4. FUERZAS DE RESISTENCIA QUE POSIBILITAN PENSAR Y ACTUAR EL
4.4. EL RESGUARDO COMO INSTITUCIÓN DE CONTROL POBLACIONAL
Encryption is the fundamental technology that protects information as it travels over the Internet. Although strong host security can prevent people from breaking into your computer - or at least prevent them from doing much damage once they have broken in - there is no way to safely transport the information that resides on your computer to another computer over a public network without using encryption.
But as the last chapter explained, there is not merely one cryptographic technology: there are many of them, each addressing a different need. In some cases, the differences between encryption systems represent technical differences - after all, no one solution can answer every problem. Other times, the differences are the result of restrictions resulting from patents or trade secrets. And finally, restrictions on cryptography sometimes result from political decisions.
11.1 Cryptography and Web Security
Security professionals have identified four keywords that are used to describe all of the different functions that encryption plays in modern information systems. The different functions are these:
Confidentiality
Encryption is used to scramble information sent over the Internet and stored on servers so that eavesdroppers cannot access the data's content. Some people call this quality "privacy," but most professionals reserve that word to refer to the protection of personal information (whether confidential or not) from aggregation and improper use.
Authentication
Digital signatures are used to identify the author of a message; people who receive the message can verify the identity of the person who signed them. They can be used in conjunction with passwords or as an alternative to them.
Integrity
Methods are used to verify that a message has not been modified while in transit. Often, this is done with digitally signed message digest codes.
Nonrepudiation
Cryptographic receipts are created so that an author of a message cannot falsely deny sending a message.
Strictly speaking, there is some overlap among these areas. For example, when the DES encryption algorithm is used to provide confidentiality, it frequently provides integrity as a byproduct. That's because if an
encrypted message is altered, it will not decrypt properly. In practice, however, it is better engineering to use different algorithms that are specifically designed to assure integrity for this purpose, rather than relying on the byproduct of other algorithms. That way, if the user decides to not include one aspect (such as
encryption) because of efficiency or legal reasons, the user will still have a standard algorithm to use for the other system requirements.
Nevertheless, encryption isn't all-powerful. You can use the best cryptography that's theoretically possible, but if you're not careful, you'll still be vulnerable to having your confidential documents and messages published on the front page of the San Jose Mercury News if an authorized recipient of the message faxes a copy to one of the reporters. Likewise, cryptography isn't an appropriate solution for many problems, including the following:
Cryptography can't protect your unencrypted documents.
Even if you set up your web server so that it only sends files to people using 1024-bit SSL, remember that the unencrypted originals still reside on your web server. Unless you separately encrypt them, those files are vulnerable. Somebody breaking into the computer on which your server is located will have access to the data.
Cryptography can't protect against stolen encryption keys.
The whole point of using encryption is to make it possible for people who have your encryption keys to decrypt your files or messages. Thus, any attacker who can steal or purchase your keys can decrypt your files and messages. That's important to remember when using SSL, because SSL keeps copies of the server's secret key on the computer's hard disk. (Normally it's encrypted, but it doesn't have to be.)
Cryptography can't protect against denial-of-service attacks.
Cryptographic protocols such as SSL are great for protecting information from eavesdropping. Unfortunately, attackers can have goals other than eavesdropping. In banking and related fields, an attacker can cause great amounts of damage and lost funds by simply disrupting your communications or deleting your encrypted files.
Cryptography can't protect you against the record of a message or the fact that a message was sent. Suppose that you send an encrypted message to Blake Johnson, and Blake murders your lover's spouse, and then Blake sends you an encrypted message back. A reasonable person might suspect that you have some involvement in the murder, even if that person can't read the contents of your messages. Or suppose there is a record of your sending large, encrypted messages from work to your competitor. If there is a mysterious deposit to your bank account two days after each transmission, an investigator is likely to draw some conclusions from this behavior.
Cryptography can't protect against a booby-trapped encryption program.
Someone can modify your encryption program to make it worse than worthless. For example, an attacker could modify your copy of Netscape Navigator so that it always uses the same encryption key. (This is one of the attacks that was developed at the University of California at Berkeley.)
Fundamentally, unless you write all of the programs that run on your computer, there is no way to completely eliminate these possibilities.60 They exist whether you are using encryption or not.
However, you can minimize the risks by getting your cryptographic programs through trusted channels and minimizing the opportunity for your program to be modified. You can also use digital signatures and techniques like code signing to detect changes to your encryption programs.
Cryptography can't protect you against a traitor or a mistake.
Humans are the weakest link in your system. Your cryptography system can't protect you if your correspondent is taking your messages and sending them to the newspapers after legitimately decrypting them. Your system also may not protect against one of your system administrators being tricked into revealing a password by a phone call purporting to be from the FBI.
Thus, while cryptography is an important element of web security, it is not the only part. Cryptography can't guarantee the security of your computer if people can break into it through other means. But cryptography will shield your data, which should help to minimize the impact of a penetration if it does occur.
