About Cryptosmith

Cryptosmith

This web site belongs to Dr. Rick Smith, whose experiences include software development, systems engineering, security, and scholarship. Dr. Smith is a writer, information security consultant, and occasional teacher. He has taught at the University of St. Thomas in St. Paul, Minnesota, the University of Minnesota, and Boston University.

Contact information is available on a separate page, or you may download a vcard.

Topics covered on this web site are strongly influenced by Dr. Smith's experiences with large scale information security problems, with the information security challenges of the defense community, and with the materials addressed in his books: Elementary Information Security (Jones and Bartlett, 2011), Internet Cryptography (Addison-Wesley, 1997) and Authentication: From Passwords to Public Keys (Addison-Wesley, 2002).

Contact Me

Richard Smith
Cryptosmith LLC

rick@cryptosmith.com

1807 Market Blvd, #111
Hastings, MN 55033-3492
USA

+1 651-300-2044
 
GPG/PGP Public key certificate - to contact me privately via encrypted email. 
Taxonomy upgrade extras: 

Cryptosmith Institute

Cryptosmith Institute is a private career institute whose curriculum has been endorsed by the Committee for National Security Systems (CNSS).

The Institute was originally called "Elementary Information Security" after my textbook's title.

Consulting

I am available for consulting to private and educational organizations, government contractors, and government agencies. Click here for contact information.

Here are examples of consulting activities I have performed over the years.

Legal consulting

A law firm requires a technical expert in security technology. This most often occurs in patent cases. I help the attorneys understand the technical issues and develop explanations for the judge or jury. I also draw on my 30 years of experience in computing to locate documents addressing key elements of the dispute.

Security design, analysis, and related trade studies

The client has certain security and program requirements and must determine which alternative best meets those requirements. For example, the designers are using cryptographic mechanisms and need an independent review, or they need to incorporate cross-domain or multilevel features into a new system design. Or, an organization is building a device that requires a third-party security evaluation. I provide the needed analysis, recommendations, or tutorial. I will also draft evaluation documents if needed.

Training

The client has a team that needs to be brought "up to speed" on a particular set of security concepts or technologies. Typically the result is a seminar based on PowerPoint slides, though this is not what I usually do in my undergraduate college classes.

Courseware Certification

A school, publisher, or other educational concern seeks certification under the NSA's Information Awareness Courseware Evaluation (IACE) program. Having successfully completed such a certification, as well as having worked on other NSA-related certifications, I can provide help in understanding the process and in developing a submission for certification. If the institution's existing courses don't cover all required topics, I can help develop training materials to cover the missing topics.

Defense Related Work

I have extensive experience with multilevel security, cross domain systems, and cryptographic systems designed to US government specifications.

Work Outputs

Here are typical outputs of my work:

Reports - I prefer to produce written reports, since it is the clearest way to present the conclusions and supporting data for a complex study.

Presentation Slides (PowerPoint) - When necessary or appropriate, I produce PowerPoint slides. This happens most often when developing training or proposal-related materials.

Document Archive - If the work involves extensive Internet research, I will usually try to save copies of significant source materials. These will be placed on a CD-ROM or DVD-ROM for the customer, if desired.

Workshops and Technical Meetings - Some people can absorb the information from a document, and some from a presentation, but others absorb it best when there's a give-and-take between writer and reader. Technical meetings give the client's technical experts a chance to talk over the concepts, evidence, and conclusions. This often gives them the most benefits from the work I have done.

Certifications

I hold a CISSP: Certified Information System Security Professional.

I hold the companion certifications in Security Architecture and Security Engineering; the latter is the NSA-sponsored certification that reflects familiarity with defense-related information security concerns.

My textbook, Elementary Information Security, has been certified to comply fully with the U.S. government training standard for information security professionals (NSTISSI 4011) established by the Committee on National Security Systems. 

ISSAP Logo CISSP Logo ISSEP Logo

View Rick Smith's profile on LinkedIn

Taxonomy upgrade extras: 

Publications

Elementary Information Security Authentication Internet Cryptography

I have published three books: Elementary Information Security, appearing in the summer of 2011, Authentication: From Passwords to Public Keys (2002), and Internet Cryptography (1997). I have also published numerous articles and papers, and given lots of lectures. Course materials are posted at the schools where I maintain faculty status.

Taxonomy upgrade extras: 

Elementary Information Security

Elementary Infosec cover

Jones & Bartlett Learning, November, 2011.

CNSS LogoThe only textbook verified by the US Government to conform fully to the Committee on National
Security Systems' national training standard for information security professionals (NSTISSI 4011)

ISBN-10: 0763761419

This comprehensive, accessible Information Security text is ideal for the one-term, undergraduate college course. The text integrates risk assessment and security policy throughout the text, since security systems work best at achieving goals they are designed to meet, and security policy ties real-world goals to security mechanisms. Early chapters in the text discuss individual computers and small LANS, while later chapters deal with distributed site security and the Internet. Cryptographic topics follow the same progression, starting on a single computer and evolving to Internet-level connectivity. Mathematical concepts throughout the text are defined and tutorials with mathematical tools are provided to ensure students grasp the information at hand.

Authentication

From Passwords to Public Keys

Authentication - smaller cover

ISBN 0-201-61599-1, Addison Wesley, 2002.

Authentication provides a thorough examination of authentication concepts and techniques, from the password systems introduced in the 1960s to the public key systems of today. Each technique is described through diagrams and examples, covering both how they work and how attackers might defeat them. This provides readers with the essential understanding they need to choose the best techniques for their particular situation.

