Security is a broad topic and covers a multitude of sins. Most security problems are intentionally caused by malicious people trying to gain some benefit or harm someone.
Network security problems can be divided roughly into four intertwined areas: secrecy, authentication, non-repudiation, and integrity control. Secrecy has to do with keeping information out of the hands of unauthorized users. This is what usually comes to mind when people think about network security. Authentication deals with determining whom you are talking to before revealing sensitive information or entering into a business deal. Non-repudiation deals with signatures: how do you prove that your customer really placed an electronic order for ten million left-handed doohickeys at 89 cents each when he later claims the price was 69 cents? Finally, how can you be sure that a message you received was really the one sent and not something that a malicious adversary modified in transit or concocted? And all these issues (secrecy, authentication, non-
repudiation, and integrity control) occur in traditional system, too, but with some significant differences.
Before getting into the solutions themselves, it is worth spending a few moments considering where in the protocol stack network security belongs. There is probably no one single place. Every layer has something to contribute.
Until the advent of computers, one of the main constraints on cryptography had been the ability of the code clerk to perform the necessary transformations, often on a battlefield with little equipment. An additional constraint has been the difficulty in switching over quickly from one cryptographic method to another one, since this entails retraining a large number of people. However, the danger of a code clerk being captured by the enemy has made it essential to be able to change the cryptographic method instantly, if need be.
The messages to be encrypted, known as the plaintext are transformed by a function that is parameterized by a key. The output of the encryption process known as the ciphertext is then transmitted, often by messenger or radio. We assume that the enemy, or intruder, hears and accurately copies down the complete ciphertext. However, unlike the intended recipient, he does not know what the decryption key is and so cannot decrypt the ciphertext easily. Sometimes the intruder can not only listen to the communication channel (passive intruder) but can also record messages and play them back later, inject his own messages, or modify legitimate messages before they get to the receiver (active intruder). The art of breaking ciphers is called cryptanalysis. The art of devising ciphers (cryptography) and breaking then (cryptanalysis) is collectively known as cryptology.
The real secrecy is in the key, and its length is a major design issue. Consider a simple combination lock. The general principle is that you enter digits in sequence. Everyone knows this, but the key is secret. A key length is two digits means that there are 100 possibilities. A key length of three digits means 1000 possibilities, and a key length of six digits means a million. The longer the key, the higher the work factor the cryptanalyst has to deal with. The work factor for breaking the system by exhaustive search of the key space is exponential in the key length. Secrecy comes from having a strong (but public) algorithm and a long key. To prevent your kid brother from reading your email, 64-bit keys will do. To keep major governments at bay, keys of at least 256 bits are needed.
Although we will study many different cryptographic systems in the pages ahead, there are two principles underlying all of them that are important to understand.
The first principle is that all encrypted messages must contain some redundancy, that is, information not needed to understand the message. An exam may make it clear why this is needed. Consider a mail-order company, The Couch Potato (TCP), with 60000 products. Thinking they are being very efficient, TCP's programmers decide that ordering messages should consist of a 16-byte customer name followed by a 3-byte data field (1 byte for the quantity and 2 bytes for the product number). The last 3 bytes are to be encrypted using a very long key known only by the customer and TCP.
At first this might seem secure, and in a sense it is because passive intruders cannot decrypt the messages. Unfortunately, it also has a fatal flaw that renders it useless. Suppose that a recently fired employee wants to punish TCP for firing her. Just before leaving, she takes (part of) the customer list with her. She works through the night writing a program to generate fictitious orders using real customer names. Since she does not have the list of keys, she just puts random numbers in the last 3 bytes, and sends hundreds of orders off to TCP.
When these messages arrive, TCP's computer uses the customer's name to locate the key and decrypt the message. Unfortunately for TCP, almost every 3-byte message is valid, so the computer begins printing out shipping instructions. While it might seem odd for a customer to order 137 sets of children's swings, or 240 sandboxes, for all the computer knows, the customer might be planning to open a chain of franchised playgrounds. In this way an active intruder (the ex-employee) can cause a massive amount of trouble, even though she cannot understand the messages her computer is generating.
This problem can be solved by adding redundancy to all messages. However, adding redundancy also makes it much easier for cryptanalysts to break messages.
