NET security and cryptography [1 ed.] 978-0-13-100851-9, 0-131-00851-X

Including the topic of ASP.NET and Web services security, this text provides an in-depth guide to the world of cryptogra

329 26 4MB

English Pages 466 [477] Year 2003

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Content: 1. .NET cryptography and security --
2. Fundamentals of cryptography --
3. Symmetric cryptography --
4. Asymmetric cryptography --
5. Digital signatures --
6. XML cryptography --
7. .NET user-based security --
8. .NET code access security --
9. ASP.NET security --
10. Web services security --
A.A security attack example: The stack overrun --
B. How the RSA cipher works --
C. Using the GNU GMP library --
D. Cryptography and security resources --
E. Exploring Web services.
Recommend Papers

NET security and cryptography [1 ed.]
 978-0-13-100851-9, 0-131-00851-X

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

[ Team LiB ]



Table of Cont ent s

.N ET Se cu r it y a n d Cr ypt ogr a ph y By Pet er Thorst einson , G. Gnana Arun Ganesh

Publisher : Prent ice Hall PTR Pub Dat e: August 18, 2003 I SBN: 0- 131- 00851- X Pages: 496

Securit y and crypt ography, while always an essent ial part of t he com put ing indust ry, have seen t heir im port ance increase great ly in t he last several years. Microsoft 's .NET Fram ework provides developers wit h a powerful new set of t ools t o m ake t heir applicat ions secure. .NET Securit y and Crypt ography is a pract ical and com prehensive guide t o im plem ent ing bot h t he securit y and t he crypt ography feat ures found in t he .NET plat form . The aut hors provide num erous clear and focused exam ples in bot h C# and Visual Basic .NET, as well as det ailed com m ent ary on how t he code works. They cover t opics in a logical sequence and cont ext , where t hey are m ost relevant and m ost easily underst ood. This book will allow developers t o: Develop a solid basis in t he t heory of crypt ography, so t hey can underst and how t he securit y t ools in t he .NET Fram ework funct ion Learn t o use sym m et ric algorit hm s, asym m et ric algorit hm s, and digit al signat ures Mast er bot h t radit ional encrypt ion program m ing as well as t he new t echniques of XML encrypt ion and XML signat ures Learn how t hese t ools apply t o ASP.NET and Web Services securit y [ Team LiB ]

[ Team LiB ]



Table of Cont ent s

.N ET Se cu r it y a n d Cr ypt ogr a ph y By Pet er Thorst einson , G. Gnana Arun Ganesh

Publisher : Prent ice Hall PTR Pub Dat e: August 18, 2003 I SBN: 0- 131- 00851- X Pages: 496

Copyright I nt egrat ed .NET Series from Obj ect I nnovat ions and Prent ice Hall PTR Preface Or ganizat ion Sam ple Program s Web Sit e Acknow ledgm ent s Pet er Thorst einson G. Gnana Arun Ganesh The I nt egrat ed .NET Series from Obj ect I nnovat ions and Prent ice Hall PTR I nt roduct ion .NET Program m ing Books .NET Applicat ions and Technology .NET I nt eroperabilit y and Migrat ion Chapt er One. .NET Crypt ography and Securit y The Nat ure of This Book The Nat ure of Crypt ography and Securit y Windows Securit y Com es of Age The .NET Fram ework and t he CLR

