%,% $ %L!M %% $? %Q $R,% L%M PO,% $? Q O % A6, #@ + B &, B, C,C,,% O?@! % 0@O $? R $ $ "O! 0 96 #@ + B, C, B&DC, 4,%,% $ $ $0! E6 #@ + B&D#?C,,% 4 S?T@,% %U,% %S@T@. 9

10 $ " > ", 8" $' V O #%' % %. $$%PO %!,%.R. 8" #$<,% 4 %$ % V$,%. 6$ O 9?6 #@,+ & %%,% $ %! %% $? %Q $R - %$4PO $'! A6, #@ + B &, B, C, C,,% O?@! % 0@O $? 0 96 #@ + B, C, B&DC, Client C Step A 1. Request for TGS ticket 2. TGS ticket Login session setup Server session setup DoOperation Kerberos Key Distribution Centre Authentication service A Authentication database Step B 3. Request for server ticket 4. Server ticket Ticketgranting service T Step C 5. Service request Request encrypted with session key Reply encrypted with session key Service function Server S E6 #@ + B&D#?C, $, 5F-G6 PHASE 1: OBTAIN KERBEROS SESSION KEY AND TGS TICKET. ONCE PER LOGIN SESSION A -> AS: A, TGS, n1 Olá AS, eu sou a Alice e quero fazer login no sistema. AS -> A: { Ks, n1}ka, {A,TGS, t1, t2, Ks}Ktgs Toma lá uma chave Ks) cifrada com a tua chave, que te permite obter tickets e um ticket que te permite falar com o TGS, válido de t1 até t2. $) %%+ /.%&.%,. 1/ - /& $ 3%&.# %/&- #@.0+ B.0? A,C, B 9C, A 6$ #W%%,% $ XS8T@% #W,%,% H!S#W@T@ $ #W% $0 $ R S8T@4%L%M % 8",% $'.0 #@ + B A,C, B?D AD,C,,% % $ AS= Authentication Service TGS: Ticket Granting Service 10

11 $) %%%+ %' I'. J%.).%,.- + B 9DC, B?D AD,C, 9 $) %+ '.)&.%. - #@ + B9C,,% %,% $0 % 8",% % L0 $M $' 6$ O,% #WF 4 $,% N % %POX$ $',% %U,% $R,% O 4 8O,%,% /%$ X. $' ' $,?D $ 5 6PN0 ) $ % $ #W % 0 O %! $, $#, Alice Bob publishes his public key to the world. Everyone knows it. KBob_Public Bob keeps his private key safe from the world. KBob_Private Bob M Hello, I like you! {M}KPublic_Bob acew345ksdas M Hello, I like you! encryptm, KPublic_Bob) decrypt{m}kpublic_bob, KPrivate_Bob) 11

12 Y ;." 0 #)! ;;:" $%$0 &$9---- %.$!''<$30' ' - $ Key size/hash size bits) Extrapolated PRB optimized speed kbytes/s) kbytes/sec.) TEA DES Triple-DES IDEA RSA RSA MD SHA ):.; ) 1 #$'0$% $#: " Data Data $..'0L00M % Hash Message Hash - Creates a unique fingerprint for a message - Anyone can alter the data and calculate a new hash value - Hash has to be protected in some way 12

13 56 Data %0! Hash Hash Message Hash Sign Signature Signature Verify? Sender s Private Key ).0030$%$0 These digital signatures validate data integrity. Sender s Public Key H+ M hm = hashm) encrypt[hm, KSender_Private] M enc. digest Signed Document SENDER 1 E =." F =." )#?." Signed Document M hashm) enc. digest Equal? RECEIVER decrypt[enc. digest, KSender_Public] 13

14 ) K %% %.$!''%%.$ $%#$3 %.$!'''0'.3'!0.% 2%.$!'' 0 %0!' 0%.'05$ #. $ Alice Bob s public key Bob Bob s private key Session key: KAB Randomly generated) {KAB}KBob_Public Session key: KAB {KAB}KBob_Public Public key decryption Message M) Public key encrytion {Session key}kbob_public {M}KAB {M}KAB Message M) symmetric encrytion symmetric decryption 14

15 --- I--- $. Incoming Message... )..%00$J.$0&$!J B30%J Alice: mobile phone number $% %'%$ '0' 30 %.$!''0'% 0.$ Individual s Public-Key CA s Private-Key CA Signed Certificate )%0 )"0 $% 15

16 / 3 2 '%0' )" 0 Q.$ $ Z% $,%,%$0 Q.$.9 "/ % 0. $E" "[ % ) 0 Q.$ &+ &+ J # + 3 &+ &+ %$ & J & # ' $+ ' 5P + #PQ6 3+ / /< &+ J %- - ' &+ J / :::--5 6 OL- :::--?NA-E?-??-F? M L- + $%. %,%%".%3$% $0!'$%$ 03".% % $ $ %.'% 1. Certificate type: Public key 2. Name: Bob s Bank 3. Public key: K Bpub 4. Certifying authority: Fred The Bankers Federation 5. Signature: {Digestfield 2 + field 3)} KFpriv 16