Thus cryptographic principle number one is that all messages must contain redundancy to prevent active intruders from tricking the receiver into acting on a false message. However, the same redundancy makes it much easier for passive intruders to break the system, so there is some tension here. Furthermore, the redundancy should never be in the form of n zeros at the start or end of a message, since running such messages through some cryptographic algorithms gives more predictable results, making the cryptanalysts' job easier. A random string of English words would be a much better choice for the redundancy.
The second cryptographic principle is that some measures must be taken to prevent active intruders from playing back old messages. If no such measures were taken, our ex-employee could tap TCP's phone line and just keep repeating previously sent valid messages.
Modem cryptography uses the same basic ideas as traditional cryptography, transposition and substitution, but its emphasis is different. Traditionally, cryptographers have used simple algorithms and relied on very long keys for their security. Nowadays the reverse is true: the object is to make the encryption algorithm so complex and involuted that even if the cryptanalyst acquires vast mounds of enciphered text of his own choosing, he will not be able to make any sense of it at all. Transpositions and substitutions can be implemented with simple circuits.
(1)DES.
In January 1977, the U.S. government adopted a product cipher developed by IBM as its official standard for unclassified information. This cipher, DES (Data Encryption Standard), was widely adopted by the industry for use in security products. It is no longer secure in its original form, but in a modified form it is still useful.
(2)IDEA.
IDEA (International Data Encryption Algorithm) was designed by two researchers in Switzerland. It uses a 128-bit key, which will make it immune to brute force, and also to withstand differential cryptanalysis. No currently known technique or machine is thought to be able to break IDEA.
Historically the key distribution problem has always been the weak link in most cryptosy-
stems. No matter how strong a cryptosystem was, if an intruder could steal the key, the system was worthless. Since all cryptologists always took for granted that the encryption key and decryption key were the same (or easily derived from one another) and the key had to be distributed to all users of the system, it seemed as if there was an inherent built-in problem: keys had to protected from theft, but they also had to be distributed so they could not just be locked up in a bank vault.
Public-key cryptography requires each user to have two keys: a public key, used by the entire world for encrypting messages to be sent to that user, and a private key, which the user needs for decrypting messages. We will consistently refer to these keys as the public and private keys, respectively, and distinguish them from the secret keys used for both encryption and decryption in conventional (also called symmetric key) cryptography.
Although the RSA algorithm known by the initials of the three discovers (Rivest, Shamir, Ademan) is widely used, which method is based on some principles from number theory, it is by no means the only public-key algorithm known. The first public-key algorithm was the knapsack algorithm (Merkle and Hellman, 1978). Other public-key schemes are based on the difficulty of computing discrete logarithms (Rabin, 1979). Algorithms that use this principle have been invented by E1 Gamal (1985) and Schnorr (1991). A few other schemes exist, such as those based on elliptic curves (Menezes and Vanstone, 1993), but the three major categories are those based on the difficulty of factoring large numbers, computing discrete logarithms, and determining the contents of a knapsack from its weight. These problems are thought to be genuinely difficult to solve because mathematicians have been working on them for many years without any great breakthroughs.
Authentication is the technique by which a process verifies that its communication partner is who it is supposed to be and not an imposter. Verifying the identity of a remote process in the face of a malicious, active intruder is surprisingly difficult and requires complex protocols based on cryptography. In this section, we will study some of the many authentication protocols that are used on insecure computer networks.
As an aside, some people confuse authorization with authentication. Authentication deals with the question of whether or not you are actually communicating with a specific process. Authorization is concerned with what that process is permitted to do. For example, a client process contacts a file server and says, “I am Scott's process and I want to delete the file cookbook.old.” From the file server's point of view, two questions must be answered:
· Is this actually Scott's process (authentication)?
· Is Scott allowed to delete the file cookbook.old (authorization)?
Only after both questions have been unambiguously answered in the affirmative can the requested action take place. The former question is really the key one. Once the file server knows whom it is talking to, checking authorization is just a matter of looking up entries in local tables.
The authenticity of many legal, financial, and other documents is determined by the presenceor absence of an authorized handwritten signature. And photocopies do not count. For computerized message systems to replace the physical transport of paper and ink documents, a solution must be found to these problems.
One approach to digital signatures called secret-key signatures is to have a central authority that knows everything and whom everyone trusts, says Big Brother (BB). Each user then chooses a secret key and carries it by band to BB's office. Thus only Alice and BB know Alice's secret, KA, and so on.