.NET Crypt ography Program m ing .NET Securit y Program m ing Sum m ary Chapt er Two. Fundam ent als of Crypt ography Securit y and Keeping Secret s St eganogr aphy Modern Ciphers Crypt analyt ic At t acks I ssues in Hum an I nt eract ion and Trust Sum m ary Chapt er Three. Sym m et ric Crypt ography Sym m et ric Ciphers Program m ing wit h .NET Sym m et ric Crypt ography Key Exchange I ssues Sum m ary Chapt er Four. Asym m et ric Crypt ography Problem s wit h Sym m et ric Algorit hm s The I dea Behind Asym m et ric Crypt ography Exist ing Asym m et ric Algorit hm s RSA: The Most Used Asym m et ric Algorit hm Caveat : Provabilit y I ssues Program m ing wit h .NET Asym m et ric Crypt ography Digit al Cert ificat es Sum m ary Chapt er Five. Digit al Signat ures Hash Algorit hm s How Digit al Signat ures Work RSA Used as a Digit al Signat ure Algorit hm The Digit al Signat ure Algorit hm The Asym m et ric Algorit hm Hierarchy Class Hierarchy Sum m ary Chapt er Six. XML Crypt ography XML Encrypt ion XML Signat ures Com bining XML Signing and XML Encrypt ion Sum m ary Chapt er Seven. .NET User- Based Securit y Aut hent icat ion and Aut horizat ion .NET Securit y Model Adm inist rat ing Windows Securit y Adm inist rat ing .NET Securit y

Perm issions User- Based Securit y Two Approaches t o User- Based Securit y Cr edent ials Securit y Discipline Sum m ary Chapt er Eight . .NET Code Access Securit y The Need for Code Access Securit y Securit y, Managed Code, and t he CLR How CAS I s Used Managing Securit y Policy wit h Code Groups I m perat ive Versus Declarat ive CAS Evidence- Based Securit y Code Access Perm issions Declarat ive Code Access Perm issions Perm ission Request s Perm ission Set s Sum m ary Chapt er Nine. ASP.NET Securit y Fundam ent al Securit y Mechanism s I m plem ent ing ASP.NET Aut hent icat ion ASP.NET Configurat ion Form s Aut hent icat ion Form s Aut hent icat ion Classes Passport Aut hent icat ion Windows Aut hent icat ion I m plem ent ing ASP.NET Aut horizat ion I m plem ent ing ASP.NET I m personat ion Sum m ary Chapt er Ten. Web Services Securit y Basic Techniques in Securing Web Services Aut hent icat e Web Service Using SOAPHEADER Sum m ary Appendix A. A Securit y At t ack Exam ple: The St ack Overrun Appendix B. How t he RSA Cipher Works Modular Arit hm et ic The BigRSA Exam ple Program The CrackRSAWorkFact orDem o Exam ple Program Appendix C. Using t he GNU GMP Library I nst alling Cygwin Test ing Your Cygwin I nst allat ion I nst alling GMP

Uninst alling Cygwin Appendix D. Crypt ography and Securit y Resources Background Knowledge and Concept ual Books Crypt ographic Mat hem at ics Books I m plem ent ing Securit y Guide Books Hum an I nt erest Books on Crypt ography Crypt ography News Groups Useful Crypt ographic and Securit y Web Sit es Appendix E. Exploring Web Services Mot ivat ion for Web Services Web Services Definit ion Backbones of Web Services Next Generat ion of Dist ribut ed Com put ing: Web Services Code Model for Web Services Developing a Sim ple Concat enat e Web Service Prot ocols Accessing a Web Service Asynchronous Program m ing in Web Services Creat ing an ASP.NET Calculat or Web Service Web Services Are St ill Evolving Sum m ary

[ Team LiB ]

[ Team LiB ]

Copyright Library of Congress Cat aloging- in- Publicat ion Dat a

Thorst einson, Pet er. .NET securit y and crypt ography / Pet er Thorst einson and Arun Ganesh. p. cm . I ncludes bibliographical references and index. I SBN 0- 131- 00851- X ( alk. paper) 1. Com put er securit y. 2. Crypt ography. 3. Microsoft .NET. I . Ganesh, Arun. I I . Tit le. QA76.9.A25T48 2003 005.8—dc21