About Authentication

This book examines computer-based authentication systems: what works, what doesn't work, and why. It examines good and bad ways to use passwords, and examines the strengths and weaknesses of the alternatives. Like Internet Cryptography, this book explains and illustrates the different techniques by looking and how attackers try to subvert them, often successfully.

Topics Covered

  • Reusable passwords
  • Biometrics
  • One-time password technology
  • Practical aspects of picking PINs and passwords, and of managing them
  • Multi-factor authentication (cards+biometrics+PINs, etc.)
  • RADIUS, Windows NT LAN Manager Kerberos, Windows 2000
  • Fundamentals of public key authentication
  • Public key certificates
  • Handling public key pairs with smart cards, Novell NetWare, Lotus Notes, etc.

Distinctive Themes and Issues

  • Choose the right authentication factors (what you know, have, are) for your particular requirements.
  • Compare the relative strength of different authentication mechanisms by estimating the average attack space.
  • Balance economy, safety, and usability with reusable passwords, but there's a limit to the amount safety they can provide.
  • Choose the right design pattern for authentication by considering your server environment, size of enterprise, and administrative requirements.
  • Weaknesses in one authentication mechanism are sometimes corrected by another, but not always.

Preface

Although we're all inspired by engineering triumphs, we often learn the most from engineering failures. Not only do failures have important lessons to teach, but they have a special power to capture one's interest unlike a dry recitation of technical criteria or even the breathless evocation of some techno-utopian ideal.

Authentication: From Passwords to Public Keys looks at the problem of authentication: how computers can confidently associate an identity with a person. Most computers use passwords to do this, but even password systems can pose subtle and difficult problems for users, administrators, and developers. Once we decide to use something fancier than a list of passwords stored in a server, we face a broad range of choices and their associated risks. In this book we explore those choices by looking at situations where different techniques fail and by examining ways to strengthen them. Often it becomes a game of ping-pong in which the new defense falls to a new attack, which inspires an even newer defense, and so on.

Individual security measures don't work in a vacuum: they work in an interconnected web with other measures. This book takes a high-level, architectural view of that web instead of diving into the details. Discussions cover physical and procedural requirements for security as well as technical requirements. Moreover, our technical discussions will only bring up as much detail as needed to clarify the security issues. Readers can find the exact order of bits for a particular protocol elsewhere. Here we focus on why the bits need to be there and what the need to convey. We look at what could happen, or may have happened, if we omit that part of the protocol.

I've tried to include real world examples of every important concept and mechanism. Such examples take abstract concepts and make them concrete. Every example here has a published source or comes from my own experiences assisting others with computer security. In the latter case, names must often be changed to protect the privacy of people and enterprises. When not threatened with retribution, people can be quite honest about how they handle passwords, and about unauthorized shortcuts they might employ. Names have been changed or omitted to protect both the innocent and the guilty.

Who This Book is For

This book is written for people who want to understand both the how and why of computer authentication. Such people may be designers, developers, administrators, planners, or managers. Authentication is often their first line of defense against attack. The book's principal focus is on existing, off-the-shelf solutions. But in order to understand what we can buy, we often need enough design detail to guide an independent developer to achieve the same security results.

The book assumes a general familiarity with computer systems and the Internet as people typically use them today. It will not require specific knowledge about operating systems, networking protocols, or computer security. The book explains new technical concepts before discussing their implications, and uses plain English, graphical diagrams, and examples to make the important points. Some people learn by reading, others by seeing, and still others by doing. The book tries to accommodate the first two groups directly and, at least, entertain the third with stories of disaster.

It isn't practical to purge mathematical notation entirely from a book like this, even though some readers confront it like a poorly understood second language. Since there are a few places where a little simple algebra goes a long way, the book doesn't try to avoid algebraic notation entirely, but strives to make it straightforward.

Abridged Preface from Authentication is Copyright © 2002 Addison Wesley Longman, Inc.

Table of Contents

Here is the complete table of contents for Authentication. Embedded links lead to on-line versions of material from the book. The on-line Chapter 1 is a copy of the chapter as it appears in the book. The on-line Preface is an excerpt. The on-line version of the Web and Vendor Resources section is an updated version of the published material.

