20-771: Computer Security Lecture 11: Windows 2000 III - PowerPoint PPT Presentation

1 / 61
About This Presentation
Title:

20-771: Computer Security Lecture 11: Windows 2000 III

Description:

Active Registry' Control of All Resources. System Management Console ... Enterprise or Departmental Management is much cleaner. ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 62
Provided by: robertth
Category:

less

Transcript and Presenter's Notes

Title: 20-771: Computer Security Lecture 11: Windows 2000 III


1
20-771 Computer SecurityLecture 11 Windows
2000 III
  • Robert Thibadeau
  • School of Computer Science
  • Carnegie Mellon University
  • Institute for eCommerce, Fall 2001

2
This Week
  • WS 11, 12
  • Touretzky on Wed

3
Todays lecture
  • The four examples (Common Criteria, etc.)
  • Seeing real access control under win 2000
  • Kerberos
  • Think symmetric (private) key, first is password,
    second and third in tickets for pre-registered
    services.
  • Encrypted Files
  • Break (10 min)
  • IPSec, Smart Cards

4
Windows 2000
  • Much richer (more complicated) model
  • MUCH easier for Joe to take over after Sam
  • Hierarchy of Hierarchies

Complexity Wins
Windows
Unix
5
Bad News Good News
  • Complex
  • Many Hierarchies
  • Lots of How-To
  • Learn only MS
  • Use only MS 2000
  • Simple underlying model
  • MMC/ Active Directory / ACLs
  • Hierarchies are easy to browse/search
  • Only ONE way to configure
  • Good online docs, good HCI

6
Some Hierarchies
What What For Objects/Attributes
File System Programs and Data Word, Run Programs, etc.
Registry (six leaves) Control LOCAL system parameters Default settings, global variables
Domains Security Management Users/Groups/ACLs
Domain Trees Enterprise Management Domain Trust, Domain Config Inheritance
System Management Console Control of All Resources Active Registry
IIS Console Control http/ftp Hierarchy of virtual directories
Frontpage Control of webs Flat hierarchy of webs
7
Review
  • Windows 2000 Access has to do with
  • Authentication (Passwords)
  • Authorization (Access Controls) Active
    Directory
  • We also saw the considerable audit capabilities
    Active Directory SACL
  • Privacy (secrecy)
  • Came in in protecting passwords (kerberos)
  • Integrity (it is what it says it is)
  • Came in in service authentication (kerberos)
  • PKI
  • Finally, we encountered a great advance in
    enterprise management through Active Directory
    and MMC snap-ins

8
Windows 2000Much more compelling than NT
  • Known to be a rock, stable, environment
    comparable to Linux/Unix.
  • Runs many, BUT NOT ALL, Windows applications.
  • One machine in violation (e.g., its Win 98 or
    MAC) violates the security model
  • Enterprise or Departmental Management is much
    cleaner.
  • Intercompany Management of resources is possible
    without third party software.
  • Implementation of full scale corporate PKI is
    possible.
  • Web access through IE5/IIS can be made highly
    secure

9
What is your recommendation?
  • Machines have to be 64 megabytes (about 100/per
    machine)
  • Think domain trees.
  • Inheritance
  • Build a root
  • Build a department
  • Add in other departments
  • Web Servers
  • Build a root
  • Build a web server
  • Add in other departments

10
Build a root?
  • The root should include
  • A top-level domain controller
  • A top-level certificate server
  • A top-level kerberos server
  • Possibly, a top-level SQL Server
  • Possibly, an exchange server (mail)
  • Possibly, a DNS server
  • If Intranetting an IIS server
  • These servers dont have to be big-time machines
    but do have to be reliable
  • Disk mirroring is built into NT/2000
  • Offsite backup replication (IPSec)
  • These machines should be under major lock and
    key.
  • Entry should be local console although remote is
    supported in Windows 2000.

11
Windows 2000 IPAAA Model
12
Windows 2000 IPAAA Model
File Encrypt
SMARTCARD
IPSec
13
Encrypting File
  • Think like SSL and others uses RSA for
    authentication/authorization and Private Session
    Key for actual encryption/decryption
  • This means system has private key that it can use
    for decryption
  • Encrypted Data Recovery Policy (EDRP)
  • Workgroup (LOCAL Domain) this is local
  • In Domain, it is only with the Domain
    Administrator

14
One DESX Key, Many Certs
FILE OR DIRECTORY
Administrator CERT /Public Key M
Symmetric/Private/DESX/Encrypt/Decrypt Key A
UserQ CERT /Public Key Q
Symmetric/Private/DESX/Encrypt/Decrypt Key A
UserR CERT /Public Key R
Symmetric/Private/DESX/Encrypt/Decrypt Key A
Some can be certs in Data Decryption Field or
Data Recover Field
15
File Encryption / Recovery Certificate
  • The symmetric encrypting key is encrypted using
    the public key derived from your EFS certificate.
  • The resulting encrypted data, along with your
    display name and a hash of the certificate, is
    stored in a named stream in the file that
    contains EFS metadata.
  • When EFS decrypts a file, it uses your private
    key to decrypt the symmetric encrypting key. EFS
    then uses the symmetric key to decrypt the data.

