!" # $%!" &$' *'! +&,% -./!&,%!!/ 0!" 1$! Eve. Bob. Alice. Bob. Alice

!"

# $ % !"

& %

& $'

( ) $$ % "

' $

* ' !

+& ,%

- ./ ! & ,%

! ! / 0 !"

' $

$ "

1 $ !

Alice Bob

Alice Bob

Eve

Alice Bob Malek

tampering

! "

Exemplo: Email spoofing ...

Spikey Bob

"

Alice Dan, the Devil

Exemplo: Web-Site Masquerading ...

# #

Alice

. "

% 0 ' 0 % + $

$ 0

0 $ !

3 0 0 % 0 $ 0 "

% 0 $

$ 0 $ 0 % ' 0

$ "

$ % % %0 4 $

%

'

% '

& #

% ' $

5 % 0 30 0'

2 %0 4 % ! %

'

6 0 . '! 3 '%7

% $'

%0 '

%

%0 '

%

8

$ 0 %

%0 '

(

SSL

Signatures Encryption Hashing

DSA RSA RSA DES SHA1 MD5

) * $ %*

+,

-

%$./0 1% ) * $2 3% ! ) * $ %*

+

4 5, 6

# 5, 6

& 7

KA Alice’s secret key KB Bob’s secret key

KAB Secret key shared between Alice and Bob KApriv Alice’s private key (known only to Alice) KApub Alice’s public key (published by Alice for all to read) {M}^K Message M encrypted with key K

[M]K Message Msigned with key K

+

8 8

8

encrypt(M, KAB) Hello, I like you!

M

Alice Bob

aCew345ksdAS {M}K^AB

decrypt({M}KAB, KAB)

Hello, I like you!

M Alice and Bob sharea secret

that they have discussed previously (KAB)

8 +

$4 ! $

encrypt(M, KBpub) Hello, I like you!

M

Alice Bob

aCew345ksdAS {M}K^Bpub

decrypt({M}KBpub, KBpriv) Hello, I like you!

M Bob has a Public Key (KBpub)

PROBLEM: How to share the symmetric key among two anonymous persons?

If there is one Web-site and multiple Clients, there cannot be a single encryption key for all the communications.

Solution: use a Key Distribution Center.

. 9 $.% $ 0 $ ) . 2

::;" 0 <$ =. !' > !.' + 9 #0 2 1 ' :>>" ? $

$ . !' 8 !.' +

9 9 $ 1 0 3 0 3 !' . !'

@.' +

% 9 $1 ' ($ 0 ::" A .$

# ( =. !' > !.' +

9 ( ' ::>" =+ . !'

#0 . * % 88 &BC

) : ;

) $' ($ 0

1 0

% D ( !

#' $$0 .$!'E

1 0

. !

D .% 0 ' 3

! 0 ' 0 !'

! 0 ' 0 $ <

< $ ,

; . !' ^; .$

6 '% $'0 '0$E

$' ! .' .% .%

=. !'9 ⁼ .$

#0 % . $ 0 0 % . $ %$

$$

'.%F G % 7 $$0 %%

Se uma chave tiver 128 bits então há cerca de 2¹²⁸(3.4 x 10³⁸) combinações. Se for possível arranjar um bilião (10³x 10⁶) de computadores, capazes de testarem um bilião de chaves por segundo cada um, é possível testar 10¹⁸chaves por segundo. Então são necessários 10¹³anos para completar o ataque a uma chave de 128 bits. Ora estima-se que a idade do universo é de cerca de 10¹⁰anos.

) =

9 1 $ .' & 0 2 $

.% $ . !'

H ::>9 A ( ) I 3 0

! ' 3 01

-0'J # 03 0 . !' 3 !

H% ::>9 ( ! 0 .'.%

A % 9 . 3 ; 0

( 3 0 % 9 * % &B4 %

0 $ 0 . ! %

! 0 !'9 3 ! 0 ! K 0

!'

5%!' %'9 & 0 $ B % # < " 3 0 * % :&04

L : M

1

5 % 1 .% 7 0 $ '

' $ 0 $.$

A) A); A) 81

81 ' $3.% ,% $ !' 4

.

1 . $ ( ' %

' 3 01 % .

%$ .$

' ' 0

.$ .%

.$ $ !9

%

) : ;

>

/$ # # #

! " #

" $

%& '

( _! ^"

$

"

)

#0 ,% 0 ' !'

3 %0 %

J

% %.$ !' ' 0'

%& '

!

(

% '

(^*

( +

(^*

$

"

( +

(*

# # #

#% ' ($ ." . ($ "

& &

(, -

(,* (

-

(*

(*, + ( (, *

, ,

$ . (*

+ ( (*

/

! " #

! , $ 0

# # #

,

) : ;

($ . N / $%

. 0 ,% O %

1 ,% $0 O

O %% %

0

$%PO9 % % 0 O

% % .%PO 0 ,%$($

.

