Exchange Security Part 1 Fundamentals of Security

1
Exchange Security - Part 1Fundamentals of
Security Greg BaribaultProgram
ManagerExchange ServerMicrosoft Corporation
2
(No Transcript)
3
Security Concepts What we will cover today

• Cryptographic Tools
• Encryption, certificates, signatures, etc
• Security Goals
• Privacy, Authentication, Integrity
  andNon-repudiation
• Network Security and Authorization
• Putting it all together
• Using Cryptographic Tools to meet the Security
  Goals of the organization

4
Encryption SchemesHow plain data becomes secret

• A mathematical function applied to data changes
  it to an unreadable form
• Plain text ? Cipher text
• Key Length provides strength
• 8-bit key 28 keys 256 keys
• 56-bit key 256 keys 72 quadrillion keys
• 128-bit key 2128 keys 3.4 x 1038 keys!
• Brute force at 1 trillion keys/sec would take

10,819,926,705,615,920,821 years!
5
Encryption SchemesSymmetric (shared key) ciphers

• Same key used for encryption and decryption
• m Message
• DK Decryption function with shared key K
• EK Encryption function with shared key K
• Dk(Ek(m)) m
• Examples
• Block Ciphers RC2, CAST, DES, 3-DES
• Stream Ciphers RC4

6
Encryption SchemesSymmetric (shared key) ciphers

• Benefits
• Computationally fast to encrypt / decrypt large
  messages
• Problems
• Key Distribution
• Key must be known by both sending and receiving
  parties in advance
• Authentication
• At least two parties have the same key

7
Encryption SchemesAsymmetric (public key) ciphers

• Key pair cipher Public and private keys
• Data encrypted with one key can only be decrypted
  with other key
• m Message
• Dd Decryption function with Private key d
• Ee Encryption function with Public key e
• Dd(Ee(m)) m
• Examples
• RSATM, Diffie-Hellman

8
Encryption SchemesAsymmetric example

• Encryption of the word SECURE
• p, q - two primes, n pq p 3 q 11 n 33
• z (p-1)(q-1) z 20
• d - prime not a factor of z d 7
• e where (e d) mod z 1 e 3

9
Encryption SchemesAsymmetric (public key) ciphers

• Benefits
• Public half of the key can be known to everyone
• Problems
• Computationally expensive and slow
• Authentication
• How does sender know that the public key actually
  belongs to the recipient?
• Vulnerable to Man in the Middle attack

10
Encryption AttacksMan in the Middle attack

• Example

?
11
CertificatesAssociating keys with users

• Certificates securely bind the key holders
  identity to their public key
• Contain the users key and identity information
• Name, public key, e-mail, extensions, etc
• Signed by a Known andTrusted entity
• X.509 v3 adds extensions(i.e. key usage) and
  S/MIME compatibility

12
Certification AuthoritiesIssue certificates and
enable trust

• Certificates can be explicitly trusted
• A client app can import a certificate to be
  trusted
• Clients and CAs can maintain a list of
  explicitly trusted certificates
• Certificates can be explicitly distrusted
• Place certificates on a CRL(Certificate
  Revocation List)
• Certificates can expire

13
CA HierarchiesA PKI is based on trust

• A CA is a known and trusted third party which
  issues certificates
• CAs Private key used to sign certificates
• CA certificate needed to verify signatures

14
CA HierarchiesA PKI is based on trust

• A CA is a known and trusted third party which
  issues certificates
• CAs Private key used to sign certificates
• Root CA certificate needed to verify signatures

15
CertificatesInitially trusting a certificate

• Trusting a Root CA
• Software (Windows NT, Internet Explorer,
  Windows 98) comes with some root CA certificates
  included
• Downloaded software like Internet Explorer uses
  Authenticode certificates for protection during
  download
• You can always verify a certificate thumbprint
  out-of-band

16
Cryptographic Hashes What are hash functions?

• Mapping a message of arbitrary length to a binary
  string of fixed length
• Forms a fingerprint of a message
• Hashes are one-way - Not reversible
• Fast to compute on large messages
• Provide integrity and authenticity
• Examples
• MD4, MD5, SHA-1

17
Cryptographic Hashes A simple example

• EXCHANGE SECURITY
• Sum of all letters mod 26
• i.e. EXC ? 5233 mod 26
• Hash value 191 mod 26 9
• Hash space here is 26, a 128-bit hash value has a
  space of 3.4e38!

18
Cryptographic Hashes MDs and MACs

• Message digests
• Provides a Representative Image or Hash of the
  original message
• Message authentication codes
• Hash of message secured with private key
• Good hashes are collision resistant
• Only one message maps to any hash
• Any change in a message will cause thehash to be
  completely different

19
Digital SignaturesAs binding as a signature on
paper

• Provides origin authentication since only sender
  holds private key used to generate signature
• Provides data integrity since the signature is a
  protected hash of the message
• Examples
• RSA, DSA

20
Digital SignaturesAs binding as a signature on
paper

• How it works
• Sender computes MD (hash)
• Sender encrypts MD with private key and attaches
  it to message m
• Send m and MDSender
• Receiver decrypts secured MD using senders
  Public Key and computes the messages MDReceiver
• If MDSender MDReceiver then message is
  authentic

21
Message Security
22
Security GoalsWhy do we need data security?

• Privacy / ConfidentialityKeep information secret
  from those who should not see it
• We accomplish this goal by Encrypting messages
  and data
• Network security provides privacy on the wire
• Data security provides permanent privacy while
  data is stored