16
File Encryption is DES
  • Actually DESX but the idea is the same it
    operates like XOR the number of bits is the
    number of tries needed to guess the key brute
    force (without studied cryptoanalysis).
  • 40 bits for International
  • 56 bits for US
  • 128 bits can be downloaded from MS Support
  • File Encryption Key Uses a Random (40, 56 or 128
    bit) Number (randomness is probably very good,
    but not cypher quality)
  • You can bet somebody somewhere has characterized
    the non-randomness already (havent seen a
    publication)
  • This means WHAT? You should know the answer to
    this!

17
Process
  • You right click and set property to encrypt a
    file/directory
  • If you dont have a user public/private keypair
    one is automatically generated in the
    background in your domain
  • Done once, you are done forever.
  • You can have others need management
  • The private/public key pair gains access to the
    session key for the file.

18
When it wont work
  • System bit set (system files cant be encrypted)
  • Compressed files (files marked compressed).
  • Read-Only files (this is because the file has to
    be written, temporarily, to be read).
  • FAT32 or any other FS than NTFS
  • Copy should be checked
  • Works because the file owner is always the file
    owner.

19
Cipher utility
  • Why would you want to encrypt an encrypted file?
    Try being administrator and user.
  • Data Decryption Field (certs), and Data Recovery
    Field (certs)
  • Encrypt a file as a user, and see if you can
    decrypt it as somebody else (who is the default
    recovery manager).
  • Note efsrecvr.exe as the Encrypted File System
    RECoVeR program you can use. You can also do this
    by right clicking and the security properties,
    owner.

20
Cert (X.509) EFS Solution
  • Many certs can hide the SAME private/ symmetric/
    session FEK (file encryption/decryption key) for
    a file.
  • These certs are SPECIAL FILE ENCRYPTION CERTS
    (using the users private/public key)
  • http//support.microsoft.com/support/kb/articles/Q
    273/8/56.ASP
  • The file can have several depending on the CERT
    which is user Data Decryption Field
  • The file can have several recovery agents can
    have several depending on the CERT which is the
    recovery agent user.

21
User and Kernel Mode
  • MS has decided to keep encryption/decryption in
    Kernel Mode
  • This requires careful user Mode handling (NTFS
    calls EFS in complete privacy)
  • Cryptographic Provider (right now, the Microsoft
    Base defined for cryptoAPI. Could be smart
    card or external code/box).
  • There is another secret mode (SMI) that MS
    doesnt use.

22
CryptoAPI EFS Components
User Mode
USER APPLICATION
CryptoProvider RSA Private Key STORE
CryptoAPI
Encrypts Communication
NTFS
EFS
Msdn.microsoft.com search KSecDD Inside
Encrypting File System
Kernel Mode
23
CryptoAPI EFS Components
User Mode
BIOS Real Mode Phoenix Technologies Device
Responsibility
USER APPLICATION
CryptoProvider RSA Private Key STORE
CryptoAPI
Encrypts Communication
NTFS
EFS
Msdn.microsoft.com search KSecDD Inside
Encrypting File System
Kernel (Real) Mode
24
Problems with File Encryption System
  • There is no integrity checking on files (PAAA
    only)?
  • WRONG There is, I, but only for the encryption
    header not the files themselves
  • The symmetric key is not necessarily just yours
  • You and anybody else allowed
  • Recovery cert owner.
  • Note, the EFS symmetric key in your local X.509
    is not yours but is the file or directorys
    the containers. (Uses special hidden certs)
  • But! A private key is used to open the certs
    encrypted with the public key. You have to steal
    a private key of an RSA pair.
  • Many attacks
  • Clear text file may exist (not deleted)
  • Crypto-API is in the clear (NOT kernel)
  • You cant revoke the File Encryption Certificate

25
File Encryption Experience
  • Ease of use
  • Is there a way to have truly private files here?

26
Encrypting File System (EFS)
  • Think like SSL and others uses RSA for
    authentication/authorization and Private Session
    Key for actual encryption/decryption