A structural problem with using secret-key cryptography for digital signatures is that everyone has to agree to trust Big Brother. Furthermore, Big Brother gets to read all signed messages. The most logical candidates for running the Big Brother server are the governments, the banks, or the lawyers. These organizations do not inspire total confidence in all citizens. Hence it would be nice if signing documents did not require a trusted authority. Fortunately, public-key cryptography can make an important contribution here. It is public-key signatures.
There are also some social issues, such as the implication of network security for individual privacy and society in general, patents. And network security is politicized to an extent few other technical issues are, and rightly so, since it relates to the difference between a democracy and a police state in the digital era.
|
network security |
网络安全 |
|
authentication |
鉴别 |
|
non-repudiation |
反拒认 |
|
Integrity control |
完整性控制 |
|
plaintext |
明文 |
|
key |
密钥 |
|
ciphertext |
密文 |
|
cryptanalysis |
密码分析 |
|
intruder |
入侵者 |
|
work factor |
工作因子 |
|
redundancy |
冗余 |
|
IDEA (International Data Encryption Algorithm) |
国际数据加密算法 |
|
DES (Data Encryption Standard) |
数据加密标准 |
|
public-key algorithms |
公开密钥算法 |
|
the RSA algorithm |
RSA算法 |
|
symmetric key |
对称密钥 |
|
the knapsack algorithms |
背包算法 |
|
file server |
文件服务器 |
|
secret-key signatures |
采用秘密密钥的数字签名 |
|
public-key signatures |
采用公开密钥的数字签名 |
|
digital era |
数字时代 |
(1)hacker(黑客)。源于英语hack,原意是“劈砍”。黑客是一些计算机编程高手,能够发现系统的安全漏洞。
(2)network security(网络安全)。在分布式计算环境中,对信息的传输、存储、访问提供安全保护,以防止信息被窃取、篡改和非法操作。
(3)secrecy(保密)。保密就是保护信息不泄露或不暴露给那些未授权掌握这一信息的实体(例如人或组织)。
(4)authentication(鉴别)。由于网络电子商务交易系统的特殊性,企业或个人的交易通常都是在虚拟的网络环境中进行,因此对个人或企业实体进行身份性确认成了电子商务中很重要的一环。
(5)non-repudiation(反拒认)。即保证信息的发送方不能否认自己所发出的信息。
(6)plaintext(明文)。需要加密的报文。
(7)key(密钥)。用于加密和解密的钥匙,称为密钥。
(8)ciphertext(密文)。加密以后形成的报文。
(9)cryptanalysis(密码分析)。在不知道密码系统的密钥的情况下,将密文转变成明文的步骤和操作(过程)。
(10)cryptology(密码学)。密码学是以研究数据保密为目的,对存储或传输的信息进行秘密的交换以防止第三者对信息的窃取。
(11)cryptographic principle(加密原则)。加密就是把数据信息(即明文)转换为不可辨识的形式(即密文)的过程。目的是使不该了解该数据信息的人不能够知道和识别。
(12)DES(Data Encryption Standard,数据加密标准)。这种算法被美国国家标准局于1977年1月5日正式确定为美国的统一数据加密标准。
(13)RSA algorithm(RSA算法)。RSA算法是基于大素数分解的困难性而开发的算法。
(14)symmetric key(对称密钥)。传统加密方法的共同特点是采用单钥技术,即在加密和解密过程中使用同一密钥,所以它也称为对称式加密方法;该密钥也称为对称密钥。
(15)digital signatures(数字签名)。数字签名主要用来识别信息来源,它本身不具备对信息加密的功能。
(16)public-key signatures(采用公开密钥的数字签名)。目前,通用的办法是采用建立在PKI(公钥基础设施)基础之上的数字证书,通过把要传输的数字信息进行加密和签名,保证信息传输的机密性、真实性、完整性和不可否认性,从而保证信息的安全传输。
1. Fill in the following blanks.
(1)The real secrecy is in the , and its length is a major design issue.
(2)All encrypted messages must contain some .
(3)Public-key cryptography requires each user to have two keys: a key, and a
key.
(4)Network security problems can be divided roughly into four intertwined areas: secrecy,
, non-repudiation, and integrity control.
