Statistics 540: Security issues

Homework:

Your first homework is to get logged onto gosset using a public/private key by 5:00 monday. Details are found in Homework 0.

Admistrivia

• HTML can be learned on the web
• Perl can be learned on the web in conjuction with Wall's book (I'll treate Wall's book as the text for the class).

Security

Security model

• Alice --> Bob. Eve is trying to listen in.
• Alice uses a cypher: e(b.pub,x) -> y. d(b,y) -> x.
  • A one way function is: if you know e,d.pub,k1, can not determine k2
  • Example: squareroots modulo the product of two large primes (called RSA)
  • Called public key/private key encryption
  • Everyone in the world knows e,d,b.pub, only Bob knows b
  • In RSA everyone knows pq. But only Bob knows the factors p and q.
• see B. Schneier, "Applied Cryptography, Second Edition", Wiley, 1996. for a deeper understanding of todays lecture

Theory of applications

1. Sending email to a friend. (x = message to send). send y = e(b.pub,x) to friend. They open it using d(b,y) to recover x. Unfortunately they have no idea who sent it to them.
2. sending a private an email so your friend can prove you wrote it. So send: e(b.pub,d(a,x)). They decrypt with d(a.pub,e(b(x)). No one else could send it. No one else can read it.
3. Signing a public announcement so everyone knows you wrote it. Publish x and y = e(a,x). Everyone can compute d(a.pub,y) and confirm it equals x. No one else could have generated y.
4. Verifing who you are on a protected chanel. Method: Alice send Bob a challenge of x. Bob computes y=d(b,x) and returns it to Alice. Alice confirms that e(b.pub,y) = x.
5. Virifying who you are on a public chanel. Combine method 2 and 4 above!
6. Thought exercise: Use above to generate a concept of electronic cash. It should be secure and anonymous.

Attacks

1. listening in
2. man in the middle attacks (reason for fingerprints in pgp/gpg)
3. trafic analysis (reason for email bounce points)
4. physical security (not really an issues)

   SSH

   • ssh authenticates users via cryptography
   • It is "easy" to use
   • setup
     • machines keep track of public key/private key pairs for each machine
     • users put public key on machine they want to login to
   • logging in
     • machines get connection with each other using previous keys to authenticate who the machine is. (this avoids man-in-the-middle) Question: which machines must have the public key?
     • system sends a chalange to user
     • user incrypts chalenge and returns it
     • system verify's chalenge and opens a channel for communication
     • user is logged in!
   • What one gets out of this.
     • Secure file movement (scp, sftp)
     • secure x windows graphics
     • can open up secure side channels (fancy stuff)
     • ease of use. (simple passwords are good enough)

   Does it work?

   • Users can undermine security.
   • Suppose user uses name of cat for pasword (blacky) to ssh. We are safe IF the machine they are comeing in from is totally secure. (based on public key/private key security.)
   • Suppose user has unsafe machine (one that allows password long ons) and uses "blacky" for password to unsafe machine AND secure machine. Now it is easy to break in.
   • But ssh doesn't leak passwords. So is ANY ssh machine safe with "blacky"? No, password attacks.
   • Moral: Keep 3 passwords of different levels of security. One should be "blacky" which you give to they NYTs. (For example, my public password is "india".) One should be private but insecure. Use it to log in to web sites that deal with money (something like perl45fuN) Finally one should be involitile and NEVER passed over an insecure channel.

   ---

   Last modified: Thu Sep 6 08:53:57 2001