2003051438

Edit orial/ Product ion Supervision: Jacquelyn Doucet t e Acquisit ions Edit or: Karen Get t m an Market ing Manager: Curt Johnson Manufact uring Buyer: Carol Melville Cover Design: Ant hony Gem allaro Cover Design Direct ion: Jerry Vot t a I nt erior Series Design: Gail Cocker- Bogusz © 2004 Pearson Educat ion, I nc. Publishing as Prent ice Hall Professional Technical Reference Upper Saddle River, NJ 07458 Prent ice Hall books are widely used by corporat ions and governm ent agencies for t raining, m arket ing, and resale. The publisher offers discount s on t his book when ordered in bulk quant it ies. For m ore inform at ion, cont act Corporat e Sales Depart m ent , phone: 800- 382- 3419; fax: 201- 236- 7141; em ail: [email protected] . Or writ e Corporat e Sales Depart m ent , Prent ice Hall PTR, One Lake St reet , Upper Saddle River, NJ 07458. Product and com pany nam es m ent ioned herein are t he t radem arks or regist ered t radem arks of t heir respect ive owners. All right s reserved. No part of t his book m ay be reproduced, in any form or by any m eans, wit hout perm ission in writ ing from t he publisher.

Print ed in t he Unit ed St at es of Am erica 10 9 8 7 6 5 4 3 2 1 Pearson Pearson Pearson Pearson Pearson Pearson Pearson Pearson

Educat ion LTD. Educat ion Aust ralia PTY, Lim it ed Educat ion Singapore, Pt e. Lt d. Educat ion Nort h Asia Lt d. Educat ion Canada, Lt d. Educación de Mexico, S.A. de C.V. Educat ion—Japan Educat ion Malaysia, Pt e. Lt d.

[ Team LiB ]

[ Team LiB ]

Integrated .NET Series from Object Innovations and Prentice Hall PTR C# I nt roduct ion t o C# Using .NET Oberg Applicat ion Developm ent Using C# and .NET St iefel/ Oberg I N TEROPERABI LI TY AN D M I GRATI ON The .NET and COM I nt eroperabilit y Handbook Gordon Migrat ing t o .NET: A Pragm at ic Pat h t o VB.NET, Visual C+ + .NET, and ASP.NET Kat re/ Halari/ Surapaneni/ Gupt a/ Deshpande PERL Program m ing Perl in t he .NET Environm ent Menaker/ Salt zm an/ Oberg VI SUAL BASI C Applicat ion Developm ent Using Visual Basic and .NET Oberg/ Thorst einson/ Wyat t I nt roduct ion t o Visual Basic Using .NET Wyat t / Oberg VI SUAL C+ + .NET Archit ect ure and Program m ing Using Visual C+ +

Thorst einson/ Oberg .N ET APPLI CATI ON S AN D TECH N OLOGY Fundam ent als of Web Applicat ions Using .NET and XML Bell/ Feng/ Soong/ Zhang/ Zhu .NET Securit y and Crypt ography Thorst einson/ Ganesh

[ Team LiB ]

[ Team LiB ]

Preface Over t he last several years, securit y and crypt ography t echnologies have been cont inually increasing in im port ance t o Windows users and soft ware developers. Addit ionally, in som e respect s t he securit y and crypt ographic capabilit ies of 32- bit Windows has reached parit y wit h larger m ini and m ainfram e com put ing plat form s, where securit y has always been a m aj or priorit y. Now, wit h t he advent of .NET, t hese securit y capabilit ies have becom e m uch easier t o im plem ent t han ever before. Of course, a significant invest m ent in effort is st ill required in underst anding t he concept s and acquiring t he skills necessary t o leverage t he m any securit y feat ures provided by .NET. I ndeed, t hat is exact ly what t his book is all about . Alt hough m uch of t he sam e funct ionalit y was provided in t he form of an arcane Win32 C Windows library, t he advent of .NET has m ade securit y and crypt ography program m ing m uch sim pler and m uch m ore powerful t han ever before. The .NET Securit y Fram ework provides a powerful set of securit y and crypt ographic classes t hat are relat ively easy t o use, and t his fram ework is explored t hroughout t his book. This book is int ended t o provide a pract ical and com prehensive coverage on im plem ent ing bot h crypt ography and securit y funct ionalit y on t he .NET plat form . I t is an effect ive t ut orial, providing a large num ber of clear and focused code exam ples.

