SDSU CS 596: Client-Server Programming
Spring Semester, 1997
Doc 23, Security

To Lecture Notes Index
San Diego State University -- This page last updated Apr 3, 1997
----------

Security

Table of contents:
1. Security
2.   What to secure
3.   Types of security
4.   Types of attacks
5. Authentication
7.   Network Authentication
8.   Authentication methods: Basic
9.   Using security tokens, tickets, or cookies
10.     Practical security token issues
11.     Token issues (cont.)
12. Encryption
13.   Public/Private Key Encryption
14.   Public/Private Key Encryption Signatures
15. Kerberos
16.   Kerberos Summary
17. Common Security Problems
18.   Security through Obscurity
19.   Security in the Wrong Place
20.   "Back doors"
21. General Security Issues

Doc 23, Security, Slide #1

Security

What is security?

From Websterís College Dictionary:

security, n.

  1. the state or quality of being secure; freedom from fear or danger
  2. defense or protection
  3. something given to secure the fulfillment of a contract; pledge
  4. one who becomes surety for another
  5. pl. stock certificates or bonds

secure, adj.

  1. free from fear, worry
  2. free from danger; safe
  3. firm, stable, or dependable

Doc 23, Security, Slide #2

What to secure

Before we can talk about security related to computers and networks, we need to know what we are trying to secure:


Doc 23, Security, Slide #3

Types of security

Some different types:

Physical security:

Prevent access to physical devices (network, computers, etc.) with:

Software security:

Doc 23, Security, Slide #4

Types of attacks

Some common methods of "attacks":

Network sniffing is the gathering of information on a network not designated for you.

Ethernet is a broadcast network: All machines on a segment can see all traffic on that segment.

Some solutions:


Doc 23, Security, Slide #5

Authentication

Authentication is performed to ensure that a user or program has specific access to a resource or data.

Examples:

The authentication process normally relies on some sort of shared (between resource provider and resource seeker) secret or irreproducible attribute:


Doc 23, Security, Slide #7

Network Authentication

How is authentication over a network different?

Network packets can travel through many "unknown" (read untrusted) routers and computers.

What are the added risks?

Some issues:


Doc 23, Security, Slide #8

Authentication methods: Basic

Username and password

Protocols we have seen that use this:

Problems?

The more frequent the authentication information is sent over a network, the higher the chance that it will be sniffed.

However: smart network sniffers analyze network traffic over extended periods of time.


Doc 23, Security, Slide #9

Using security tokens, tickets, or cookies

 

Applications built on top of stateless protocols like HTTP will need to authenticate with every request.

A security token is given to a client by a server. The client can then use this token to uniquely identify itself to the server in the future.

The client only authenticates once and thereafter uses the cookie.

The authentication may involve "expensive" encryption.

Some requirements for security tokens:

Why?


Doc 23, Security, Slide #10

Practical security token issues

How can a server identify a client with a token?

Rely on a piece of information that is hard to change: IP address of the client

The server somehow needs to correlate the token with the address when the client uses it.

How can this be done?

Random string approach:


Doc 23, Security, Slide #11

Token issues (cont.)

One-way scrambling approach:

  1. Create a string that contains information about the client
  2. Use an algorithm like md5 or unix crypt to create a scrambled string

Weakness of this approach?

Why are these problems?


Doc 23, Security, Slide #12

Encryption

After a client has been authenticated, the traffic on a network can still be sniffed.

A solution is encryption of all traffic.

This can be done at any layer of the protocol stack

Two basic types of encryption:

Shared key encryption:

One key both encrypts and decrypts

Public/Private key encryption:

One key encrypts, another decrypts


Doc 23, Security, Slide #13

Public/Private Key Encryption

A public key is something that is well known, i.e. published.

A client can send authentication information by encrypting the info with the server's public key.

The server will then use its own private key to decrypt the information.

Advantages:


Doc 23, Security, Slide #14

Public/Private Key Encryption Signatures

The same encryption method can be used to authenticate a message:

A client encrypts information with its own private key.

The server will lookup the client's public key and decrypt the information.

Advantages:

This is a digital signature

A combination of the previous two methods allows for mutual authentication.


Doc 23, Security, Slide #15

Kerberos

Kerberos is an authentication and session encryption system.

Three levels of security:

The actual algorithms used are complicated.

Look in http://www.ov.com/misc/krb-faq.html for more information about the workings.


Doc 23, Security, Slide #16

Kerberos Summary

Kerberos uses a separate ticket granting server that gives a ticket to a user or application.

This ticket can then be used for any number of resources on the network.

If a client wants to talk to a server, both the client and the server will talk to the authentication server to establish that the client is authorized to use that particular server.

Advantages of kerberos:

Disadvantages:


Doc 23, Security, Slide #17

Common Security Problems

These are some of the things that have been tried. (Either knowingly or by accident)


Doc 23, Security, Slide #18

Security through Obscurity

This means that whatever security is in place is only difficult to break because the encryption/authentication methods are not obvious.

Some examples:

What's the problem?


Doc 23, Security, Slide #19

Security in the Wrong Place

Always think about what you're trying to accomplish with a security system.

Examples:

Authentication without Checking

A server that has an authentication and authorization should precede actions that require authentication.

Example:


Doc 23, Security, Slide #20

"Back doors"

Programmers have the tendency to add debug code to their servers to make testing easier.

This debug code may circumvent any security features of the server.

Famous example:


Doc 23, Security, Slide #21

General Security Issues

Points to keep in mind when dealing with security:

Some existing tools to look at:


----------