11.2 Today's Working Encryption Systems
Although encryption is a technology that will be widespread in the future, it is already hard at work on the World Wide Web today. In recent years, more than a dozen cryptographic systems have been developed and fielded on the Internet.
Working cryptographic systems can be divided into two categories. The first group are programs and protocols that are used for encryption of email messages. These programs take a plaintext message, encrypt it, and either store the ciphertext or transmit it to another user on the Internet. Such programs can also be used to encrypt files that are stored on computers to give these files added protection. Some popular systems that fall into this category include the following:
•
Section 11.2.1•
Section 11.2.2The second category of cryptographic systems are network protocols used for providing confidentiality, authentication, integrity, and nonrepudiation in a networked environment. Such systems require real-time interplay between a client and a server to work properly. Some popular systems that fall into this category include the following:
•
SSL•
PCT•
S-HTTP•
Section 11.2.6 and CyberCash•
DNSSEC•
Section 11.2.9•
Kerberos•
SSHAll of these systems are summarized in Table 11.1 and are described in the sections that follow. For detailed instructions on using these systems, please refer to the references listed in the Appendixes.
11.2.1 PGP
One of the first widespread public key encryption programs was Pretty Good Privacy (PGP), written by Phil Zimmermann and released on the Internet in June 1991. PGP is a complete working system for the
cryptographic protection of electronic mail and files. PGP is also a set of standards that describe the formats for encrypted messages, keys, and digital signatures.
PGP is a hybrid encryption system, using RSA public key encryption for key management and the IDEA symmetric cipher for the bulk encryption of data.
Referring to the encryption checklist at the beginning of this chapter, PGP offers confidentiality, through the use of the IDEA encryption algorithm; integrity, through the use of the MD5 cryptographic hash function; authentication, through the use of public key certificates; and nonrepudiation, through the use of cryptographically signed messages.
PGP is available in two ways, as a standalone application and as an integrated email program available from PGP, Inc. The standalone program runs on many more platforms than the integrated system but is more difficult to use. PGP, Inc., is also developing plug-ins for popular email systems to allow them to send and receive PGP-encrypted messages.
A problem with PGP is the management and certification of public keys. PGP keys never expire: instead, when the keys are compromised, it is up to the keyholder to distribute a special PGP key revocation certificate to everyone with whom he or she communicates. Correspondents who do not learn of a compromised key and
The web of trust works for small communities of users, but not large ones. For example, one way that PGP users sign each other's keys is by holding ritualistic key signing parties . Users gather, exchange floppy disks containing public keys, show each other their driver's licenses, whip out their private keys, and then have an orgy of public key encryptions as their private keys are pressed against each other. It's a lot of fun, especially in mixed company. Key signings are a great way to meet people, as they are usually followed by trips to establishments involving the consumption of large amounts of alcohol, pizza, and/or chocolate. Unfortunately, this is not a practical way to create a national infrastructure of public keys.
Another way that PGP public keys are distributed is by the PGP public key servers located on the Internet. Any user on the Internet can submit a public key to the server, and the server will dutifully hold the key, send a copy of the key to all of the other servers, and give out the key to anybody who wishes it. Although there are many legitimate keys in the key server, there are also many keys that are clearly fictitious. Although the key servers work as advertised, in practice they are ignored by most PGP users. Instead of putting their keys on the key servers, most PGP users distribute their public keys on their own personal web pages. PGP's ability to certify identity reliably is severely hampered by the lack of a public key infrastructure.
Our PGP Keys
Another way to get a PGP key is to find it in a trusted location such as printed in a book. Printed below are the key IDS and fingerprints for the authors' keys. The keys themselves may be obtained from the public key servers. If you don't know how to access the key servers, see the references on PGP listed in Appendix E.
pub 1024/FC0C02D5 1994/05/16 Eugene H. Spafford <[email protected]> Key fingerprint = 9F 30 B7 C5 8B 52 35 8A 42 4B 73 EE 55 EE C5 41 pub 1024/903C9265 1994/07/15 Simson L. Garfinkel <[email protected]> Key fingerprint = 68 06 7B 9A 8C E6 58 3D 6E D8 0E 90 01 C5 DE 01
11.2.2 S/MIME
The Multipurpose Internet Mail Extensions (MIME) is a standard for sending files with binary attachments over the Internet. Secure/MIME extends the MIME standard to allow for encrypted email. Unlike PGP, S/MIME was not first implemented as a single program, but as a toolkit that was designed to be added to existing mail packages. Because this toolkit comes from RSA Data Security and includes licenses for all necessary algorithms and patents, and because the major companies selling email systems already have a business relationship with RSA Data Security, it is possible that S/MIME will be adopted by many email vendors in preference to PGP.
S/MIME offers confidentiality, through the use of user-specified encryption algorithms; integrity, through the use of user-specified cryptographic hash function; authentication, through the use of X.509 v3 public key certificates; and nonrepudiation, through the use of cryptographically signed messages. The system can be used with strong or weak encryption.