27
Break!
28
Sidebar 3000 bit encryption
  • Answer Yes, but.
  • It wont hurt but it probably doesnt matter.
    128 bit is
  • 1.70141183460469e38
  • 1 in 170,141,834,604,690,000,000,000,000,000,000,0
    00,000 tries
  • Slightly better than 6 in 9999 (your PIN on your
    bank account).
  • 86,400 seconds in a day, 31,500,000 in a year.
    3,150,000,000 in 100 years.
  • Need 54,000, 000,000, 000,000, 000,000,000,000
    Guesses a Second (div by 2)
  • 54 billion trillion operations per second with
    the expectation that in 50 years youll get it.
  • On the other hand, feel free.

29
IPSec Classic Network Attacks
  • Snooping
  • Spoofing (TCP sequence numbers)
  • Password Compromise
  • Denial of Service Attacks (DoS)
  • TCP SYN open tons of TCP connections
  • SMURF drown with ping
  • Teardrop fragmentation reassembly
  • Ping of Death fake fragmentation parameters
  • Man-in-the-middle Attacks
  • Application-Level Attacks
  • Key Compromise

30
IPSec is End to EndIPAxx
  • Client to Client
  • Transport Mode
  • One Authenticates but doesnt encrypt
  • One Authenticates and Encrypts
  • Gateway to Gateway
  • Tunnel Mode (client to client is encapsulated)
  • Authenticates, Encrypts, and also hides source
    and destination!

31
IPA
  • Integrity
  • Uses a hash (called signature or fingerprint)
  • Authentication
  • Preshared key authentication
  • Nonce to confirm shared key
  • Kerberos authentication (essentially the same)
  • PK certs
  • Confidentiality/Privacy/Encryption
  • DES (3DES, triple DES)
  • CBC (Cipher Block Chaining)
  • Very akin to One Time Pad philosophy
    (approximates it).

32
IPSec Detail
  • Authentication Header (AH)
  • Encapsulating Security Protocol (ESP)
  • Orig IP Header AH TCP DATA (transport mode)
  • Authenticates whole packet
  • Orig IP Header ESP Header TCP DATA ESP
    Trailer ESP Authentication (transport mode)
  • Authenticates whole ESP but not IP Header
  • Encrypts TCP-Trailer
  • New IP Header ESP Header Orig IP Header TCP
    DATA ESP Trailer ESP Authentication
  • Authenticates whole ESP but not IP Header
  • Encrypts Original IP header to ESP Trailer

33
Uses Cyphersuite
  • Calls it security parameters index
  • Encryption DES or 3DES
  • Hash SHA1 or MD5
  • Session Key (not in a cyphersuite)
  • Diffie-Hellman provides the method of arriving at
    a shared secret to manage key exchange
  • Also uses RSA (see RFC)

34
Three Flavors of Network Security in IPSec
  • Not Secret but it is Authentic!
  • Secret and Authentic Client to Server
  • But Routing is KNOWN
  • Secret and Authentic and Routing (Inside
    Firewall/Gateway) is Secret Too.
  • Tunnelled through the Open Infrastructure,
    Gateway-to-Gateway
  • Defaults include using if you can, and requiring
    use (on pain of failure to communicate at all).

35
NOW SMART CARD!!!
  • REALLY GOOD AUTHENTICATION!
  • What you know
  • What you have
  • Biometric

36
Smart Card
  • ISO 7816
  • Not OK for software/reader/writer interface
  • PC/SC Workgroup
  • www.pcworkgroup.com
  • www.microsoft.com/security/tech/smartcards -gt
  • http//www.microsoft.com/technet/security/smcdtech
    .asp
  • Dumb and Smart
  • Dumb Just store info (deprecated)
  • Useful in facility security but can be
    counterfeited easily
  • Smart (ICC) have a processor, can hide a private
    key,
  • These can act as full crypto service providers
  • Very very hard to counterfeit (if actually
    possible)

37
Smart Card
  • ISO 7816
  • Not OK for software/reader/writer interface
  • PC/SC Workgroup
  • www.pcworkgroup.com
  • www.microsoft.com/security/tech/smartcards -gt
  • http//www.microsoft.com/technet/security/smcdtech
    .asp
  • Dumb and Smart
  • Dumb Just store info (deprecated)
  • Useful in facility security but can be
    counterfeited easily
  • Smart (ICC) have a processor, can hide a private
    key,
  • These can act as full crypto service providers
  • Very very hard to counterfeit (if actually
    possible)

