Operating Systems Security - Chapter 2



Operating Systems Security - Chapter 3

Security Through Authentication and Encryption

Chapter Overview

In this chapter, students learn about several encryption methods and how operating systems use them. They also learn how systems authenticate one another, to be sure they are communicating with the right system, and they configure Kerberos authentication logon security. In addition, students find out how to use IP Security to keep a TCP/IP network secure, and they learn about some typical methods attackers use to defeat encryption and authentication.

Learning Objectives

After reading this chapter and completing the exercises, students will be able to:

□ Explain encryption methods and how they are used

□ Describe authentication methods and how they are used

□ Explain and configure IP Security

□ Discuss attacks on encryption and authentication methods

Lecture Notes

Encryption Methods

Encryption is the use of a secret code or other means to disguise data that is stored on a computer or transported across a network. Encryption makes data unintelligible to everyone except its intended recipients. Data may be encrypted as a file on a computer, or it may be encrypted before it is sent across a network.

Attackers routinely eavesdrop on networks, and (as with the old telephone party lines(it may be difficult to determine if someone is listening. Attackers use listening devices and software, often called sniffers, that can capture information sent across a network. Sniffer software turns the NIC on its host computer into a virtual “listening ear,” capturing the network traffic that goes across that NIC on a particular network segment. There are many encryption techniques designed to help protect stored or transmitted data listed on page 97 of the text.

Stream Cipher and Block Cipher

Stream cipher and block cipher are two basic ways to accomplish encryption. In stream cipher, every bit in a stream of data is encrypted. Also, in some forms of stream cipher, the encryption of each bit can involve a different key. Using stream cipher is extremely secure because it would take so long to decrypt every bit, particularly using a different key for each one.

In the block cipher method, a block of data is encrypted. Also, a specific key size is used. The block cipher method is commonly used because it has less overhead than the stream cipher method, but still provides sold security.

Secret Key Encryption

The secret key encryption method involves keeping the encryption key secret from public access, particularly over a network connection. Further, the same key is used to both encrypt and decrypt data, which is also called symmetrical encryption. The advantage of secret key encryption is that the process is kept simple, because the source that encrypts the data and the target that decrypts it both use the same key. The disadvantage is that, in network communications, both the source and the target must go to great lengths to keep the key secret.

Public Key Encryption

Public key encryption uses a public key and a private key combination. The public key encryption can be communicated over an unsecured connection, but the private keys used by the sender and the receiver are never shared in this way. One key is used to encrypt the data, and the other key is used to decrypt it, which makes this method asymmetric encryption. The public key/private key method uses an encryption algorithm developed by Whitfield Diffie and Martin Hellman, involving the use of prime numbers and numbers that are nearly prime numbers.

Hashing

Hashing involves uses a one-way function to mix the contents of a message or of data, either by scrambling it, associating it with a unique digital signature, or making it an unintelligible entry in a table(such as a table that stores passwords. In hashing, the mathematical function that calculates the hash, called the hashing algorithm, works on only one side of a two-way communication.

|Quick Reference |Discuss the example that demonstrates a hashing algorithm on page 99 of the text. |

Hashing is often used to create a digital signature. Server systems such as Windows NT/2000/2003 can use hashing to create digital signatures that are associated with the passwords of user accounts and placed in a table. In addition to using digital signatures with passwords, another classic way of checking the accuracy of data sent over a network is to use a checksum. One method of calculating a checksum is to add each bit in the data stream into a binary total. There are several typically used hashing algorithms:

□ Message Digest 2 (MD2) ( Message Digest 4 (MD4)

□ Message Digest 5 (MD5) ( Secure Hash Algorithm 1 (SHA-1)

|Quick Reference |Discuss the different types of hashing algorithms listed on pages 100 and 101 of the text. |

Data Encryption Standard

The Data Encryption Standard (DES) was initially developed by IBM and further refined by the National Bureau of Standards (now the National Institute of Standards and Technology) and the National Security Agency. The original version of DES used a 56-bit encryption key combined with 8-bit parity. Today the standard has evolved into Triple DES or 3DES, which is far more secure than the original standard, but not considered entirely secure by some government agencies, which have stopped using it. Triple DES hashes the original text three times and uses either a 112-bit key (56 X 2) or a 168-bit key (56 X 3).

Advanced Encryption Standard

Developed through the National Institute of Standards and Technology (NIST) and by Joan Daemen and Vincent Rijmen, Advanced Encryption Standard (AES) is a standard adopted by the U.S. government to replace DES and Triple DES. AES was adopted by the U.S. government in 2002 and by the standards organization Internet Engineering Task Force (IETF) in 2003.

