CS 596: Client-Server Programming
Spring Semester, 1997
Doc 23, Security

Security

Doc 23, Security, Slide #1

Security

What is security?

From Websterís College Dictionary:

security, n.

1. the state or quality of being secure; freedom from fear or danger
2. defense or protection
3. something given to secure the fulfillment of a contract; pledge
4. one who becomes surety for another
5. pl. stock certificates or bonds

secure, adj.

1. free from fear, worry
2. free from danger; safe
3. firm, stable, or dependable

Doc 23, Security, Slide #2

What to secure

Before we can talk about security related to computers and networks, we need to know what we are trying to secure:

• Restricted data
• Computer access (resources)
• Algorithms
• Etc.

Doc 23, Security, Slide #3

Types of security

Some different types:

Prevent access to physical devices (network, computers, etc.) with:

• locks and keys
• security guard
• guard dogs
• alarm system
• etc.

• Authentication
• Encryption
• Audit trail
• Etc.

Doc 23, Security, Slide #4

Types of attacks

Some common methods of "attacks":

• Impersonation
• Sniffing
• Replay
• Denial of service

Network sniffing is the gathering of information on a network not designated for you.

Ethernet is a broadcast network: All machines on a segment can see all traffic on that segment.

Some solutions:

• Smaller segments
• "Smart" hubs (only send traffic designated for a particular host)

Doc 23, Security, Slide #5

Authentication

Authentication is performed to ensure that a user or program has specific access to a resource or data.

Examples:

• Unix login procedure
• SDSU modem pool login
• ATM card and PIN
• Finger printing
• "Smart" card
• etc.

The authentication process normally relies on some sort of shared (between resource provider and resource seeker) secret or irreproducible attribute:

• Password
• Retinal image
• Finger print
• Algorithm and key in "Smart" card
• Physical location (IP address)

Doc 23, Security, Slide #7

Network Authentication

How is authentication over a network different?

Network packets can travel through many "unknown" (read untrusted) routers and computers.

What are the added risks?

• Network sniffing
• Traffic logging
• Etc.

Some issues:

• Passwords can be "sniffed" from the network
• Traffic patterns can be analyzed

Doc 23, Security, Slide #8

Authentication methods: Basic

Protocols we have seen that use this:

• POP
• HTTP

Problems?

• POP clients check for new mail every once in a while. To do this, they log in (Unless APOP is usedÖ)
• HTTP requests are made every time a page is requested. Once a username and password have been requested, it is send with every request to that server

The more frequent the authentication information is sent over a network, the higher the chance that it will be sniffed.

However: smart network sniffers analyze network traffic over extended periods of time.

Doc 23, Security, Slide #9

Using security tokens, tickets, or cookies

Applications built on top of stateless protocols like HTTP will need to authenticate with every request.

A security token is given to a client by a server. The client can then use this token to uniquely identify itself to the server in the future.

The client only authenticates once and thereafter uses the cookie.

The authentication may involve "expensive" encryption.

Some requirements for security tokens:

• Cannot be faked
• Need to expire after some time

Why?

Doc 23, Security, Slide #10

Practical security token issues

How can a server identify a client with a token?

Rely on a piece of information that is hard to change: IP address of the client

The server somehow needs to correlate the token with the address when the client uses it.

How can this be done?

• A random string which identifies the client
• A one-way scrambled string with client information

Random string approach:

• Server needs to keep a database that maps the tokens to the real client information
• Server needs to manage timeouts of tokens.

Doc 23, Security, Slide #11

Token issues (cont.)

One-way scrambling approach:

1. Create a string that contains information about the client
2. Use an algorithm like md5 or unix crypt to create a scrambled string

Weakness of this approach?

• Time-sharing systems can run multiple clients
• Proxy servers

Why are these problems?

Doc 23, Security, Slide #12

Encryption

After a client has been authenticated, the traffic on a network can still be sniffed.

A solution is encryption of all traffic.

This can be done at any layer of the protocol stack

Two basic types of encryption:

• Shared key encryption
• Public/Private key encryption

Shared key encryption:

One key both encrypts and decrypts

Public/Private key encryption:

One key encrypts, another decrypts

Doc 23, Security, Slide #13

Public/Private Key Encryption

A public key is something that is well known, i.e. published.

A client can send authentication information by encrypting the info with the server's public key.

The server will then use its own private key to decrypt the information.

Advantages:

• The information the client sends to the server cannot be decrypted by anyone except the server
• If the information contains the username/password of the client, the server knows who it is talking with.

Doc 23, Security, Slide #14

Public/Private Key Encryption Signatures

The same encryption method can be used to authenticate a message:

A client encrypts information with its own private key.

The server will lookup the client's public key and decrypt the information.

Advantages:

• The information can only be decrypted with the client's public key.
• If the public key distribution center can be trusted, the information is guaranteed to come from the client.

This is a digital signature

A combination of the previous two methods allows for mutual authentication.

Doc 23, Security, Slide #15

Kerberos

Kerberos is an authentication and session encryption system.

Three levels of security:

• One time authentication
• Safe messages (authentication of each message)
• Private messages (authentication and encryption of each message)

The actual algorithms used are complicated.

Look in http://www.ov.com/misc/krb-faq.html for more information about the workings.

Doc 23, Security, Slide #16

Kerberos Summary

Kerberos uses a separate ticket granting server that gives a ticket to a user or application.

This ticket can then be used for any number of resources on the network.

If a client wants to talk to a server, both the client and the server will talk to the authentication server to establish that the client is authorized to use that particular server.

Advantages of kerberos:

• Various levels of encryption
• Will prevent plain-text passwords from being sent over the network
• Can be used in what are considered "unsecure" environments

Disadvantages:

• Not all applications support kerberos
• Various versions of kerberos are incompatible

Doc 23, Security, Slide #17

Common Security Problems

These are some of the things that have been tried. (Either knowingly or by accident)

• Security by Obscurity
• Security in the wrong place
• Authentication without checking
• "Back doors"

Doc 23, Security, Slide #18

Security through Obscurity

This means that whatever security is in place is only difficult to break because the encryption/authentication methods are not obvious.

Some examples:

• Reverse the byte order of a message
• Swap bytes in some "secret" way
• Add garbage to data (my favorite!)
• Use some "secret" algorithm

What's the problem?

Doc 23, Security, Slide #19

Security in the Wrong Place

Always think about what you're trying to accomplish with a security system.

Examples:

• Client performs authentication locally

Authentication without Checking

A server that has an authentication and authorization should precede actions that require authentication.

Example:

• POP server without the different states

Doc 23, Security, Slide #20

"Back doors"

Programmers have the tendency to add debug code to their servers to make testing easier.

This debug code may circumvent any security features of the server.

Famous example:

• sendmail used to have a "WIZARD" command that gave full privileges to the user. (Including the ability to start a root shell.) The default distribution had this command enabled. The "internet worm" used this to attack machines throughout the internet.

Doc 23, Security, Slide #21

General Security Issues

Points to keep in mind when dealing with security:

• The security system is only as strong as its weakest link
• A flawed security system is worse than no security at all
• US government considers encryption algorithms munitions; hence they cannot be exported without consent of the government
• It is always better to use several security systems together than only one.
• Security by obscurity really doesn't work

Some existing tools to look at:

• PGP (Pretty Good Privacy)
• RCA
• Kerberos
• SSL (Secure Socket Layer)