2. Translate the following words into Chinese.
(1)network security
(2)authentication
(3)plaintext
(4)ciphertext
(5)algorithm
3. Write out the full text of the following abbreviations in English.
(1)IDEA
(2)DES
COMPUTER SECURITY
Hardware, software, and data are the major asset of computer systems, and computer security concerns with them. If there is malicious destruction of a hardware device, erasure of a program or data file, or failure of an operating system file manager, it cannot find a particular disk file. In addition, an interception—some unauthorized party can find an asset by the way of interception. There are eliciting copying of program or data files, or wiretapping to obtain data in a network. While a loss may be discovered fairly quickly, a silent interceptor may leave no traces by which the interception can be readily detected. An unauthorized party not only accesses but also tampers with an asset. Someone might modify the values in a database, alter a program so that it performs an additional computation, or modify data being transmitted electronically. It is even possible for hardware to be modified. Some cases of modification can be detected with simple measures, while other more subtle changes may be almost impossible to detect. The intruder may wish to add spurious transactions to a network communication system, or add records to an existing database. This is fabrication of an unauthorized party.
Most computer facilities have some sort of security system. These facilities have means of confirming the identities of persons who want to use the system, so that unauthorized user do not gain access. Usually, authorized users are issued special cards, keys, passwords, or account numbers. It is essential that security measures protect all operating system. Unscrupulous individuals have found ways to circumvent the system to print out a list of user passwords, and give themselves access rights; they are not officially assigned, and spread viruses.
Computer viruses are bits of code that damage or erase information, files, or software programs in your computer. A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Much like viruses that infect humans, computer viruses can spread. Your computer can catch a virus when you download an infected file from the Internet or copy an infected file from a diskette. Once the virus is embedded into your computer's files, it can immediately start to damage or destroy information, or it can wait for a particular date or even to trigger its activity.
Some viruses consist of the infected files that attach themselves to ordinary program files. These usually infect arbitrary .COM and/or .EXE programs, though some can infect any program for which execution is requested, such as .SYS, .OVL, .PRG, .MNU files. The other viruses are system or boot-record injectors: these viruses, which infect executable code, are found in certain system areas on disks that are not ordinary files.
SPECIFIC THREATS TO E-COMMERCE
High on the list of specific threats to E-commerce is the possibility that your network might be penetrated. Your network is subjected to Internet attacks by cyber terrorists, electronic espionage agents, or simply your local neighborhood hacker. Your network could also be compromised through a trading partner's network. Modem attacks are also high on my list of threats to E-commerce. While you may have a strong firewall to protect your E-commerce environment from Internet attacks, poorly secured modems present a serious threat because they bypass the firewall and may provide hackers with complete access to your internal network.
Poor authentication procedures are the next on the list of threats. Account names and passwordsare still the primary authentication technique. I believe that password protected access is past its useful life, thanks to password crackers and fast processors. As much as I pontificate on this issue, I still find that auditors and security professionals are continually sentenced to never-ending meetings on how long a password should be and the composition of the password. I have seen people argue for several days over whether a password should be five or six characters long. The composition of the password is also debated. Should passwords contain alphabetic characters, numeric characters, or special characters? After many meetings and much discussion, the conclusion is usually that users are not smart enough to select and remember complex passwords. The issue is then put back on the shelf for another two years, then it is debated again, and nauseous.
The technique I like to use to end the debate is to simply load a password file into a password cracker and demonstrate how long it takes to crack. On a 3.2 GHz notebook computer, any eight-character, alphabetic-only password cracks in 32 minutes. Change the composition to alphanumeric (letters and numbers), and every password will crack in less than four hours. Add in the most common special characters and all passwords will crack in just under two days. Select an even more complex password that contains alphanumeric characters and some of the less common special characters, and all of the passwords will crack in 17 days.
How good is a password policy that says you have to change your password every 90 days (which is very common), if the most complex password can be cracked in 17 days? Obviously, it is time to end the debate on the composition, length, and retention period of passwords. Instead, let's start the process of encouraging the use of security tokens (such as Secure ID), digital certificates, or biometrics (such as iris scanning or fingerprint recognition). Prices for these technologies are dropping.
Next in line after authentication techniques, unauthorized access by an authorized individual is a serious risk. As old as I am getting, I am still amazed at the number of people who have administrator access to servers. They all need it, or so they claim. On some of our audits, we have found over 10 administrator accounts on a single server without a password or with a password equal to the account name. We have only had two clients where we found that administrator accounts were properly restricted and had complex passwords.
