Information Security and Authenticity on Public Networks

Solutions to some problems raised by conducting private conversations in public places.



Chip Rosenthal
Unicom Systems Development
<chip@unicom.com>
28 Mar 2001









Outline

  • Cryptography
    • Symmetric Cryptography
    • Public Key Cryptography
    • Functions of Cryptography
  • Related Technologies
    • Digital Signatures
    • Digital Certificates
  • Example Systems
    • Virtual Private Network (VPN)
    • Transport Layer Security (TLS)
    • Applet Signing








Symmetric Cryptography









Symmetric Cryptography (continued)

  • Same key used for encryption and decryption.

  • Some qualities of a good cipher:
    • Algorithm robust -- secrecy is not a virtue.
    • Strength is in the key -- increases exponentially with key length.

  • Some sample symmetric ciphers:
    • Export-grade RC4 (40 bits)
    • DES (56 bits)
    • Domestic-grade RC4 (128 bits)
    • IDEA (128 bits)









Public Key Cryptography









Public Key Cryptography (continued)

  • Keys generated in a pair.

  • Either may be used to encrypt; the other to decrypt.

  • One is made public, the other kept secret.

  • Allows people who have never met to communicate securely.









Functions of Cryptography

  • Confidentiality - prevent unwanted disclosure of information.

  • Authentication - the recipient can ascertain the origin of information.

  • Integrity - the recipient can verify the information was not modified in transit.

  • Nonrepudiation - the sender cannot falsly denie transmitting the information.









Related Technologies

  • A digital signature is a code that uniquely represents a document, generated by a one-way hash function.

  • A digital certificate is a public key signed by a trusted third-party called a certificate authority.









Virtual Private Networks (VPN)

  • A Virtual Private Network is a network whose nodes are connected by public networks, but the paths are secured by encryption.

  • The secured path of a VPN often is called a tunnel.

  • Implemented in the router.

  • Example implementations:
    • L2TP - Layer Two Tunelling Protocol
    • PPTP - Point-to-Point Tunelling Protocol (Microsoft)
    • L2F - Layer Two Forwarding (Cisco)








Transport Layer Security (TLS)

  • Successor to Secure Sockets Layer (SSL), developed by Netscape.

  • Resides between the application layer (e.g. HTTP) and transport layer.

  • On the web, represented by https scheme.

  • Provides three functions:
    • Authenticate the server - using certificates.
    • Authenticate the client - using certificates.
    • Provide data confidentiality - using cryptography.









TLS Examples









Applet Signing

  • An applet is a program designed to be executed within another application.

  • Applets often are downloaded across the net.

  • Two models of applet security:
    • Sun Java - run in a sandbox.
    • Microsoft Active X - digital signatures.

  • Recent incident illustrates vulnerability of Microsoft approach. [http://news.cnet.com/news/0-1003-200-5222484.html]










Valid HTML 4.01!
Chip Rosenthal
<chip@unicom.com>

BACK: Paperware Archive | Unicom Systems

$Id: pubnetinfosec.xml,v 1.1 2001/03/28 21:38:45 chip Exp $