, 5 , 6

($ . 0 !'

@1)9 0 !'3 0 0

%

($ .! 3 3 ' !' @_{( @1)}@ _@1)

% 3 0@1)

(_{! (/ 1} (_{2 (/ 1} (_{3 (/ 1} (_{4 (/ 1} (_{5 (/ 1} (_{! (/ 1}

( _{(/ 1}

( _{(/ 1}

, 5 , 6

$ 6

! $

6

$

! (

7 (/ 1 ! #

(/ 1 6


  

  

 
  

$ %

$ & #

$ $( .$

% $ % % %%

P % @1) @ '1 .% ) "

,% 0 0 ( @ @."

6@1) 4 0 O @ " ,% O

% ( % %

6 $ ,%

,% $'

/$ & #

?6 #@ , + ( (&

% %( ,% $ % L !M % % $

? % Q $ R ( ,% L% M PO

,% $ ? Q O %

A6 , #@ +B& ( (,(B, ( C,C,

(,% O ? @ ! % 0 @ O $ ?

( 0 @1) R $ 0 @ $ (" ( O

! 0

96 #@ +B, ( C,(B& DC,

( 4 ,% ,% $ $ $0 !

E6 #@ +B& D#?C,

,% 4 S? T@ ,% % U ,% %S@ (T@.

$ " >

( 8" $' V O

.$ @ % O #% ' %

% . ($ ( $%PO %

! ,% . R . 8"

# $< ,% $R ( @1) / 4 % $

% V $ ,%. 0 @

6 $ O 9

?6 #@ , + ( (&

% %( ,% $ % ! % % $

? % Q $ R (- % $4PO $' !

A6 , #@ +B& ( (, (B, ( ( C, C,

(,% O ? @ ! % 0 @ O $ ?

( 0 @1) ( O !

0

96 #@ +B, ( (C, (B& DC, E6 #@ +B& D#?C,

" ,

Server Client

DoOperation

Authentication database

Login session setup

Ticket- granting service T Kerberos Key Distribution Centre

Server session setup

Authen- tication service A 1. Request for

TGS ticket 2. TGS

ticket

3. Request for server ticket 4. Server ticket

5. Service request Request encrypted with session key

Reply encrypted with session key

Service function Step B

Step A

Step C

C S

$ , 5F-G6

PHASE 1: OBTAIN KERBEROS SESSION KEY AND TGS TICKET. ONCE PER LOGIN SESSION A -> AS: A, TGS, n1

Olá AS, eu sou a Alice e quero fazer “login” no sistema.

AS -> A: { Ks, n1}Ka, {A,TGS, t1, t2, Ks}Ktgs

Toma lá uma chave (Ks) cifrada com a tua chave, que te permite obter tickets e um ticket que te permite falar com o TGS, válido de t1 até t2.

AS= Authentication Service

$) %%+/ . %& .% , .1/ * - /& $ 3%&.# * %/&-

#@ .0 +B (.0 (?(A(, C, (B (9C, ( ( A

6$#W % %( ,% $ XS( 8T@ % (

#W ,% ,% ( 0 @ A

,% , % . @ H

! S( #W @ T@ (

$ #W % % @ ,% $0

$ R

S( 8T@ 4 % L % M % 8" ,%

$'

.0 #@ +B ( A(, C, (B ( (?D(AD(, C, (,% % 0 @ ." % ! $

$) %%%+% ' * I' .J%.) .% , .-

#@ +B (9DC, (B ( (?D(AD(, C, ( 9

$) %*+ '.) &.% . * -

#@ +B 9C,

( ,% % ,% $0 % 8" ,%

( % L 0$$ M

$'

6 $ 7 7 8 87 O

,% ( #W F 4 $ ,% N %

% POX $ $' ,% %U

,% $R ,% O 4

8 O ,% ,%

/%$ X . $'

) ( $ % $ #W

% 0 O % !

' $ ,

?D

$ 5

*

6 P N 0

0 $ P $

@ . "

$ #,

$ ,

encrypt(M, KPublic_Bob) Hello, I like you!

M

Alice

aCew345ksdAS {M}KPublic_Bob

decrypt({M}KPublic_Bob, KPrivate_Bob) Hello, I like you!

M

Bob

Bob publishes his public key to the world. Everyone knows it. KBob_Public

Bob keeps his private key safe from the world. KBob_Private

Y ;. "

0

#) ! ;;:"

$$ % $ 0

& $ 9 ----

*%.$ !' ' < $3 0 ' '

-

$

Key size/hash size

(bits) Extrapolated speed (kbytes/sec.)