17 . $) 5) +& &) 3%.$0) )) [ #30 )A? &%$! W.. 0.% %.%0!' 0) %'%''%0)7 %.$!'E %.$!') %.$ 0%0% 0$ $)1 %03'%%0)JB3 '%0)7%.$!'%$'JJJ 17

18 $ " "!# !.! -! - & -! - " - # $ - - $!. # -! -!#! -. -! $ # & 9 9 # 8 # $ " " # "!. " $ #.!.! -! - & 18

19 $ 0 $ 5$0$6 $' 0 2'!' '0'%.$!' '0'00 %$ %. ' %0' 0$C 38' $ BEGIN PGP SIGNED MESSAGE-- - Hash: SHA1 Bob:My husband is out of town tonight.passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhhjrhhgjghgg/12epj+lo8ge4vb3 mqjhfevzp9t6n7g6m5gw2 ---END PGP SIGNATURE--- 3 $ 3 3 $ )..$ 5)..$ 36 %!5' #)+!'" %0%$% )%0$ $" )$'' ' 30 19

20 3 3+ SSL Handshake protocol SSL protocols: SSL Change Cipher Spec SSL Alert Protocol SSL Record Protocol HTTP Telnet Transport layer usually TCP) Network layer usually IP) Other protocols: 5,%5% 0$\00!\0 0$%00 ]' #0%0%$#, 00 0$. 600.%00$ %0,%#, 300'' $00' <000 '0'0% 3+ ) $?00%.$00!' %000$ 6 $'%00$0 $0'0$00 00'.0% 2%.$!''0,% 0.$0' $% 0 Q.$ ) 6.3$ % % ),% $ 6.3% 0 Q.$ ) < 0 Q.$ 20

21 3+ ) $ 3 / Client ClientHello ServerHello Certificate Certificate Request ServerHelloDone Certificate Certificate Verify Server Establish protocol version, session ID, cipher suite, compression method, exchange random values Optionally send server certificate and request client certificate S end client certificate response if requested Component Description Example Key exchange method Cipher for data transfer Message digest function the method to be used for exchange of a session key the block or stream cipher to be used for data for creating message authentication codes MACs) RSA with public-key certificates IDEA SHA Change Cipher Spec Finished Change cipher suite and finish handshake Change Cipher Spec Finished : 3 3-1' - F- &1$0$.'A A E- A '0 A1%'" - %.$!'$0.0'%0 1$.'A0$ H-!'<0$05. 0A$0 )#?- %B0$0,%$M,- $'!'$0$ D6A#CC$03%.'02W.#- 1$0 1%$$$ B## &#??#68D#" &$'%B## )%9 8)230;. A!'?3%%0 21

22 $Y.!:: #0;.0!'3.!.'.% 03!.%3!3 $$ %?A D )+ #0!'3%$$00$0!' =' &7$390%$30%.$ '=0 #'7%.%=<0:: ='+=^0% ) $ ) $ )$ 9,%3 )$9!0BBJ )$ 90 )$9%.$_@'#'_@' )$ 9_@'0' 300#'_@'0%.$_@'0 9%_@''0 _@' #0%00$300 91A6W3 22

23 )#A. )

24 I 8 ; I %; Mitnick Simpson / 08 $9$0! )4<$ V %$.$ 6 $PU $ 1V$0 / % Z%J % 0. D43$,% <%,%.%F D$9. $ ` &O $F /: /: func 2 s address func 1 s address func buf s 2 s address func 1 s address buf c, d a, b evil_assembly_code) buf c, d a, b func_3) { char buf[100]; func_2) { int c, d; func_1) { int a, b; func_3) { char buf[100]; func_2) { int c, d; func_1) { int a, b; } read_user_inputbuf); } func_3); } func_2); } read_user_inputbuf); } func_3); } func_2); Attacker is supplying input to buf so buf gets a very carefully constructed string containing assembly code, and overwriting func 2 s address with buf s address. When func3 returns, it will branch to buf instead of func2. 24

25 1: evil Internet DMZ internal network 1: Firewall ensures that the internal network and the Internet can both talk to the DMZ, but usually not to each other; The DMZ relays services at the application level, e.g. mail forwarding, web proxying; The DMZ machines and firewall are centrally administered by people focused on security fulltime installing patches, etc.); it s easier to secure 20 machines than 20,000. Now the internal network is safe but not from internal attacks,.) J$+ $ 5%6 J1 5RGA-??6 $00%$4 OO% $A);;.&%$! = %09=< ' =." 25