CS 596 Client-Server Programming
Security

Contents of Security Lecture

1. Security
   1. What to secure
   2. Types of security
   3. Types of attacks
2. Authentication
   1. Network Authentication
   2. Authentication methods: Basic
   3. Using security tokens, tickets, or cookies
      1. Practicle security token issues
      2. Token issues (cont.)
3. Encryption
   1. Public/Private key encryption
   2. Public/Private key encryption signatures
4. Kerberos
   1. Kerberos summary
5. General security issues

Security

What is security?

From Webster's College Dictionary:

security, n.

1. the state or quality of being secure; freedom from fear or danger
2. defense or protection
3. something given to secure the fulfillment of a contract; pledge
4. one who becomes surety for another
5. pl. stock certificates or bonds

1. free from fear, worry
2. free from danger; safe
3. firm, stable, or dependable

What to secure

Before we can talk about security related to computers and networks, we need to know what we are trying to secure:

• Restricted data
• Computer access (resources)
• Algorithms
• etc.

Types of security

Some different types:

Physical security:

Prevent access to physical devices (network, computers, etc.) with:

• locks and keys
• security guards
• guard dogs
• etc.

Software security:

• Authentication
• Encryption
• Audit trail
• etc.

Types of attacks

Some common methods of "attack":

• Impersonation
• Sniffing
• Replay
• Denial of service

Network sniffing is the gathering of information on a network not designated for you.

Ethernet is a broadcast network: All machines on a segment can see all traffic on that segment.

Some solutions:

• Smaller segments
• "Smart" hubs (only send traffic designated for a particular host)

Authentication

Authentication is performed to ensure that a user or program has specific access to a resource or data.

Examples:

• Unix login procedure
• SDSU modem pool login
• ATM card and PIN
• Finger printing
• "Smart" card
• etc.

The authentication process normally relies on some sort of shared (between resource provider and resource seeker) secret or irreproducible attribute:

• Password
• Retinal image
• Finger print
• Algorithm in "Smart" card
• Physical location (IP address)

Network Authentication

How is authentication over a network different?

Network packets can travel through many "unknown" (read untrusted) routers and computers.

What are the added risks?

• Network sniffing
• Traffic logging
• etc.

Some issues:

• Passwords can be "sniffed" from the network
• Traffice patterns can be analyzed

Authentication methods: Basic

Username and password

Protocols we have seen that use this:

• POP
• FTP
• HTTP

Problems?

• POP clients check for new mail every once in a while, to do this, they log in. (Unless APOP is used...)
• HTTP requests are made everytime a page is requested. The username and password can be sent with every request.

The more frequent the authentication information is sent over the network, the higher the chance that it will be sniffed.

Using security tokens, tickets, or cookies

A security token is given to a client by a server. The client can then use this token to uniquely identify itself to the server in the future.

The APOP command was introduced to the POP3 protocol to prevent the frequent sending of username and passwords over the network.

The client only logs in once a day and gets a special token which it will use the rest of the day.

Some requirements for security tokens:

• Cannot be faked
• Need to expire after some time

Why?

Practicle security token issues

How can a server identify a client with a token?

Rely on a piece of information that is hard to change: IP address of the client.
The server somehow needs to correlate the token with the address when the client uses it.

How does a server create a token?

• A random string which identifies a client
• A one-way scrambled string with client information

Random string approach:

• Server needs to keep a database of tokens and the clients it belongs to.
• Server needs to manage timeouts of tokens.

Token issues (cont.)

One-way scambling approach:

• Create a string that contains information about the client
• Use something like md5 or unix crypt to create a scrambled string

Weakness of this approach?

Time-sharing machines can run multiple clients

Why is this a problem?

Encryption

After a client has been authenticated, the traffic on the network can still be sniffed.

A solution is encryption of all traffic.

This can be done at any layers of the protocol stack

Two basic types of encryption:

• Shared key encryption
• Public/Private key encryption

Shared key encryption:
One key both encrypts and decrypts

Public/Private key encryption:
One key encrypts, another decrypts

Public/Private key encryption

A public key is something that is well known, i.e. published.

A client can send authentication information by encrypting the info with the server's public key.

The server will then use its own private key to decrypt the information.

Advantages:

• The information the client sends to the server cannot be decrypted by anyone except the server
• If the information contains the username/password of the client, the server knows who it is talk with.

Public/Private key encryption signatures

The same encryption method can be used to authenticate a message:

A client encrypts information with its own private key.

The server will lookup the client's published public key and decrypt the information.

Advantages:

• The information can only be decrypted with the client's public key.
• If the public key distribution center can be trusted, the information is guaranteed to come from the client.

This is a digital signature.

A combination of the previous two methods allows for mutual authentication.

Kerberos

Kerberos is an authentication and session encryption system.

Three levels of security:

• One time authentication
• Safe messages (authentication of each message)
• Private messages (authentication and encryption of each message)

The actual algorithms used are complicated.
Look at

http://www.ov.com/misc/krb-faq.html

for more information about the workings.

Kerberos summary

Kerberos uses a separate ticket granting server that gives a ticket to a user or application.
This ticket can then be used for any number of resources on the network.

If a client wants to talk to a server, both the client and the server will talk to the authentication server to establish that the client is authorized.

Advantages of kerberos:

• Various levels of encryption
• Will prevent plain-text passwords from being sent over the network
• Can be used in what are considered "unsecure" environments

Disadvantages:

• Not all applications support kerberos
• Various versions of kerberos are incompatible

General security issues

Points to keep in mind when dealing with security:

• The security system is only as strong as its weakest link
• A flawed security system is worse that no security at all
• US government considers encryption algorithms munition; hence they cannot be exported
• It is always better to use several security systems together than only one.
• Security by obscurity doesn't work

Some existing tools to look at:

• PGP (Pretty Good Privacy)
• RCA
• Kerberos