Πληροφορική ΙΙ...

Click here to load reader

download Πληροφορική ΙΙ Ασφάλεια Υπολογιστών  και Δικτύων

of 124

  • date post

    23-Jan-2016
  • Category

    Documents

  • view

    38
  • download

    0

Embed Size (px)

description

Πληροφορική ΙΙ Ασφάλεια Υπολογιστών και Δικτύων. Τμήμα Μηχανικών Σχεδίασης Προϊόντων και Συστημάτων Πανεπιστήμιο Αιγαίου Δημήτρης Λέκκας dlek @aegean.gr. Υπάρχει Πρόβλημα;. Πρωτογενής όροςΑπόδοση Security= Ασφάλεια Safety= Ασφάλεια Insurance= Ασφάλεια Assurance= Ασφάλεια - PowerPoint PPT Presentation

Transcript of Πληροφορική ΙΙ...

  • dlek@aegean.gr

    ;

    Security=Safety=Insurance=Assurance=Police=Fuse=

    (1)Security: (Oxford Dictionary)Freedom from danger or anxiety: () , . ,

    (2) : (prevention) (detection) (recovery) ;

    ,

    (1) (asset) (harm-damage) (danger) (owner/user) - .

    (2) (safeguard) (cost) . (infosec goal) ,

    (3) (assurance) , . (attribute) , .

    : /

    (Asset), ... (User), ... (Danger), , ... (Goal), ... (Assurance), , , (Safeguard), , , ...

    : (1) +++

    ; ,

    --

    ()

    (1) (access) (information access) (system access)

    (2) (integrity) (authenticity) (validity) ,

    (3) (availability) (information availability) (system availability)

    (4) (confidentiality) (accountability) (security) , : ,

    (5) (information security) , , (IT system security) (IS security) ,

    : A

    (1) :

    ;

    (2) ; , ; ;

    . ; , ;

    , , : , , , ... , , : , PIN : (EMV) , DNA : , ,

    : ( - claimant) (evidence) ( - relying party) (identity) : (.. ) (.. ) (.. ) (.. ) (.. , GPS, IP)

    (1) (password) : . .

    (2) :

    : :

    : (.. , , ) : (dictionary attack): (brute force attack): (.. 1234 ABCD).. L0ptcrack.exe

    (1) (.. , manager, system ) : |p| = 36* 3 : |p| = 363+362+36 = 47988 10 : |p| 3610 3x1015 UNIX 8 ! (.. , , , )

    (2) (.. )

    (3) . : . : :

    : (.. CTRL+ALT+DEL) (.. ) :

    (.. Unix: /etc/passwd) (.. Windows 2000) (shadow files, .. /.secure/etc/passwd)

    Unix : : : : : : : /etc/passwd:aiolos% more /etc/passwdroot:yDfccTr18tfOX:0:1:Super-User:/:/sbin/shdlek:Xmot10TvoyUmg:1021:10:Dimitris Lekkas:/export/home/dlek:/bin/cshtmos:J9exPd97Ftlbn:1020:10:Tasos Moschos:/export/home/tmos:/bin/csh

    (1) (one-way function): : y = f (x) : x = f 1 (y) ( ) (hash) : md5 (message digest) 128 bits. SHA (secure hash algorithm) 160 bits. : x1 x2 , f(x1) f(x2) . x1 x2 f(x1)=f(x2)( - Collision resistant)

    (2) () ( 128 bit)2128 ~ 3,4*1038 x1x2x3y1y2y3

    Unix Windows (p) . , h = f(p), . : p h. : po ho = f(po), ho = h. ho = h po = p, .: :

    g01fhash functionj1mq9xy3:() 1:golfhash functionnks8hwia() 2:g01fhash functionj1mq9xy3():j1mq9xy3???( )

    - (challenge-response) (1) () p : c (challenge) c -. po -. - ro = hash(po c) ( = XOR) - ro r = hash(p c) r = ro p = po .

    - (challenge-response) (2) ; p : ; p

    S/Key (1): : Lamport (1981)

    S/Key (2) (Lamport)p0p1 = hash (p0 )p2 = hash (p1 )p3 = hash (p2 )pn = hash (pn-1 ).pn+1 = hash (pn )1. pn+13. hash(pn) pn+1 2. pn, 4. pn pn+1 pi pi+1, pi-1. p0. 5. pn-1

    event log (windows) syslog (Unix)

    -

    , -

    : 1-1

    ;;;: , (.. ) ROM EEPROM (.. EMV cards, Cryptocards, ) (.. Java cards) PIN :

    - PC card (PCMCIA) USB / RS232 / parallel /

    - - , (.. ) , (.. ) : (.. PIN) :

    SecurID (1) : ,

    SecurID (2)

    SecurID (3) . ( ) 3 , . , . .

    (1) -

    (2) DNA

  • () ( ) , () , (one-way functions) , , .

    :DES, Triple-DESBlowfish, SAFER, CAST RC2, RC4 (ARCFOUR), RC5, RC6

    RSADiffie-Hellman Key Exchange ElGamal, Digital Signature Standard (DSS)

    , . . , . , . .. SSL.

    , . . .