[ Team LiB ]

[ Team LiB ]

Organization The book is organized int o 10 chapt ers and five appendixes. Chapt er 1 int roduces crypt ography and securit y on t he .NET plat form and provides a nont echnical overview of t he t opics t hat are described in great er det ail in subsequent chapt ers. This first chapt er also provides t he reasoning behind t he layout of t he book and how t he t wo m ain t opics of crypt ography and securit y int errelat e. The purpose of t his chapt er is not t o provide significant dept h or code exam ples, but rat her t o convey concept ual underst anding and t o provide an overview of crypt ography and securit y t echnologies on t he .NET plat form . Chapt er 2 provides a solid t heoret ical background t o prom ot e a deeper insight int o all subsequent chapt ers. The point is m ade t hat all securit y is based on crypt ography, and, t o underst and crypt ography in a m eaningful way, it is necessary t o first underst and several basic t heoret ical crypt ographic concept s. Chapt ers 3, 4, 5, and 6 provide det ailed hands- on .NET program m ing exam ples, using sym m et ric algorit hm s, asym m et ric algorit hm s, digit al signat ures, and XML crypt ography, respect ively. Chapt ers 7 and 8 cover .NET program m ing wit h user- based securit y and code access securit y, respect ively. Chapt er 9 int roduces ASP.NET securit y program m ing, and Chapt er 10 int roduces .NET Web Services securit y program m ing. Each aspect of .NET crypt ography and securit y is dealt wit h in t he proper cont ext and sequence, where t hey are m ost relevant and m ost easily underst ood. Appendixes describe a few addit ional t opics, such as securit y at t acks and addit ional crypt ography- relat ed m at hem at ical t opics. This book is int ended t o be a pract ical t ut orial wit h m any succinct program m ing exam ples t hat focus on specific and individual concept s. Also, t he focus of t he book is on pract ical .NET securit y program m ing rat her t han on adm inist rat ive securit y t asks. This book provides sufficient background inform at ion t o enable t he reader t o clearly see why securit y and crypt ography are crit ically im port ant t o m odern soft ware developm ent . The goal is t o equip t he reader t o begin building significant applicat ions using t he .NET Securit y Fram ework. This book is part of The I nt egrat ed .NET Series from Obj ect I nnovat ions and Prent ice Hall PTR. [ Team LiB ]

[ Team LiB ]

Sample Programs The best way t o learn about a significant class library such as t he .NET Securit y Fram ework is t o read and writ e m any program s. This book provides m any sm all program s t hat illust rat e each of t he pert inent feat ures of .NET in isolat ion, which m akes t hem easier t o underst and. The program s are clearly labeled in t he t ext , and t hey can all be found in t he soft ware dist ribut ion t hat accom panies t his book. These sam ple program s are provided in a self- ext ract ing file on t he book's Web sit e. When expanded, a direct ory st ruct ure is creat ed whose default root is c:\ OI \ N e t Se cu r it y . The sam ple program s, which begin wit h t he second chapt er, are in direct ories Ch a p0 2 , Ch a p0 3 , and so on. All t he sam ples for a given chapt er are in individual folders wit hin t he chapt er direct ories. The nam es of t he folders are clearly ident ified in t he t ext . This book is part of The I nt egrat ed .NET Series. The sam ple program s for ot her books in t he series are locat ed in t heir own direct ories underneat h \ OI , so all t he .NET exam ples from all books in t he series will be locat ed in a com m on area as you inst all t hem . These program s are furnished solely for inst ruct ional purposes and should not be em bedded in any soft ware product . The soft ware ( including inst ruct ions for use) is provided " as is" wit hout warrant y of any kind. [ Team LiB ]