Preface

What This Book Is About

Who This Book Is For

Acknowledgments

Chapter 1
The Authentication Landscape

1.1 A Very Old Story

1.2 Elements of an Authentication System

Revised Attacks and Revised Defenses

Security Strategies

1.3 Authentication in Timesharing Systems

Passwords Under Attack

Hashed Passwords

1.4 Attacking the Secret

Guessing Attacks

Social Engineering

1.5 Sniffing Attacks

Sniffing in Software

Trojan Login

Van Eck Sniffing

1.6 Authentication Factors

1.7 Judging Attack Prevalence

1.8 Summary Tables

Chapter 2
Evolution of Reusable Passwords

2.1 Passwords: Something You Know

2.2 Authentication and Base Secrets

Cultural Authentication

Random Secrets

2.3 The Unix Password System

2.4 Attacking the Unix Password File

The M-209 Hash

The DES Hash

2.5 Dictionary Attacks

2.6 The Internet Worm

2.7 Resisting Guessing Attacks

Randomness and Bit Spaces

Biases in Base Secrets

Average Attack Space

2.8 Summary Tables

Chapter 3
Integrating People

3.1 Roles People Play

Insiders and Outsiders

Users and Administrators

Carriers and Crackers

3.2 Enrolling Users

Self-Authentication

Enrollment in Person

3.3 Assigning an Initial Secret

Random Secret

Cultural Secret

Changing the Initial Password

3.4 Entropy and User Password Selection

Statistical Bias in Text

Dictionary Attacks

Estimating Bias in Password Selection

3.5 Restricting Password Selection

Therapeutic Password Cracking

Automatic Password Generation

Proactive Password Checking

Limitations on Password Strength

3.6 Summary Tables

Chapter 4
Design Patterns

4.1 Patterns in Authentication Systems

4.2 The Role of Physical Security

Protecting Software Authentication

Protecting Workstations

Hardware Protection of Authentication

4.3 Administrative Requirements

Physical Protection

Ease of Authentication

Efficient Administration

4.4 Local Authentication

4.5 Direct Authentication

4.6 Indirect Authentication

Authentication Protocols

Indirect Authentication Protocols

4.7 Off-Line Authentication

4.8 Applying the Patterns

4.9 Summary Tables

Chapter 5
Local Authentication

5.1 Laptops and Workstations

5.2 Workstation Encryption

File Encryption

Volume Encryption

5.3 Encryption for Data Protection

Shortcut Attacks on Encryption

Trial-and-Error Attacks on Encryption

Theoretical Guess-Rate Limitations

5.4 Key-Handling Issues

Memorized Keys

Key-Handling Policies

Key Escrow and Crypto Politics

5.5 Summary Tables

Chapter 6
Picking PINs and Passwords

6.1 Password Complexity

Passwords and Usability

Forcing Functions and Mouse Pads

6.2 Different Secrets for Different Uses

Sniffable Passwords

PIN Applications

Internal Passwords

External Passwords

6.3 Improving Internal Password Entry

Operator-Controlled Password Display

Report Incorrect User Names

Allow Many Password Guesses

Report Incorrect Password Attempts

Avoid Periodic Password Changes

6.4 Password Selection

Internal Passwords

External and Administrative Passwords

6.5 Shared Passwords

Multiple-Use Passwords

Password Delegation

6.6 Storing Written Passwords

Physical Custody

Locked Storage

Electronic Storage

6.7 Sequences and Groups of Passwords

Password Sequences

Forward Secrecy With Theme Words

Passwords From Songs and Poems

6.8 Summary Tables

Chapter 7
Biometrics

7.1 Biometrics: Something You Are

Promise and Reality

Uses of Biometrics

7.2 Biometric Techniques

Measuring Physical Traits

Measuring Behavioral Traits

7.3 How Biometrics Work

7.4 Taking a Biometric Reading

Feedback During Biometric Input

Forging a Physical Trait

7.5 Building and Matching Patterns

Example: A Trivial Hand Geometry Biometric

Enrolling a User

7.6 Biometric Accuracy

Trading Off Usability and Security

Average Attack Space

7.7 Biometric Encryption

Preserving Secrecy

Authenticity of Biometric Data

The Problem of Biometric Exploitation

7.8 Summary Tables

Chapter 8
Authentication by Address

8.1 Who Versus Where

8.2 Telephone Numbers as Addresses

Identification via Dial-Back

Dial-Up Identification: Caller ID

8.3 Network Addresses

Addressing on the ARPANET

Internet Protocol Addresses

8.4 Attacks on Internet Addresses

IP Address Theft

Denial of Service Attacks

8.5 Effective Source Authentication

8.6 Unix Local Network Authentication

The "r" Commands

Remote Procedure Calls, NFS, and NIS

8.7 Authenticating a Geographical Location

8.8 Summary Tables

Chapter 9
Authentication Tokens

9.1 Tokens: Something You Have

Passive Tokens

Active Tokens

9.2 Network Password Sniffing

9.3 One-Time Passwords

Counter-Based One-Time Passwords

Clock-Based One-Time Passwords

9.4 Attacks on One-Time Passwords

Man in the Middle Attack

IP Hijacking

9.5 Incorporating a PIN

PIN Appended to an External Password

PIN as an Internal Password

PIN as Part of the Base Secret

9.6 Enrolling Users

9.7 Summary Tables

Chapter 10
Challenge Response Passwords

10.1 Challenge Response

Challenge Response and X9.9

S/Key Authentication

10.2 Challenge Response Issues

User Interaction

Known Ciphertext Attack on ANSI X9.9

10.3 Password Token Deployment

Soft Tokens

Handling Multiple Servers

Proprietary Implementations

10.4 Evolving Windows Authentication

LANMAN Hashing

Attacking the LANMAN Hash

Plaintext Passwords on Windows

10.5 Windows Challenge Response

Attacking Windows Challenge Response

10.6 Windows NTLM Authentication

Attacking the NT Password Database

Attacking NTLM Challenge Response

10.7 Summary Tables

Chapter 11
Indirect Authentication

11.1 Indirect Authentication

Network Boundary Control

One-Time Password Products

LAN Resource Control

11.2 RADIUS Protocol

A RADIUS Logon

Protecting RADIUS Messages

RADIUS Challenge Response

11.3 Encrypted Connections and Windows NT

Encrypted Connections

Integrity Protection

Politics, Encryption, and Technical Choices

11.4 Windows NT Secure Channels

Secure Channel Keying

Attacks on Secure Channels

11.5 Computers' Authentication Secrets

11.6 Summary Tables

Chapter 12
Kerberos and Windows 2000

12.1 The Key Distribution Center

Tickets

Needham-Schroeder