    ; ; ; ;

    .

    , . : ,

    (Hash functions) bits . . , . : RIPEMD-160, MD2, MD5, SHA-1, BSAH, Square-Mod ( : 128-160 bits)

    ; ; . , - .

    EC/93/99 . 150/2001 248/71 ( 603/'/16-5-2002)

    , . , - (Trusted Third Party TTP & Certification Services Provider CSP). ( ) ( ) ( )

    , off-line , ( )

    :

    : - , , , : : , , : : , , : , .

    X.509 v3 Subject Public Key Info: Public Key Algorithm: rsaEncryption Modulus: 00:9a:92:25:ed:a4:77:69:23:d4:53:05:2b:1f:3a: 55:32:bb:26:de:0a:48:d8:fc:c8:c0:c8:77:f6:5d: 61:fd:1b:33:23:4f:f4:a8:2d:96:44:c9:5f:c2:6e: 45:6a:9a:21:a3:28:d3:27:a6:72:19:45:1e:9c:80: a5:94:ac:8a:67 Exponent: 65537 (0x10001) Key Usage: Digital Signature, Key Encipherment, Client AuthenticationSignature Algorithm: md5withRSAEncryption 7c:8e:7b:58:b9:0e:28:4c:90:ab:20:83:61:9e:ab:78:2b:a4: 54:39:80:7b:b9:d9:49:b3:b2:2a:fe:8a:52:f4:c2:89:0e:5c: 7b:92:f8:cb:77:3f:56:22:9d:96:8b:b9:05:c4:18:01:bc:40: ee:bc:0e:fe:fc:f8:9b:9d:70:e3

    Certificate:Data: Version: 3 (0x0) Serial Number: 2003532 (0x0) Signature Algorithm: md5withRSAEncryption Issuer: C=GR, L=Athens, O=University of the Aegean, OU=Certification Authority, CN=ca.aegean.gr, Email=ca@aegean.gr Validity Not Before: Nov 14 17:15:25 2003 GMT Not After : Dec 14 17:15:25 2003 GMT Subject: C=GR, L=Hermoupolis, O= University of the Aegean, OU=Syros, CN=www.aegean.gr, Email=webmaster@aegean.gr

    (Personal or Identity certificate) : . (Server or Device certificate): .. Web server (Role-based certificate): . (Organisational certificate): .. Microsoft Corp (Attribute certificate): . (Group certificate): . (Proxy certificate): , . .. single-sign-on

    : : : . - : ,

    (Qualified Certificates QC) (Signature Verification Data) (.. )

    , (signature creation data) (audit log) , ,

    / Risk Analysis ISO 9000

    (Certificate Status Information CSI) Online Cerrtification Status Protocol OCSP (RFC-2560)delta-CRL: delta-CRL online http, ftp ldap URLs.

    , . . , (.. , , ). . .

    X.509 (ITU)SPKI SDSI - PKIX (IETF)PGPPKCS#6 (RSA)PKCS#10 (RSA)RFC-2511 (IETF)PKCS#7 & PKCS#12 (RSA) RFC-2560: OCSP (IETF)TR 102-030 (ETSI)

    (memory cards): (microprocessor intelligent cards): - (super smart cards): , (Contactless cards): 32Kb : PIN

    (Certificates) (Subjects or Subscribers) (Relying Parties - RP) (Certification Authority - CA) (Registration Authority - RA) (Certification Practice Statements - CPS) (Certificate Policies - CP) (Repositories & Directories) (Interoperability mechanisms ) (Signature-creation data) (Signature-creation device) (Signature-verification data)

    :, , :,

    (single parent) (web-of-trust) (hierarchy) - (cross-certification) (Trusted broker Bridge CA) (Forest Mixed)

    (1)CA-1CA-2Root CACA-2.1CA-2.2

    (2) , - (self-signed) . , . - . (.. , )

    - (cross-certification) (1)N*(N-1)

    - (cross-certification) (2) , ( ) , . 1 (Trust anchor) . , , .

    (Bridge CA) (1) Bridge CA2

    (Bridge CA) (2) (Bridge CA) . ( ) . .

    ABCkAlicemnoEFGHqrpsBobuvw

    Issuer: Aegean RootSubject: Aegean RootPublic Key: 92517Valid from: 1 Jul 00Valid to: 30 Jun 10Signature: 123456Issuer: Aegean RootSubject: AegeanCA1Public Key: 836387Valid from: 1 Aug 00Valid to: 30 Jun 05Signature: 9473567Issuer: AegeanCA1Subject: DeptInfoCAPublic Key: 374985Valid from: 1 Jan 03Valid to: 31 Dec 04Signature: 925364Issuer: DeptInfoCASubject: D LekkasPublic Key: 84583Valid from: 1 Jul 03Valid to: 30 Nov 03Signature: 274625

    : (CSI) :LDAP ( )HTTP ( )FTP () : -

    (TimeStamping Authority TSA) () , NTP GPS

    XML

    binary dataSHA-1AB00123F7B5D01GPS1001531700seconds since 1-1-1900GMT+2+/- 0.13 seconds000532binary dataMD5+RSA

    (Key Distribution Center KDC) :