[ Team LiB ]

Web Site The Web sit e for t he book series is locat ed at ht t p: / / www.obj ect innovat ions.com / dot net .ht m . A link is provided at t hat Web sit e for downloading t he sam ple program s for t his book. [ Team LiB ]

[ Team LiB ]

Acknowledgments Pet er Thorst einson G. Gnana Arun Ganesh [ Team LiB ]

[ Team LiB ]

Peter Thorsteinson We would like t o t hank Jill Harry from Prent ice Hall for her support in st art ing t his proj ect . Also, we would like t o t hank t he series edit or, Robert Oberg, for his valuable help. [ Team LiB ]

[ Team LiB ]

G. Gnana Arun Ganesh I would like t o t hank m y parent s G.A. Gnanavel and G.N. Vadivam bal for t heir boundless love, pat ience, support and inspirat ion. Also I t hank m y sist er G.G. Saradha for her love, t enderness and com panionship. My deepest grat it ude goes t o m y well wisher Dr. Robert J. Oberg who has encouraged m e t hrough out t his excit ing proj ect . My special t hanks go out t o Mr. Anindo Dey, Mr. Narayana Rao Surapaneni and Mr. Vinod Kum ar for t heir m ot ivat ion and encouragem ent . I wish t o t hank m y co- aut hor Pet er Thorst einson for his guidance and assist ance. Finally let m e t hank t he Alm ight y for providing m e t his opport unit y. We would like t o t hank Em ily Frey, Karen Get t m an, and all of our edit ors for t heir const ruct ive suggest ions t o enhance t he qualit y of t his book. Also we would like t o t hank all of t he reviewers for t heir det ailed com m ent s which helped a lot in updat ing t he subst ance. G. Gnana Arun Ganesh is a Microsoft .NET MVP ( Most Valuable Professional) , developer, aut hor, and .NET consult ant , who leads t he .NET Technology Group at Arun Micro Syst em s, which deals wit h various phases of .NET t echnology. He has been working wit h Microsoft .NET t echnology since it s init ial bet a version. Arun has a bachelor's degree in elect ronics and com m unicat ion engineering from t he Bharat hiar Universit y, Kongu Engineering College. He is t he aut hor and sit e personalit y of t he .NET Reference Guide, published by I nform I T. He is one of t he aut hors of Obj ect I nnovat ions, which offers t raining course m at erials in fundam ent al soft ware t echnologies. As a .NET aut hor, he has published m ore t han 50 art icles on .NET t echnology in various t op .NET Web sit es. As an act ive m em ber of Prent ice Hall's t echnical review panel, he has perform ed m any t echnical reviews, beginning wit h C# : How t o Program , writ t en by Harvey and Paul Deit el. For m ore t han t wo years as t he adm inist rat or of Arun Micro Syst em s, he has provided online .NET t raining all over t he world. June 4, 2003 [ Team LiB ]

[ Team LiB ]

The Integrated .NET Series from Object Innovations and Prentice Hall PTR About t his Series Robert J. Oberg, Series Edit or [ Team LiB ]

[ Team LiB ]