12.2 Kerberos

The Authentication Server

Authenticating to a Server

Ticket-Granting Service

12.3 User and Workstation Authentication

Workstation Authentication

Preauthentication

12.4 Ticket Delegation

Proxiable TGT

Forwardable TGT

Realms and Referral Tickets

12.5 Attacking a Kerberos Network

Intrusion Tolerance

Clock Synchronization

12.6 Kerberos in Windows 2000

Master Keys and Workstation Authentication

Service and Protocol Support

12.7 Summary Tables

Chapter 13
Public Keys and Off-Line Authentication

13.1 Public Key Cryptography

13.2 The RSA Public Key Algorithm

13.3 Attacking RSA

Attacking RSA Keys

Attacking Digital Signatures

13.4 The Digital Signature Standard

13.5 Challenge Response Revisited

LOCKOut Fortezza Authentication Protocol

FIPS 196 Authentication

13.6 Secure Sockets Layer

Establishing Keys with SSL

Authentication with Typical SSL

SSL Client Authentication

13.7 Public Keys and Biometrics

13.8 Summary Tables

Chapter 14
Public Key Certificates

14.1 Tying Names to Public Keys

Certificate Authorities

Using the Right Certificate

14.2 Creating Certificates

Certificate Standards

Certificates and Access Control

14.3 Certificate Authorities

Proprietors as Certificate Authorities

Commercial Certificate Authorities

14.4 Public Key Infrastructure

Centralized Hierarchy

Authority Lists

Cross-Certification

14.5 Personal Certification

Certified by Reputation

Certified by a Web of Trust

14.6 Certificate Revocation

Certificate Revocation List

On-line Revocation

Timely Certification

14.7 Certificates with Kerberos

14.8 Summary Tables

Chapter 15
Private Key Security

15.1 Generating Private Keys

15.2 The Private Key Storage Problem

15.3 Smart Cards and Private Keys

Off-Card Key Generation

On-Card Key Generation

15.4 Smart Card Access Control

PINs

Biometrics

15.5 Private Keys on Servers

Novell NetWare: Key Downloading

Safeword Virtual Smart Card: Data Uploading

15.6 Passwords Revisited

15.7 Summary Tables

Chapter Notes

Bibliography

Web and Vendor Resources

Glossary

Index

 

Material from Authentication is Copyright © 2002 Addison Wesley Longman, Inc.

Internet Cryptography

Internet Cryptography - small cover

ISBN 0-201-92480-3, Addison Wesley, 1997

Why would anyone buy an ancient book on cryptography?

Here's why: Internet Cryptography presents crypto from a practical perspective. It explains the underlying issues and mechanisms behind classic Internet security technologies, from SSL to public keys to firewalls. The book is also part of the Common Body of Knowledge (CBK) used in the CISSP certification examination.

Using real-life case studies, examples, and commercially available software products, cryptography is presented as a practical solution to specific, everyday security challenges. And, much though we might wish that a magic bullet has since solved all of our security problems, many of the things we did in 1997 we are still doing today.

Materials from Internet Cryptography are copyright 1997, Addison Wesley Longman, and are reproduced by permission.

Why Internet Cryptography?

Why buy an old book on cryptography?

 

Even though this book was written in 1997, there are two good reasons to read it:

  1. It provides a readable introduction to the basics of cryptography and how it applies to network security.
  2. It is on the ISC2's recommended reference list for the CISSP exam.

Since 1997, many details of Internet cryptography have changed, but the higher-level concepts have remained constant. The book examines cryptography and Internet security from the point of view of what goes wrong, which makes it easier to understand why security experts choose such odd ways of doing things. In addition, the book contains prioritized checklists of security features that successful Internet security systems and products should have. These lists were designed to stand the test of time and the evolution of new things, like the Advanced Encryption Standard. While specific recommendations regarding individual crypto algorithms and protocols may become obsolete, the underlying recommendations (that you use proven techniques that have been investigated by the open cryptography community) remain true today.

Following a surge of sales when it first came out, the book has continued to sell steadily, if modestly. The comments I most often hear from satisfied readers is that they appreciate the simple, clear explanations of complex technical mechanisms. Even though there are a lot of cryptography books out there, this one offers some of the clearest descriptions of network cryptography mechanisms.

Table of Contents

Preface

xv

  Who this Book is For xv
  How this Book is Organized xvi
  Crypto Today and Tomorrow xviii
  Comments and Questions xviii

Acknowledgments

xix

Chapter 1 Introduction

1

  1.1 The Basic Problem 1
  1.2 Essentials of Crypto 4
    1.2.1 Crypto is Hard to Use 6
    1.2.2 Balancing Crypto Use with Your Objectives 7
  1.3 Essentials of Networking and the Internet 8
    1.3.1 Protocol Layers and Network Products 9
    1.3.2 Internet Technology 12
    1.3.3 Internet Protocols in Your Host 14
    1.3.4 The Internet Security Problem 16
    1.3.5 An Internet Rogue's Gallery 19
  1.4 Setting Realistic Security Objectives 20
  1.5 Appropriate Communications Security 22
    1.5.1 Communications Security Goals 23
    1.5.2 Internet Crypto Techniques 25
  1.6 Legal Restrictions 27
  1.7 For Further Information 30

Chapter 2 Encryption Basics

33

  2.1 Encryption Building Blocks 33
    2.1.1 Stream Ciphers 34
    2.1.2 Block Ciphers 36
  2.2 How Crypto Systems Fail 42
    2.2.1 Cryptanalysis and Modern Codes 44
    2.2.2 Brute Force Cracking of Secret Keys 46
    2.2.3 Attacks on Improper Crypto Use 50
  2.3 Choosing Between Strong and Weak Crypto 51
    2.3.1 Properties of Good Crypto Algorithms 52
    2.3.2 Crypto Algorithms to Consider 55
    2.3.3 Selecting a Block Cipher Mode 57
    2.3.4 Identifying a Safe Key Length 58
    2.3.5 Levels of Risk for Different Applications 60
  2.4 For Further Information 62