38
ICC Smart Cards
  • Really secure!
  • Two Factor Authentication
  • Both a password (PIN) and an RSA Key
  • Three password tries and you are out
  • Administrator
  • Three password tries and he is out
  • Six Tries and you have a dead card
  • Even a smart card reader sniffer cant sniff
    the private key operation
  • BUT IT CAN SNIFF THE PASSWORD (PIN)!!!
  • Sniff the guy, steal his card. Youre In.
  • Phoenix Technologies Wave Systems Device
    Responsibility to Guard Keyboard Sniffers

39
Typical Smart Card Operation
Smart Card
System
Smart Card Waits to Hear its PIN to Start Talking
System Generates Nonce For Smart Card
Smart Card Demonstrates it Knows Private Key by
Encrypting Nonce
System Gets Public Key From Its Store Or Smart
Card Store CA!
System Uses Public Key to Prove Smart Card is Who
it Says it is.
Smart Card can Manufacture Certs for System as
Requested
40
ICC Smart Card Programming
  • To Store Data (not particularly for security but
    perhaps for mobile privacy e.g., health
    records).
  • To alter conditions for PIN or other conditions
    for gaining access to RSA signing. Unclear if
    this is always supported.

41
Windows 2000 IPAAA Model
42
Windows 2000 IPAAA Model
User Agents
DACLs
File Encrypt
Kerberos
Authenticode
SACLs
Smartcard
IPSec
43
Features of Win 2000
  • Multiple methods of authenticating internal and
    external users
  • Protection of files through easy to use
    encryption
  • Protection across network through transparent
    encryption
  • Per-property access control for objects (many
    more detailed uses than read, write, and execute)
  • Smart card support for authentication and hiding
    private keys
  • Transitive trust relationships between domains
  • Public Key Infrastructure (PKI Certs handled
    transparently).
  • Code itself is routinely authenticated as to its
    source using PKI.

44
Cert 101
  • The Cert is not encrypted but is encoded (the
    only thing that is encrypted is the hash This
    is technically called signed)
  • The signed hash can be
  • Self signed the public key will immediately
    open the hash allowing you to verify the text is
    right.
  • CA signed a CA public key (and possibly your
    public key in succession) will open it. This
    verifies that you are you and the CA verifies you
    are you.

45
Encryption and Cert Based Access Control
  • Cert is basically
  • Housekeeping Some plain text about the version
    of X.509, the cryptosuites being used, and a
    certificate number
  • Some plain text information about the owner
  • A plain text date to start and and date to expire
  • A plain text public key
  • Some extra plain text whatever you want
  • Different certificate types define different
    fields here
  • A signed hash of the above stuff

46
Certificate Formats
  • PKCS10 Format for a requestor just unsigned.
  • PKCS7 Format for a signed certificate
  • PKCS is at www.rsa.com/rsalabs/pkcs

47
PKCS-7 Signing
  1. For each signer, a message digest is computed on
    the content (H(M1))
  2. For each signer, the message digest and
    associated information are encrypted with the
    signers private key (E(H(M1)M2).
  3. For each signer, the encrypted message digest and
    other signer-specific information are turned into
    a certificate (C(E(H(M1)M2)M3).
  4. All the certificates are rolled up into a Signed
    Data sequence
  5. Info certificates certificaterevocations
  6. AltltBgtgtBltltCgtgtCltltDgtgt
  7. Public Key A (from CA) gives you your public key
    D.

48
EFS (Encrypted File System)
  • A PKCS-7 can have info that can be used to send a
    message to a user agent to verify that he left
    the certificate.
  • It can hide a symmetric key encrypted with the
    public key of the user.

49
Minor Technicalities
  • It isnt all X.509v3 (but, really, it is)
  • The use of the certificate defines the content.
    Any issuing authority can issue different kinds
    of certificates and these are not always
    compatible.
  • However, the principle is universal
  • Sign the hash with your private key to prove its
    you.
  • Distribute a public key
  • You might encrypt the public key or other
    information as is the case with the successive
    unfolding of a sequence of certificates.
  • X.509v3 allows for recursive signing but it isnt
    used.

50
Using Certs
  • I can prove you are you
  • Smart Cards are really strong!
  • They dont really need a CA!
  • Register the smart card with the machine.
  • It is absolutely unique and cant be
    counterfeited!
  • Other CA opportunities
  • What happened to Notaries???!!!!????
  • Wouldnt it be nice if you could walk down the
    hall and the exec secretary could be the legally
    recognized CA?
  • Notaries are trained, etc.
  • Alternate CA rules
  • Are there other ways to prove you are who you say
    you are.
  • To prove this software or data is who it says it
    is
  • A master server on the net that can automatically
    sign anything given to it.
  • The date/time/name become the master object
    itself.