Employing an algorithm called Rijandael, AES uses a private-key block-cipher technique in which the plaintext data is divided into 128-bit blocks. The private key can be either 128, 192, or 256 bits in length.

RSA Encryption

RSA encryption is named after its authors Ron Rivest, Adi Shamir, and Leonard Adleman. RSA encryption uses asymmetrical public and private keys along with an algorithm that relies on factoring large prime numbers. This encryption method has been in existence since 1977 and still holds up as an effective encryption method. The algorithm in RSA encryption uses what mathematicians call a trapdoor function to manipulate prime numbers.

Pluggable Authentication Modules

Originally, developed by Sun Microsystems, pluggable authentication modules (PAMs) are available for UNIX and Linux systems, including Red Hat Linux 9.x. Red Hat Linux 9.x, like some other UNIX and Linux systems, uses DES by default to automatically encrypt passwords. Through PAMs, users can choose to employ other popular encryption techniques, such as AES and RSA. PAMs also enable you to store encrypted passwords in a location other than the traditional places in UNIX and Linux, which are the /etc/shadow or /etc/passwd files.

Microsoft Point-to-Point Encryption

Remote connections into Windows 2000 Server, Windows XP Professional, and Windows Server 2003 uses Microsoft Point-to-Point Encryption (MPPE). MPPE is used with remote communications, for example with dial-up connections into Microsoft Remote Access Services (RAS) using Point-to-Point Protocol (PPP). PPP is used to encapsulate a network protocol, such as TCP/IP, and transport it over a remote telecommunications link. Another use of MPPE is with communications over a virtual private network (VPN) using Point-to-Point Tunneling Protocol (PPTP).

MPPE uses RSA encryption in three flavors (see Figure 3-2 on page 103):

□ Basic encryption, which uses a 40-bit key

□ Strong encryption, which uses a 56-bit key

□ Strongest encryption, which uses a 128-bit key

Encrypting File System

In Windows 2000, Microsoft introduced the Encrypting File System (EFS), which is an encryption technique for folders and files. EFS is available in Windows 2000, Windows XP, and Windows Server 2003 when hard disks are formatted using NTFS. EFS uses a public-key encryption system along with DES as the encryption algorithm.

The purpose of EFS is to protect folder and file contents on a hard disk, in case a hard disk is stolen from a server or workstation, or a portable computer is lost or stolen.

You can turn EFS on or off for a particular folder, its sub-files, or specific files by using My Computer or Windows Explorer to access the properties of a folder or file. EFS is configured as an advanced folder attribute, as shown in Figure 3-3 on page 106 of the text. Another way to configure EFS is by using the cipher command in the Command Prompt window, which offers many more options. You can use the cipher command with the parameters listed in Table 3-1 on page 106 of the text.

One feature that is both an advantage and a disadvantage of EFS is the use of a registered recovery agent, which is an account that has Administrator privileges. The advantage of the registered recovery agent is that it can recover encrypted folders and files. The registered recovery agent capability is also a disadvantage, because if an attacker gains access to an account that has Administrator privileges, the attacker can use the registered recovery agent feature to decrypt any EFS encrypted folders or files.

Cryptographic File System

The Cryptographic File System (CFS) is used in UNIX/Linux systems. CFS employs DES, 3DES, and other encryption techniques. It is used on entire file systems or on specific directory trees within a file system. It can also be employed for remote file access through the Network File System (NFS) used by UNIX/Linux systems.

Authentication Methods

Authentication is the process of verifying that a user is authorized to access a particular computer, server, or network managed by a directory service. It is like having someone check your passport or driver’s license to make sure you are who you say you are. Typically, authentication is associated with the logon process, when you provide a user account name and password.

Session Authentication

In network communications, the network protocol, such as TCP/IP, can use session authentication to ensure the accuracy of ongoing communications and the authenticity of the communications source. Session authentication works by giving each frame or packet an identification or sequence number. Session authentication can also encrypt the sequence number, to discourage attempts by an attacker or sniffer to put frames or packets together in an intelligible order, or to substitute their own frames or packets for the real ones.

Digital Certificates

A digital certificate is a set of unique identification information that is typically put at the end of a file, or that is associated with a computer communication. Its purpose is to show that the source of the file or communication is legitimate. When following the International Organization of Standards (ISO) X.509 format, a digital certificate includes the basic set of encrypted information listed on pages 109 and 110 of the text. The person or organization that issues the digital certificate is called the certificate authority. A certificate authority may be a trusted company, such as Verisign, which many people know as a company that provides credit card authentication services.