Chapter 3 Link Encryption

63

  3.1 Security Objectives 63
  3.2 Product Example: In-line Encryptor 65
    3.2.1 Red/Black Separation 66
    3.2.2 Crypto Algorithm and Keying 67
    3.2.3 Encryptor Vulnerabilities 68
    3.2.4 Product Security Requirements 71
  3.3 Deployment Example: Point-to-Point Encryption 72
    3.3.1 Point-to-Point Practical Limitations 73
    3.3.2 Physical Protection and Control 74
    3.3.3 Deployment Security Requirements 75
  3.4 Deployment Example: IP-routed Configuration 76
    3.4.1 Site Protection 77
    3.4.2 Networkwide Security 78
    3.4.3 Deployment Security Requirements 81
  3.5 Key Recovery and Escrowed Encryption 82
  3.6 For Further Information 85

Chapter 4 Managing Secret Keys

87

  4.1 Security Objectives 87
  4.2 Basic Issues in Secret Key Management 88
  4.3 Technology: Random Key Generation 89
    4.3.1 Random Seeding 90
    4.3.2 Pseudorandom Number Generators 92
    4.3.3 Technical Security Requirements 95
  4.4 Deployment Example: Manual Key Distribution 95
    4.4.1 Preparing Secret Keys for Delivery 96
    4.4.2 Batch Generation of Keys 98
    4.4.3 Printing Keys on Paper 102
    4.4.4 Key Packaging and Delivery 103
    4.4.5 Key Splitting for Safer Delivery 104
    4.4.6 Deployment Security Requirements 106
  4.5 Technology: Automatic Rekeying 107
    4.5.1 ANSI X9.17 Point-to-Point Rekeying 108
    4.5.2 Variations of X9.17 110
    4.5.3 Technical Security Requirements 112
  4.6 Key Distribution Centers (KDCs) 113
  4.7 Maintaining Keys and System Security 116
  4.8 For Further Information 117

Chapter 5 Security at the IP Layer

119

  5.1 Security Objectives 119
  5.2 Basic Issues with Using IPSEC 120
  5.3 Technology: Cryptographic Checksums 121
    5.3.1 One-way Hash Functions 123
    5.3.2 Technical Security Requirements 126
  5.4 IPSEC: IP Security Protocol 127
    5.4.1 IPSEC Authentication 130
    5.4.2 IPSEC Encryption 131
  5.5 IPSEC Key Management 134
  5.6 Other TCP/IP Network Security Protocols 137
  5.7 For Further Information 139

Chapter 6 Virtual Private Networks

141

  6.1 Security Objectives 142
  6.2 Basic Issues with VPNs 142
  6.3 Technology: IPSEC Proxy Cryptography 143
    6.3.1 ESP Tunnel Mode 145
    6.3.2 ESP Transport Mode 147
  6.4 Product Example: IPSEC Encrypting Router 148
    6.4.1 Blocking Classic Internet Attacks 149
    6.4.2 Product Security Requirements 151
  6.5 Deployment Example: Site-to-Site Encryption 153
    6.5.1 Header Usage and Security 156
    6.5.2 Deployment Security Requirements 159
  6.6 For Further Information 159

Chapter 7 Remote Access with IPSEC

161

  7.1 Security Objectives 161
  7.2 Basic Issues with IPSEC Clients 162
  7.3 Product Example: IPSEC Client 163
    7.3.1 Client Security Associations 165
    7.3.2 Client Self-Defense on the Internet 166
    7.3.3 Client Theft and Key Protection 167
    7.3.4 Product Security Requirements 169
  7.4 Deployment Example: Client-to-Server Site Access 171
    7.4.1 Remote Access Security Issues 172
    7.4.2 Deployment Security Requirements 175
  7.5 For Further Information 176

Chapter 8 IPSEC and Firewalls

177

  8.1 Security Objectives 177
  8.2 Basic Issues with IPSEC and Firewalls 178
  8.3 Internet Firewalls 179
    8.3.1 What Firewalls Control 180
    8.3.2 How Firewalls Control Access 181
    8.3.3 Firewall Control Mechanisms 183
  8.4 Product Example: IPSEC Firewall 187
    8.4.1 Administering Multiple Sites 189
    8.4.2 Product Security Requirements 190
  8.5 Deployment Example: A VPN with a Firewall 191
    8.5.1 Establishing a Site Security Policy 192
    8.5.2 Chosen Plaintext Attack on a Firewall 193
    8.5.3 Deployment Security Requirements 195
  8.6 For Further Information 195

Chapter 9 Public Key Crypto and SSL

197

  9.1 Public Key Cryptography 197
    9.1.1 Evolution of Public Key Crypto 199
    9.1.2 Diffie-Hellman Public Key Technique 200
    9.2.1 Brute Force Attacks on RSA 205
    9.2.2 Other RSA Vulnerabilities 208
    9.2.3 Technical Security Requirements 211
  9.3 Technology: Secret Key Exchange with RSA Crypto 212
    9.3.1 Attacking Public Key Distribution 213
    9.3.2 Public Key versus Secret Key Exchange 215
    9.3.3 Technical Security Requirements 218
  9.4 Secure Sockets Layer 218
    9.4.1 Other SSL Properties 222
    9.4.2 Basic Attacks Against SSL 223
    9.4.3 SSL Security Evolution 226
  9.5 For Further Information 228