23
Message EncryptionProvides message privacy

• Combining symmetric and asymmetric ciphers
  provide privacy and efficiency
• Encryption example

Alice
24
Message EncryptionProvides message privacy

• Combining Symmetric/Asymmetric Ciphers provide
  privacy and efficiency
• Decryption example

25
Security GoalsWhy do we need data security?

• IntegrityGuarantee information is not changed
  unknowingly
• We accomplish this by attaching a Digital
  Signature to the data
• If the data has changed, the signature will be
  invalid

26
Security GoalsWhy do we need data security?

• AuthenticationUndoubtedly prove the source of
  information
• We accomplish this by attaching a Digital
  Signature to the data
• Only the person named on the certificate has the
  private key to create a signature

27
Security GoalsWhy do we need data security?

• Non-repudiationPrevents denial of a commitment
• We accomplish this by attaching
  a Digital Signature to the data
• Since only one person holds the private key, the
  signature could not have been forged

28
Digital SignaturesProvide authentication and
integrity

• Use Hashes, Public Key Ciphers and Certificates
  to form a Digital Signature
• Digital Signature Example

29
Digital SignaturesProvide authentication and
integrity

• Use Hashes and Public Key Ciphers to form a
  Digital Signature
• Digital Signature Example

Bob
30
Network Security
31
Security GoalsTransient data protection

• Authentication
• Real time verification of credentials
• Valid for current session only
• Authorization
• Determines what resources a user can access
• User must be authenticated to be authorized
• Privacy
• Protecting all data on the wire(rather than just
  specific messages)

32
AuthenticationNetwork user authentication

• Basic authentication
• Plain text ID and password sent over wire
• Windows NT challenge/response
• Encrypted challenge sent to user
• Password never sent over wire
• SSL authentication
• X.509 v3 certificates
• Authenticates and establish channel encryption
• Kerberos
• Users tickets provide authentication credentials

33
AuthenticationKerberos

• More efficient architecture
• Services do not need to connect to a DC
  to authenticate a user
• Mutual authentication
• Users to Servers and Servers to Users
• Delegated authentication
• Services can impersonate a user (not supported
  in NTLM)
• Interoperable with non-Windows platforms

34
AuthorizationDo you have permission?

• Permission to perform an action based on
  authenticated credentials
• First, we need to authenticate
• Kerberos
• Challenge/response
• Verify Certificates
• Then, verify identitys access in ACL
• Access Control List
• Resources that might require authorization
• Web site, network share, public folder, etc.

35
PrivacyTransient data protection

• Secure data point-to-point, while on the wire,
  not end-to-end
• Data is only private while on the wire
• Once delivered, it is decrypted
• Protection from packet sniffers
• Examples
• NT/RPC, SSL, TLS

36
Network PrivacyEncryption/decryption

• Authentication used to establish or negotiate
  symmetric session key
• Example server encrypts session key with users
  password
• Both parties use session key to encrypt/decrypt
  all communications on wire
• Session key thrown away once connection is
  terminated

37
Network PrivacyPoint-to-point network security
38
Network SecurityWindows NT RPC encryption

• RSA RC4 stream encryption
• 128-bit on Windows NT SP2 No. America
• 40-bit for other platforms (56-bit in SP6)
• Uses NTLM challenge/response
• Optional for client-server RPC
• Always enabled for Exchangeserver-to-server RPC
  connections
• Optional for SMTP server-to-server connections

39
Network SecuritySecure Socket Layer (SSL)
encryption

• RSA RC4 stream encryption
• Authentication via X.509 certificates
• Optional for client-to-server connections
• LDAP, POP3, HTTP, NNTP, IMAP4
• Optional for SMTP server-to-server connections

40
International IssuesDeploying a Worldwide PKI

• 56-bit DES may be exported under license
  exception
• 128-bit may be exported to specific sectors and
  countries
• Financial institutions, insurance companies,
  other special exceptions
• US based companies in non-US sites
• Cannot be exported to the seven terrorist
  supporting countries

41
International IssuesLate breaking news Sept.
16th

• Encryption software of any key length may now be
  exported
• No license required
• Export to any individual or firm, and other
  non-government end users
• Microsoft is working to understand specific
  details
• See entire White House press release
  http//www.cdt.org/crypto/admin/

42
International IssuesClient interoperability

• Client determines the key size when enrolling in
  security
• Exchange Server supports global interoperability
• Client capabilities automatically tracked in the
  directory
• Clients auto-select common format, algorithm,
  and key length for all recipients

43
Related Sessions

• Secure Corporate Messaging with Outlook
  2000Immediately following this session
• Key Management Service and Certificate
  Server300 PM today in this room
• Microsoft Exchange and Secure Internet
  ConnectionsSpeaker Spyros SakellariadisHeld
  yesterday, but see handouts

44
(No Transcript)
45
For More Information

• BackOffice Resource Kit, Part 1
• Exchange Server Resource GuideChapter 7,
  Security
• Presentations/Papers
• ideaExchange Security Interview
  http//www.microsoft.com/exchange/55/gen/iesecuri
  ty.htm
• RSA Labs
• http//www.rsasecurity.com/rsalabs/faq

46
Additional Slides
47
Authentication/Privacy Usage
SSL NT/RPC Basic NTLM DPA Encrypt EncryptCli
ent/Server HTTP ? ? ? ? LDAP ? ? ?
? POP3 ? ? ? ? SMTP ? ? IMAP4 ?
? ? ? NNTP ? ? ? ? MAPI RPC ?
? ? Server/ServerNNTP ? ? SMTP ? ?
? X400 ? MAPI RPC ? ? ?