The next risk is the cessation of normal operations due to Denial of Service (DoS) attack. These can be external attacks on the e-commerce site or internal DoS attack performed by disgruntled employees or contractors. Proper installation and configuration of firewalls, good fail over techniques, and strong computer incident response and resolutions procedures can greatly reduce the impact of a DoS attack.
Another serious risk is the risk of viruses, time bombs, and Trojan horses (more on these in a minute). It seems every couple of months a new virus is released and rapidly wreaks havoc on servers and workstations around the world. Whether it is the “nimda”, the “I love you” virus, or a new one, the more common viruses will undoubtedly affect those who do not keep their anti-virus software and virus signatures current. Therefore, ensure that all servers and workstations are properly protected.
A Trojan horse program is another related issue. This is a program that is placed directly on your computer by a hacker, cyber terrorist, or disgruntled employee. It can perform many functions including opening a back door so the perpetrator can access your computer, data, and files anytime they want. It could also make random or intentional changes to files or databases. A popular Trojan horse is NetBus (port 12345 or port 20024). Once NetBus is placed on your machine, anyone who is familiar with the NetBus back door can scan for it using SuperScan (a free tool). If port 12345 or port 20024 is open, then the Trojan may be on the machine. The perpetrator then attempts to log in. If it works, the Trojan was present on the machine. If it does not work, then some other service, such as a printer service, is using the NetBus port.
Software failure is also a major risk. I divide software failures into two types. The first is system software failure. Occasionally the operating system or related system software fails. This can be a one-time failure, which is quickly fixed by rebooting the machine. It could be an intermittent problem. It may be caused by a certain feature or function in the application or a component of the system software creating a situation that causes the system software to fail. The last is a flaw in the operating system that can be exploited. Hackers are always looking for bugs in operating systems. When they find one, they figure out how to take advantage of the flaw, or exploit it (hence the name Exploit). The best way to prevent system software failures is to keep up on vendor patches. (A patch is a vendor-specified software change to correct a program flaw or security vulnerability.) Also, you should check with the CERT Coordination Center, a facility of the Carnegie Mellon University Software Engineering Institute. Bugtraq is another good service to help keep up with issues that need to be corrected. You also should check the operating system or hardware vendor web site on a weekly basis to identify any new security issues and how to correct them.
The second type of software failure is application failure. This can be caused by poor program change control, as when an application or a program is modified and moved into production without proper testing. An unusual transaction or combination of transactions can also cause application failure. The general rule for avoiding these issues is to have strong program change management and rigorous testing before moving new releases into production. Also, try to restrict changes to authorized releases. Occasionally, someone will request a simple change such as the positioning of data on a particular screen or report. The change appears simple, however, the programmer may make an error or the change may cause the program to bypass a critical control. By gathering these changes up into a single release, they can be made all at once and properly tested.
Hardware failure can also cause e-commerce outages. Here the solution is hardware redundancy and a strong preventive maintenance program. I have one client in the Middle East that truly believes in preventing failure. They have multiple ISPs and firewalls as well as four fail over servers, two at a remote location. They are very well prepared to mitigate or completely avoid hardware outages.
One factor that can occur even with the best hardware configuration is poor vendor maintenance. While vendor technicians are normally well trained, they can make mistakes. When they do, they can cause prolonged outages. To reduce the risk of technician-induced failure, ensure that your trouble reporting system is used to track the quality of the vendor technicians. While most of our clients do track the time it takes for a technician to respond, they do not track the name of the technician, the length of time needed to make the repair, and the length of time between failures. Sometimes a poorly trained technician records that the problem has been corrected when it has not. This results in another service call.
Human error can also cause e-commerce outages. Simply tripping over a wire can cause an outage. Make sure that your facility is safe and the equipment is protected to avoid these unnecessary outages.
Network or ISP failure can also cause serious outages. In addition to normal redundancy for network and circuit equipment, you need to ensure that you are protected from carrier outages. This includes taking such measures as using several carriers and routing circuits through multiple central offices.
The last item that can cause a major outage is sabotage. Sometimes hackers, employees, or competitors may attempt to disrupt, alter, or destroy your e-commerce site. The best prevention is to ensure that your site is secure. E-commerce vulnerability testing should be performed on a regular basis (at least monthly for critical sites). In addition, vendor patches should be installed on a timely basis and your e-commerce site should be physically secure.
As you can see, they are many things that can affect the performance and survivability of your e-commerce site. Much can go wrong. It is imperative that strong controls be in place to ensure that your site is both physically and logically secure.