To send people encrypted mail with S/MIME, you must first have a copy of their public keys. It is expected that most S/MIME programs will use X.509 v3 public key infrastructures such as those being built by VeriSign and other certification authorities.
11.2.3 SSL
The Secure Socket Layer (SSL) is a general-purpose cryptographic protocol for securing bidirectional communication channels. SSL is commonly used with the TCP/IP Internet protocol. SSL is the encryption system that is used by web browsers such as Netscape Navigator and Microsoft's Internet Explorer, but it can be used with any TCP/IP service.
SSL connections are usually initiated with a web browser through the use of a special URL prefix. For
example, the prefix "https:" is used to indicate an SSL-encrypted HTTP connection, whereas "snews:" is used to indicate an SSL-encrypted NNTP connection.
SSL offers confidentiality through the use of user-specified encryption algorithms; integrity, through the use of user-specified cryptographic hash function; authentication, through the use of X.509 v3 public key certificates; and nonrepudiation, through the use of cryptographically signed messages.
11.2.4 PCT
PCT is a transport layer security protocol similar to SSL that was developed by Microsoft. Reportedly, the acronym has had several expansions: the current favored one is Private Communications Technology. PCT was developed in response to problems with SSL 2.0; these problems were also addressed in SSL 3.0. Although Microsoft is supporting SSL 3.0 and TLS, the new Transport Layer Security model, Microsoft intends to continue supporting PCT because it is being used by several large Microsoft customers on their corporate intranets.
11.2.5 S-HTTP
S-HTTP is a system for signing and encrypting information sent over the Web's HTTP protocol. (The "S" stands for Secure.) S-HTTP was designed before SSL was publicly released. It includes some nifty features, such as the ability to have presigned documents reside on a web server. But S-HTTP is largely a dead protocol because Netscape and Microsoft have failed to implement it in their browsers.
11.2.6 SET
SET is a cryptographic protocol designed for sending encrypted credit card numbers over the Internet. Unlike the other protocols described here, it is still under development.
There are three parts to the SET system: an "electronic wallet" that resides on the user's computer; a server that runs at the merchant's web site; and the SET Payment Server that runs at the merchant's bank.
To use the SET system, you must first enter your credit card number into the electronic wallet software. Most implementations will store the credit card number in an encrypted file on your hard disk or in a smart card. The software also creates a public and a secret key for encrypting your financial information before it is sent over the Internet.
When you want to buy something, your credit card number is encrypted and sent to the merchant. The merchant's software digitally signs the payment message and forwards it to the processing bank, where the Payment Server decrypts all of the information and runs the credit card charge. Finally, a receipt gets sent back to both the merchant and you, the customer.
Banks that process credit cards are excited about SET because it keeps credit card numbers out of the hands of the merchants. That should cut down on a lot of fraud, because it is merchants (and their employees), and not teenage hackers, who are responsible for much of the credit card fraud in the world today.
SET offers confidentiality for credit card numbers, as they are encrypted using the RSA algorithm. But it does not offer confidentiality (and thus privacy) for the other elements of a user's transaction: this was a
compromise necessary to gain approval to export the SET software without restriction. SET does provide for integrity, authentication, and nonrepudiation through the use of message digest functions and digital signatures.
SET is described in some detail in Chapter 16. 11.2.7 CyberCash
CyberCash is an electronic payment protocol similar in purpose to SET. In fact, parts of SET were closely modeled on CyberCash. For a fuller discussion of CyberCash, see Chapter 16.
11.2.8 DNSSEC
11.2.9 IPsec and IPv6
IPsec is a cryptographic protocol designed by the Internet Engineering Task Force to provide end-to-end confidentiality for packets traveling over the Internet. IPsec works with IPv4, the standard version of IP used on today's Internet. IPv6, the "next-generation" IP, includes IPsec.
IPsec does not provide for integrity, authentication, or nonrepudiation, but leaves these features to other protocols. Currently, the main use of IPsec seems to be as a multivendor protocol for creating virtual private networks (VPNs) over the Internet. But IPsec has the capacity to provide authentication, integrity, and optionally, data confidentiality for all communication that takes place over the Internet, provided that vendors widely implement the protocol and that governments allow its use.
11.2.10 Kerberos
Kerberos is a network security system developed at MIT and used throughout the United States. Unlike the other systems mentioned in this chapter, Kerberos does not use public key technology.61 Instead, Kerberos is
based on symmetric ciphers and secrets that are shared between the Kerberos server and each individual user. Each user has his own password, and the Kerberos server uses this password to encrypt messages sent to that user so that they cannot be read by anyone else.
Support for Kerberos must be added to each program that is to be protected. Currently, "Kerberized" versions of Telnet, FTP, POP, and Sun RPC are in general use. A system that used Kerberos to provide confidentiality for HTTP was developed but never made it out of the lab.