NT LAN Manager

NT LAN Manager (NTLM) is a logon authentication method recognized by versions of Microsoft Windows operating systems including Windows 3.11, Windows 95, Windows 98, Windows NT, Windows Me, Windows 2000, Windows XP, and Windows Server 2003. Today, it is primarily used for backward compatibility with earlier Windows operating systems. NTLM uses a combination of session authentication and challenge/response authentication. Challenge/response authentication both hashes an account’s password and uses a secret key.

|Quick Reference |Discuss the general steps involved in challenge/response authentication listed on pages 110 and |

| |111 of the text. |

Kerberos

Kerberos is an authentication method developed at MIT that employs private-key security and uses tickets that are exchanged between the client who requests logon access and network services and the server, application, or directory service that grants access. The newest version, Kerberos v5, is particularly used in modern Microsoft networks logon authentication. On a Microsoft network that does not use Active Directory, each standalone Windows 2000 or 2003 server can be designated as a Kerberos key distribution center, which means that the server stores user accounts and passwords

|Quick Reference |Discuss the options that are available for configuring Kerberos in Windows 2000 Server and Windows|

| |Server 2003 as shown in Figure 3-4 on page 112 of the text. |

Extensible Authentication Protocol

Extensible Authentication Protocol (EAP) is used on networks and in remote communications and can employ many encryption methods, such as DES, 3DES, public key encryption, smart cards (small circuit boards with built-in identification), and certificates. EAP can be used over LANs(a process called EAP over LAN (EAPOL)(and over remote networks. EAP generally works by providing an authentication communication between a computer and a server used to authenticate the computer’s access.

Secure Sockets Layer

Secure Sockets Layer (SSL) is a form of authentication that is service-independent, which means that it operates at the session layer in network communications so that it does not involve routing or checking reliability, but does involve initiating and maintaining the communications link. The quality of service-independence enables SSL to be used with many applications, including the following:

□ E-commerce ( HTTP ( HTTPS

□ FTP ( SMTP ( NNTP

SSL employs RSA using a public key and private key for asymmetrical encryption. It is an example of a handshaking protocol because it uses complementary signals between both communicating partners to negotiate and acknowledge the secure communications.

Transport Layer Security

Transport Layer Security (TLS) authentication is designed using SSL as a model and is supported by the IETF as an Internet standard for secure communications. TLS uses private-key symmetric data encryption and the TLS Handshake Protocol for secure communications.

Secure Shell

Secure Shell (SSH) was developed for UNIX/Linux systems to provide authentication security for TCP/IP applications such as FTP and Telnet. SSH is particularly suited to UNIX/Linux systems, including Mac OS X, because pipes can be used with applications for redirection through the command prompt. A pipe is an operator that redirects the output of one command to the input of another command.

Security Token

A security token is a physical device, often resembling a credit card or key fob, that is used for authentication. The security token is inserted into the computer, and it generates a password that can be displayed on an LCD on the security token.

|Quick Reference |Discuss the two advantages of using security tokens listed on page 116 of the text. |

IP Security

One of the best ways to secure communications on a network is to use IP Security (IPSec). IPSec goes to the source of the TCP/IP communications by securing IP in its network layer (or layer 3) communications, which are at the heart of IP. The network layer reads IP packet protocol address information and forwards each packet along the most expedient route for efficient communications.

IP Security (IPSEC), a set of IP-based secure communications and encryption standards created by the IETF, was developed to provide secure network communications. A computer that is configured to use IPSec communication can function in any of three roles (see Figure 3-6 on page 118):

□ Client ( Server ( Secure Server

IPSec security policies can be established through the IP Security Policies Management Snap-in so that specific security standards apply to only a local computer or to all computers that log on to a domain configured through Active Directory.

Two elements used by IPSec that enable security measures are the authentication header and the Encapsulating Security Payload (ESP). The purpose of the authentication header (AH) is to ensure the integrity of a data transmission and to ensure the authentication of a packet by enabling verification of its source. The specific fields in the AH are:

□ Next header ( Payload length

□ Reserved ( Security Parameter Index (SPI)

□ Sequence number ( Authentication Data

Data is encrypted in IPSec using the Encapsulating Security Payload (ESP).

|Quick Reference |Describe the various fields contained in the ESP as listed on pages 119 and 120 of the text. |

Attacks on Encryption and Authentication

Attackers have developed a range of methods to attempt to compromise encryption and authentication techniques. Some of these methods involve attempts to determine private keys. Table 3-4 on page120 of the text presents a summary of many common attack methods.

|Quick Reference |Discuss some basic guidelines for resisting attacks as illustrated on page 121 of the text. |

Discussion Questions

1) Discuss the different types of encryption method and how to implement them.

2) Discuss the importance of security token.

Additional Activities

1) Have students examine the different encryption method available and chart their differences.

2) Have students examine the different security methods and chart their differences.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download