Chapter 10 World Wide Web Transaction Security

229

  10.1 Security Objectives 229
  10.2 Basic Issues in Internet Transaction Security 230
  10.3 Transactions on the World Wide Web 232
    10.3.1 Transactions with Web Forms 233
    10.3.2 Web Form Security Services 235
  10.4 Security Alternatives for Web Forms 236
    10.4.1 Password Protection 237
    10.4.2 Network-level Security (IPSEC) 237
    10.4.3 Transport-level Security (SSL) 238
    10.4.4 Application-level Security (SHTTP) 239
    10.4.5 Client Authentication Alternatives 240
  10.5 Product Example: Web Browser with SSL 242
    10.5.1 Browser Cryptographic Services 244
    10.5.2 Authentication Capabilities 245
    10.5.3 Client Security and Executable Contents 247
    10.5.4 Product Security Requirements 250
  10.6 Product Example: Web Server with SSL 252
    10.6.1 Web Server Vulnerabilities 253
    10.6.2 Mandatory Protection 257
    10.6.3 Product Security Requirements 258
  10.7 Deployment Example: Vending with Exportable Encryption 259
    10.7.1 Export Restrictions and Transaction Security 261
    10.7.2 Site Configuration 262
    10.7.3 Deployment Security Requirements 264
  10.8 For Further Information 266

Chapter 11 Secured Electronic Mail

267

  11.1 Security Objectives 267
  11.2 Basic Issues with E-Mail Security 268
  11.3 Basics of Internet Electronic Mail 269
    11.3.1 Internet E-Mail Software Architecture 271
    11.3.2 E-Mail Security Problems 272
  11.4 Technology: Off-line Message Keying 275
    11.4.1 Encryption Tokens 276
    11.4.2 Technical Security Requirements 277
  11.5 Technology: Digital Signatures 278
    11.5.1 Attacks on Digital Signatures 280
    11.5.2 The Digital Signature Standard 284
    11.5.3 Technical Security Requirements 286
  11.6 Product Example: Secure E-Mail Client 287
    11.6.1 Basic Secure Client Features 288
    11.6.2 E-Mail Client Security Issues 290
    11.6.3 Product Security Requirements 292
  11.7 E-Mail Deployment 293
  11.8 For Further Information 294

Chapter 12 Public Key Certificates

295

  12.1 Security Objectives 295
  12.2 Distributing Public Keys 296
  12.3 Technology: Public Key Certificates 299
    12.3.1 Generating Public Key Pairs 301
    12.3.2 Certificate Revocation 302
    12.3.3 Certification Authority Workstation 303
    12.3.4 Technical Security Requirements 305
  12.4 Certificate Distribution 306
    12.4.1 Transparent Distribution 307
    12.4.2 Interactive Distribution 308
  12.5 Centralized Certification Authority 310
    12.5.1 Netscape Server Authentication 311
    12.5.2 Handling Multiple Certification Authorities 312
  12.6 Hierarchical Certification Authority 313
    12.6.1 PEM Internet Certification Hierarchy 314
    12.6.2 Private Trees 316
  12.7 PGP "Web of Trust" 316
  12.8 For Further Information 319

Appendix A: Glossary

321

Appendix B: Bibliography

341

Index

345

Preface

This book is about delivering data safely across unsafe territory. The features that give the Internet its vitality also make it unsafe, like the streets of a major city. People do not walk carelessly in a vital, teeming city. Likewise, a careful person approaches the Internet with caution. Business data that crosses the public Internet can be forged, modified, or stolen. The Internet's technology and style don't fit well in the traditional mold of common carrier communications, so traditional security techniques don't fit well either.

Cryptography has emerged as the only alternative to protect Internet data, and it does the job well. Modern crypto techniques have evolved from the secret codes of decades past, brilliantly augmented with a deep knowledge of modern mathematics. New cryptographic products and technologies have been developed particularly for Internet applications. This book describes the principal techniques used in today's products, how they work, and how to use them. While we must talk about people "cracking" codes, we will spend far more time looking at system configurations and operating procedures. Configuration and operating errors have often been the bane of crypto system security. Mathematical details alone don't ensure the security of practical crypto systems. Even the most capable products can be defeated by carelessness.

Effective use of crypto systems requires a clear understanding of what your security objectives are and how they depend on important system properties. This book applies cryptographic techniques to particular Internet security goals like site protection, message secrecy, or transaction security. These goals are lined up against today's off-the-shelf products to show which are best suited to meet particular business and security objectives.

Who This Book is For

This book is intended for people who know very little about cryptography but need to make technical decisions about cryptographic security. Many people face this situation when they need to transmit business data safely over the Internet. This often includes people responsible for the data, like business analysts and managers, as well as those who must install and maintain the protections, like information systems administrators and managers. These people are the book's primary audience. Cryptographic concepts are explained using diagrams to illustrate component relationships and data flows. At every step we examine the relationship between the security measures and the vulnerabilities they address. This will guide readers in safely applying cryptographic techniques.

This book requires no prior knowledge of cryptography or related mathematics. Descriptions of low-level crypto mechanisms focus on presenting the concepts instead of the details. Programmers and product developers must look elsewhere for implementation details, and each chapter ends with a list of appropriate references. However, developers will still find a few useful insights here, like why crypto experts are so picky about mathematical arcana like random number generators ("No, it's a pseudorandom number generator!") or why their theoretically unbreakable system is vulnerable to attack.

This book also contains some general tutorial material about the Internet Protocol (IP) and its cousins, but it is best if readers already have a general familiarity with computers, networking, and the Internet. In particular, it helps if readers already understand the notion of message and packet formatting-in other words, your information must be embedded in other information for the network to deliver it correctly.

How this Book is Organized

We start with cryptographic basics, apply them to product evaluation, and then look at example deployment to achieve various business and security objectives. When we understand the risks against which various security measures might protect, we can reasonably trade off between conflicting techniques. Each chapter ends with a list of references that may provide you with deeper explanations when needed. If your particular problem cannot be solved with available products, the references can provide the technical details for implementing custom solutions.