PRB optimized (kbytes/s)

TEA 128 700 -

DES 56 350 7746

Triple-DES 112 120 2842

IDEA 128 700 4469

RSA 512 7 -

RSA 2048 1 -

MD5 128 1740 62425

SHA 160 750 25162

) : . ;

# $ ' 0 $%

$ $

"

0 0

0 3$ $. .' 0 L0 0M

%

) 1

Data Data

Hash Message

Hash - Creates a unique “fingerprint” for a message

- Anyone can alter the data and calculate a new hash value

) . 0 03 0 $ % $ 0

Hash Signature

Sender’s Private Key Message

Hash Sign

5 6

% 0 !

Hash

Signature

Sender’s Public Key

Verify ?

Data

These digital signatures validate data integrity.

H +

hm = hash(M) 34432432

encrypt[hm, KSender_Private]

Signed Document M

48954543 enc. digest M

SENDER

RECEIVER

Signed Document

48954543 enc. digest M

decrypt[enc. digest, KSender_Public] 34432432 hash(M)

34432432

Equal?

1

E =. "

F =. "

) #? . "

(

% %

) K

*%.$ !' ' % % .$

$ % # $3

*%.$ !' ' ' 0'

. 3 ' ! 0

. %

2 *%.$ !' '

% 0 !' 0

( 0% .' 0 5 $

# . $

Alice _{Bob’s Bob}

public key

Session key: K^AB (Randomly generated)

Message (M)

{M}KAB Public key encrytion

{Session key}KBob_Public

{KAB}KBob_Public

symmetric encrytion

{M}K^AB {KAB}KBob_Public

Bob’s private key

Session key: K^AB Public key decryption

symmetric decryption

Message (M)

---

Incoming Message...

Alice: mobile phone number...

I ---

($ .

#0 ' 3 0 .7 *%.$ @ '

#0 ' .' . % 0 * @ '

) .. % 0 0 ($ J

.$ 0 & $!J

B 3 0 %J

( $ %

% ' %$

' 0 '

3 0

*%.$ !' ' 0'%

0 .$

5 6

) (%0 )( " 0

$ %

Individual’s Public-Key

CA

CA’s Private-Key

Signed Certificate

2 ' %0 ' )("

0 Q.$ $

Z% ($ ,% ,%$ 0

Q.$ .9

" / %

0 . $E"

" [ % )(

0 Q.$

/ 3

L -

#

M

J &

?NA-E?-??-F?

%$&

:::- -

& + 3 & +

O L -

J #

+

:::- - 5

& + 6

J /

- ' & +

J % -

/ <

& +

/

3 +

' 5 P +#PQ6

$ +

'

& +

+

$% . % ,% % "

.% 3 $ %

$ 0 !' $ % $ 0 3 "

.%

%

$

$

% .' %

1. Certificate type: Public key 2. Name: Bob’s Bank 3. Public key: K_Bpub

4. Certifying authority: Fred – The Bankers Federation 5. Signature: {Digest(field 2 + field 3)}KFpriv

.

* $)

5) +& & )

3 *%.$0 ) )( )

[

#3 0 )A ?

&%$

! W

.

0 . %

% . % 0 !'

0 )(

% '% ' '% 0 )(7

%.$ !'E

% 0 3 '% % 0 )(J B 3 '% 0 )(7 %.$ !' % $ 'JJJ

.

*%.$ !' )(

% . $ 0 % 0 %

0 $

$$ )1

"(_-#

$ (-

(-$ ! . #

(- (!(- ! #

$ " " ! #

(_-

.

(_!^*

.

(_-

(*_!(_-

(_- (_-

(_!*

&

(_-

.

(_!

.

(_! (_-

(_-

(_!*(_-

5 6

• $

#

• #

8 #

9

.

.

*

( 9 9 (

&

(^*(

.

* ( 9

9

.

5 6

• $ " "

#

"! .

" $ #

9

.

.

*

( 9 (

(_-

.

(_!^*

.

(_!*(_- (_-

(_!*

&

(_-

$ 0 $ 5 $0$6

$ '

0

2 ' !'

' 0' %.$ !'

' 0' 0 0

% $

% .

* '

%0 '

*0$C

3 8 '

$

---BEGIN PGP SIGNED MESSAGE-- -

Hash: SHA1

Bob:My husband is out of town tonight.Passionately yours, Alice

---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv

yhHJRHhGJGhgg/12EpJ+lo8gE4vB3 mqJhFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE---

5 5

3$

3

3$

% ! 5' #)*+ * ! ' "

(%0 % $ %

) %0 $ $ "

) $' '

'

* 3 0

)..$ 5 )..$ 36

3

HandshakeSSL protocol

SSL Change Cipher Spec SSL Alert

Protocol

Transport layer (usually TCP) Network layer (usually IP) SSL Record Protocol

HTTP Telnet

SSL protocols: Other protocols:

3+

5 ,% 5 %

( 0 $\0 0!\ 0

0 $ %0 0

] '

#0 %0 % $ #,

0 0

0 $ .