51
Using Certs 2 Non-repudiable Agreements
  • Certs (typically two) can represent an agreement.
  • Here is the text of the agreement
  • Here is the date and time of the agreement
  • Here is your signed digest of the content.
  • Here is my signed digest of the content.
  • We both have copies.
  • Now, you say you didnt agree, but I bring out
    your signed certificate to prove you did.
  • Now, I say I didnt agree, but you bring out my
    signed certificate to prove that I did.
  • The proof is irrefutable. I could not
    manufacture your certificate.

52
Using Certs 3 Anonymizing
  • A different use of certs.
  • I wont tell you who I am.
  • I just give you a signed authorization to spend
    200 or to log into the computer as John Smith.
  • The signer guarantees or vouches for me.
  • The X.509v3 lets you do this.

53
Privacy Services
AGENT
INTERACTION
CONTROL
VALIDATION
NEGOTIATION
Personal Information
USAGE
INDIVIDUAL ACCESS
Policy
AUDIT
PROCESS CERTIFICATION
ENFORCEMENT RECOURSE
LOG
54
Anonymizing Smart Cards
  • A smart card that can sign for an authority and
    also sign for an individual.
  • This could be a recursive sign
  • This way the authority cannot be held responsible
    unless he knows the person who put him at risk.
  • Alternatively, a third party anonymizer that
    provides the anonymous certificate (this is a
    valuable web sitestopped before Sept 21, 2000 by
    RSA!).

55
Anonymous Smart Cards
  • Anonymous Certs could provide special mailing
    information
  • Contact me at mrpepper_at_hotmail.com
  • It could provide anonymous profiling
  • I am 50 years old. White. Worth X dollars, send
    mail to me at mrpepper_at_hotmail.com, but you cant
    find out who I really am.
  • Microsoft Smart Cards, Inc., will attest to this.

56
Agents
  • Converse side of CA
  • You sign to give your agent rights
  • The agent can now bind you

57
Certs on/from Objects
  • EFS
  • Prove the owner has the right. User object has
    to decrypt the symmetric key that decrypts the
    object.
  • Authenticode
  • Prove the code is the code because the cert on it
    hashes the code to prove its integrity and the
    hash is signed to prove that it came from who it
    is said to be from.
  • You have to trust Microsoft Corporation
  • This means that the certificate simply said
    Microsoft Corporation, Inc. but what if it had
    said Microsoft Inc. (of Zimbabwe, Africa)?

58
PKI
  • You should learn that Microsoft has implemented
    what you already learned about PKI and
    Cryptography
  • They have integrated this into the OS (making it
    easy and transparent)
  • Look at Hierarchical Certification (a parent Cert
    unlocks many children, and each of them can
    unlock many children)
  • Look at types of Certs (people, code, things)
  • Types and Hierarchy of authority basis for
    corporate PKI and Win 2000 PKI.

59
PKI works with two mechanisms
  • Using the CA public key to unfold the signing
    to your public key (typically, the CA signs your
    PK cert).
  • He vouches for you in a way that cannot be denied
  • Key compromise
  • Key revocation is a problem
  • A file or resource has access granted by the
    demonstration that the requestor can privately
    encode that the resource can publicly decode (or
    that the resource can publicly encode that the
    requestor can privately decode).
  • You can have MORE than one PK on a file or
    resource
  • Example was revocation list
  • User (not group) is a owner of a private/public
    key
  • Can let Windows Base Crypto Services or Smart
    Card.

60
Features of Win 2000
  • Multiple methods of authenticating internal and
    external users
  • Protection of files through easy to use
    encryption
  • Protection across network through transparent
    encryption
  • Per-property access control for objects (many
    more detailed uses than read, write, and execute)
  • Smart card support for authentication and hiding
    private keys
  • Transitive trust relationships between domains
  • Public Key Infrastructure (PKI Certs handled
    transparently).
  • Code itself is routinely authenticated as to its
    source using PKI.

61
End of Windows 2000 SecurityRemember Planning!
  • Security group strategies
  • Local, Global (Domain), and Universal (new)
  • Group policies
  • Access Control, Auditing, (security policy)
  • Network logon Authentication
  • Info Security (encryption)
  • Primary Domain Controller First then Backups
  • You cant back out You cant add new (old) NT
    into system in Win 2000
Write a Comment
User Comments (0)
About PowerShow.com