This book is organized around a small number of basic security objectives that are addressed by a few basic Internet cryptographic technologies. The objective of extending one's internal site via the Internet is illustrated with link encryption and network encryption using the IP Security Protocol (IPSEC). The objective of transaction security is illustrated using Secure Socket Layer (SSL) as applied to the World Wide Web. Message-based security is illustrated using Pretty Good Privacy (PGP) and Privacy Enhanced Mail (PEM).

Chapter Summary

The book's contents fall roughly into three parts, starting with low-level but simple techniques and working upward to high-level, complex crypto systems.

  • Introduction and traditional crypto (Chapters 1, 2, 3, and 4)
    These chapters contain general introductory material and cover traditional crypto techniques. The Introduction provides a cross-reference of security goals against the crypto techniques presented in the book. Traditional crypto includes link encryption and the handling of secret crypto keys.
  • Network encryption with IPSEC protocols (Chapters 5, 6, 7, and 8)
    These chapters describe the IPSEC protocol suite that protects data passing between pairs of hosts on the Internet. These protocols were originally developed for the upcoming IP version 6, but many vendors are incorporating them into existing IP products, like routers and firewalls.
  • Public key crypto and protocols for transactions (Chapters 9, 10, 11, and 12)
    These chapters describe public key crypto techniques and their application in World Wide Web and e-mail protocols. The Web security discussion centers on the SSL protocol and related client/server software. The e-mail discussion examines the techniques of PGP and PEM. Public key certificates are discussed in the final chapter.

A Typical Chapter

Most chapters follow the same general organization. A typical chapter introduces a security service and a particular cryptographic mechanism underlying that service. Chapter information is usually organized in these general sections:

  • Security objectives
    This section contains a list of objectives you wish to achieve in protecting your information. The product and deployment examples in the chapter are chosen to achieve these objectives.
  • Basic issues
    This section contains an overview of important problems associated with the cryptographic services and mechanisms presented in the chapter.
  • Technology
    There are one or more of these sections, each presenting a technical concept underlying the products introduced. These sections always include a prioritized list of requirements for securely applying the technology.
  • Product example
    There are one or more of these sections to introduce products used in the deployment examples. These sections always include a prioritized list of requirements for assessing potential product choices.
  • Deployment example
    There are one or more of these examples to illustrate different ways of achieving the chapter's stated security objectives. These sections always include a prioritized list of requirements for assessing a particular deployment.
  • For further information
    This section contains an annotated list of references for more in-depth information on a subject. The chapters' lists identify the author and title of the work; the bibliography at the end of this book contains the complete citation.

Crypto Today and Tomorrow

The crypto mechanisms and products appearing in this book were chosen because they illustrate what people can buy off the shelf and use today. Simple, commercially available solutions are given preference over more sophisticated techniques that require extensive vendor support or custom engineering. Naturally this limits the discussion to a fraction of what the technologies can do. However, it is risky to speculate about the behavior of nonexistent products. Countless implementation details will affect their practical effectiveness, so it's pointless to speculate about how they might best work.

This book does not try to predict which future technologies will succeed or fail as easy-to-use products. An elaborate cryptographic infrastructure for safely sharing keys among computer users worldwide has been on the drawing boards for more than a dozen years; the enabling technology and its relatively modest success in off-the-shelf products is described in Chapter 12. Likewise, the chapters on IP security focus on today's products and not on the draft standards for tomorrow. The future is left to future books.

Comments and Questions

Send comments and questions to this site via Internet e-mail. While I tried to focus on techniques that have been used successfully, many of the techniques have not seen extensive use. I'd value any "war stories" or "been there; done that" evaluations based on personal experience.

Articles and Papers

Here is a list of articles and papers I have produced. Where possible, I include a link to the paper. If there are co-authors, they are listed at the end of the entry.

Peer Reviewed Professional Writings

"Boundaries and flows: a strategy for introducing information security to undergraduates" (PDF), Proceedings of the 2008 Annual Conference of the American Society of Engineering Education, Pittsburgh, PA, June 22-24, 2008.

Trends in Security Product Evaluations" (PDF), Information Systems Security 16 (4), 2007.

"A spreadsheet based simulation of CPU instruction execution" (PDF), Proceedings of the 2007 American Society of Engineering Education Conference, Honolulu, HI, June 2007. I have posted additional information on Spreadsheet CPU (SSCPU) on this site.

“Multilevel Security,” Chapter 205 in Handbook of Information Security, Volume 3, Threats, Vulnerabilities, Prevention, Detection and Management, Hossein Bidgoli, ed., ISBN 0-471-64832-9, John Wiley, 2006. (click here for a similar introduction to multilevel security).

ACM DL Author-ize serviceCost profile of a highly assured, secure operating system
Richard E. Smith
ACM Transactions on Information and System Security (TISSEC), 2001

 

"Experimenting with Security Policy,” Proc. DARPA Information Survivability Conference and Exposition II, IEEE Computer Society Press, 2001.

“A Releasable Data Products Framework,” Proc. DARPA Information Survivability Conference and Exposition II, IEEE Computer Society Press, 2001 (with Charles Payne).

Historical Survey of Security Product Evaluations" (PDF),” Proc. 22nd National Information Systems Security Conference, 2000.

“Using Type Enforcement to Assure a Configurable Guard,” Proc. 13th Annual Computer Security Applications Conference, December 1997 (with Paula Greve and John Hoffman).

“Mandatory Protection for Internet Server Software" (PDF), Proc. 12th Annual Computer Security Applications Conference, December 1996.

“Securing Client/Server TCP/IP,” Chapter 8 of Securing Client/Server Computer Networks, Peter Davis, ed., ISBN 0-07-015841-X, McGraw-Hill, 1996.