6 0 0 . %0 0 $

% 0 ,% #,

30 0 ' ' $$0 0'

<0 0 0

' 0 '0 %

3+) $

? 0 0 %

.$0 0 !'

(%0 0 0 $

6 $ $ ' %0 0 $ 0

$ 0 ' 0 $ 0 0

0 0'. 0 %

2 %.$ !' ' 0 ,%

0

.$0 ' 5

2 . 3 5 $ %

0 Q.$ )(

6. 3 $ %

% )( ,% $

6. 3 % 0 Q.$ )(

< 0 Q.$

3+) $

Client Server

ClientHello ServerHello

Certificate Certificate Request

ServerHelloDone

Certificate Certificate Verify

Change Cipher Spec Finished Change Cipher Spec

Finished

Establish protocol version, session ID, cipher suite, compression method, exchange random values

Optionally send server certificate and request client certificate

Send client certificate response if requested

Change cipher suite and finish handshake

3 /

Component Description Example

Key exchange

method the method to be used for

exchange of a session key RSA with public-key certificates Cipher for data

transfer the block or stream cipher to be

used for data IDEA

Message digest

function for creating message

authentication codes (MACs) SHA

: 3

- 1 '

- 1 $ % ($ 0

, - @ ' <0 ($ 0

F- & 1 $ 0 $ .'A

A E- A ' 0 A ( 1 % '"

- ( %.$ !' $ 0 . 0 ' %0

1 $ .'A 0 ( $

H - ( !' <0 $ 0 5.

0 A ( $ 0

) #?- % B 0($ 0

,%$M ,- ( $ ' !' $ 0 $ D6A# CC( $ 0 3 % .' 0 2 W . # - 1 $ 0

3

1 %$ $ $ B##*

&#* ??#* *6*8 D#*"

& $ '% B##*

) % 9

8 )*2 3 0 ;.

A ( !'

? 3 % %0

3 ---

5 0$$ Y . ! ::

#0 ; . 0 !'3 . ! .' .%

0 3 ! .% 3 ! 3 $$$

% ?A( D

#0 !'3 % $ $ 0 0$ 0 !'

= '

& 7 $39 0 % $ 3 0 %.$

' = 0

# '7 % .% =< 0 ::

= '+ =^ 0%

)+

)$ )$

)$ 9 ,% 3

)$ 9 ! 0 B B J

)$ 9 0

)$ 9 *%.$_@ ' # '_@ '

)$ 9 _@ ' 0 '

3 0 0 # '_@ ' 0 *%.$_@ ' 0

9 % * _@ ' ' 0

_@ '

#0 %0 0 $ 3 0 0

9 1 ( A ( 6 *W* 3

)#A .

)

---

I 8 ; I % ;

/08

* $9 $ 0 !

) 4 <$ V

%$ .$ 6

( $ PU * $

1 V $ 0

/%

*% 0 .

D 4 3 $ ,%

< % ,% . % F

D $ 9 . $ ` &O $F Mitnick

Simpson

Z% J

/ :

func_1() { int a, b;

func_2();

}

c, d a, b

func_2() { int c, d;

func_3();

}

func 1’s address buf

func_3() { char buf[100];

read_user_input(buf);

}

func 2’s address

/ :

func_1() { int a, b;

func_2();

}

c, d a, b

func_2() { int c, d;

func_3();

}

func 1’s address buf

func_3() { char buf[100];

read_user_input(buf);

}

func 2’s address evil_assembly_code()

buf’s address

Attacker is supplying input to buf… so bufgets a very carefully constructed string containing assembly code, and overwriting func 2’s address with buf’s address.

When func3 returns, it will branch to buf instead of func2.

1 :

DMZ evil Internet

internal network

1 :

Firewall ensures that the internal network and the Internet can both talk to the DMZ, but usually not to each other;

The DMZ relays services at the application level, e.g. mail forwarding, web proxying;

The DMZ machines and firewall are centrally administered by people focused on security full- time (installing patches, etc.); it’s easier to secure 20 machines than 20,000.

Now the internal network is “safe” (but not from internal attacks, ….)

J $+$

5 % 6 J 1 5 RGA-?? 6

* $ 0 0 % $ 4

( O O %

($ A); ; . &% $

!

=

(%0 9 = <

( ' =. "