“Constructing a High Assurance Mail Guard" (PDF), Proc. 17th National Computer Security Conference, 1994.

“High Assurance Multilevel Data Sharing with LOCKServer,” Proc. 11th Annual Computer Security Applications Conference, 1993.

“Error management for robot programming,” Journal of Intelligent Manufacturing, vol. 2, 1991, (with Maria Gini).

“A Historical Overview of Computer Architecture,” Annals of the History of Computing, vol. 10, no. 4, 1988.

“Reliable Real-Time Robot Operation Employing Intelligent Forward Recovery,” Journal of Robotic Systems, vol. 3, no. 3, Fall 1986, pp. 281-300 (with Maria Gini).

“Monitoring Robot Actions for Error Detection and Recovery,” Proc. Workshop on Space Telerobotics, NASA Jet Propulsion Laboratory, 1987. (with Maria Gini).

“Robot Tracking and Control Issues in an Intelligent Error Recovery System,” Proc. 1986 IEEE International Conference on Robotics and Automation, San Francisco, CA, April 1986. (with Maria Gini).

“The Role of Knowledge in the Architecture of a Robust Robot Control,” Proc. 1985 IEEE International Conference on Robotics and Automation, St. Louis, MO, March 1985. (with M. Gini, R. Doshi, M. Gluch, and I. Zualkernan).

 

Other Professional Writing

“How Authentication Technologies Work,” Chapter 1 of Biometrics: Identity Assurance in the Information Age, John Woodward, ed., ISBN 0-07-222227-1,McGraw-Hill, 2003.

“A Curricular Strategy for Information Security Engineering,” Proceedings of the 2007 ASEE North Midwest Sectional Conference, September 22, 2007, Houghton, MI.

“Extending the Spreadsheet to Illustrate Basic CPU Operations in a Computer Literacy Course”, Proceedings of the 2006 ASEE North Midwest Regional Conference, University of Wisconsin- Milwaukee, October 7-9, 2006. I have posted additional information on Spreadsheet CPU (SSCPU) on this site.

“Crypto Alphabet Soup: Making Sense of Today’s Algorithms,” Information Security, January 2003.

The Strong Password Dilemma,” Computer Security Journal, Summer 2002.

Deciphering the Advanced Encryption Standard (PDF),” Network Magazine, March 2001.

Authentication: Patterns of Trust," Information Security, August 2000.

“Security assurance issues for open source software,” white paper for the NSA/DARPA Open Source Workshop, 1999 (with Charles Payne).

“Internet Cryptography,” Chapter 15 of ICSA Guide to Cryptography, Randall Nichols, ed., ISBN 0-07-913759-8, McGraw-Hill, 1999.

“Sidewinder: Defense in Depth Using Type Enforcement" (PDF), International Journal of Network Management, vol. 5, no. 4, July-August 1995.

 

“Task Planning Issues for an In-Orbit Service Manipulator,” Space Station Automation IV: Proc. SPIE, Wun C. Chiou, Sr., ed., vol. 1002, 1988, pp. 71-78.

“Hierarchical Multiprocessing Software for High Performance Robotics,” Intelligent Robotics and Computer Vision: Seventh in a Series; Proc. SPIE, David P. Casasent, Emery L. Moore, eds., vol. 1006, 1988, pp. 444-451.

“A Language and Multi-Tasking Operating System to Support an Eight-Channel Speech Input Terminal,” paper given at the 50th Anniversary Meeting, Acoustical Society of America, Cambridge, MA, 1979 (with A. Stowe and S. Glazer).

 

Other Writing

“Plate Construction and Layout,” chapter 43 in Juell & Rod, eds., Encyclopedia of United States Stamps and Stamp Collecting, Minneapolis: Kirk House, 2006. Also appeared in United States Specialist 76 (5), pp. 199-207, May, 2005.

“Are Web Transactions Safe?” tutorial article for the companion web site of NOVA’s television show . “Decoding Nazi Secrets,” November 2000. http://www.pbs.org/wgbh/nova/decoding/web.html

“Secure Computing Legislative Policy Recommendations on Encryption,” 1998-1999.

Talks

This page provides links to the presentation slides for some talks I have given.

TCSEC: My Own Lessons Learned, 2013 Annual Computer Security Applications Conference, December 2013. PDF

 

The Challenge of Multilevel Security, Black Hat Federal, Tyson's Corner, VA, October 2003. PDF

 

Authentication: Cautionary Tales, Black Hat Briefings, Las Vegas, NV, July 2003. PDF

 

The Biometrics Dilemma, Black Hat Briefings, Las Vegas, NV, July 2002. Powerpoint

 

An Overview of Authentication Techniques, Webcast, February 28, 2002. PDF.

 

Site-Specific Planning for Authentication Systems, 28th Annual CSI Security Conference, Washington DC, October 2001. PDF

 

Computer Security Basics, University of St Thomas, Mini Masters' Lecture, Spring 2000. Part 1 (120K), Part 2 (490K).

 

E-Commerce Security Workshop, University of St Thomas, Fall 1999. One file (900K).

 

Internet Cryptography, National Information Systems Security Conference, Arlington VA, October 1998. Part 1 (480K), Part 2 (540K).

 

Network Security with Cryptography,12th Systems Engineering Conference, Santiago Chile, June 1998. Part 1 (260K), Part 2 (210K), Part 3 (400K).

 

Cryptographic Vulnerabilities: Beyond Algorithms and Key Lengths, University of Minnesota colloquium, 1998. One file (340K).

 

Choosing and Using Network Cryptographic Products, brief talk given to many audiences, 1997. One file (380K).

Post category: 

Photos

I post photo galleries here

Taxonomy upgrade extras: 

Links