Introduction The I nt egrat ed .NET Series from Obj ect I nnovat ions and Prent ice Hall PTR is a unique series of int roduct ory t o advanced books on Microsoft 's im port ant .NET t echnology. These books are based on proven indust rial- st rengt h course developm ent and applicat ion developm ent experience. The aut hors are expert pract it ioners, t eachers and writ ers who com bine subj ect m at t er expert ise wit h years of experience in present ing com plex program m ing t echnologies. These books t each in a syst em at ic, st ep- by- st ep m anner and are not m erely sum m aries of t he docum ent at ion. All t he books com e wit h a rich set of program m ing exam ples, and t hem at ic case st udies are woven t hrough several of t he books. From t he beginning, t hese books have been conceived as an int egrat ed whole and not as independent effort s by a diverse group of aut hors. There are t hree broad cat egories: N ET Pr ogr a m m in g book s. These books cover bot h t he languages t hem selves and surveys of t he .NET Fram ework using a part icular language. N ET Applica t ion s a n d Te ch n ology. These books cover specific areas of .NET t echnology or applicat ion areas. I n som e cases a specific language is used and, in ot her cases, t he book is about t he t echnology or applicat ion wit hout regard t o a part icular language. .N ET I n t e r ope r a bilit y a n d M igr a t ion. These books cover fundam ent al t echnologies im port ant t o .NET's vision of st rong int eroperabilit y across diverse plat form s. The diagram below gives t he reader a broad overview of t he ent ire series. TI TLES I N TH E I N TEGRATED .N ET SERI ES fr om OBJECT I N N OVATI ON S a n d PREN TI CE H ALL PTR

.N ET Pr ogr a m m in g Book s

Program m ing Perl in t he .NET Environm ent .NET Archit ect ure

I nt roduct ion t o Visual Basic Using .NET

I nt roduct ion t o C# Using .NET

Applicat ion

Applicat ion

Book s

TI TLES I N TH E I N TEGRATED .N ET SERI ES fr om OBJECT I N N OVATI ON S n d PRENApplicat TI CE Hion ALL PTR Archit ect ure Applicataion and Program m ing Using Visual C+ +

Fundam ent als .N ET of Web Applica t ion s a n d Applicat ions Te ch n ology Using .NET and XML .N ET I n t e r ope r a bilit y a n d M igr a t ion

Migrat ing t o .NET

Developm ent Using Visual Basic and .NET

Developm ent Using C# and .NET

.NET Securit y and Crypt ography The .NET and COM I nt eroperabilit y Handbook

YOUR AUTHORS ARE EXPERT PRACTI TI ONERS AND SEASONED I NSTRUCTORS [ Team LiB ]

[ Team LiB ]

.NET Programming Books These books cover im port ant .NET program m ing languages. There are also surveys of t he .NET Fram ework from t he perspect ive of part icular program m ing languages.

Introductory .NET Language Books The first set of books t eaches several of t he im port ant .NET languages. These books cover t heir language from t he ground up and have no prerequisit e ot her t han program m ing experience in som e language. Unlike m any .NET language books, which are a m ixt ure of t he language and t opics in t he .NET Fram ework, t hese books are focused on t he languages, wit h at t ent ion t o im port ant int eract ions bet ween t he language and t he fram ework. By concent rat ing on t he languages, t hese books have m uch m ore det ail and m any m ore pract ical exam ples t han sim ilar books. The languages select ed are t he new language C# , t he great ly changed VB.NET, and t he open source language port ed t o t he .NET environm ent , PerlNET. Visual C+ + .NET is covered in our int erm ediat e book, and JScript .NET is covered in Fundam ent als of Web Applicat ions Using .NET and XML.

Introduction to C# Using .NET This book gives t horough coverage of t he C# language from t he ground up. The book is organized wit h a specific sect ion covering t he part s of C# com m on t o ot her C- like languages. This sect ion can be cleanly skipped by program m ers wit h C experience or t he equivalent , m aking for a good reading pat h for a diverse group of readers. The book gives t horough at t ent ion t o t he obj ect - orient ed aspect s of C# and t hus serves as an excellent book for program m ers m igrat ing t o C# from Visual Basic or COBOL. I t s gradual pace and m any exam ples m ake t he book an excellent candidat e as a college t ext book for advent urous professors looking t o t each C# early in t he language's life cycle.

Introduction to Visual Basic Using .NET This book gives t horough coverage of t he VB.NET language from t he ground up. Like t he com panion book on C# , t his book gives t horough at t ent ion t o t he obj ect - orient ed aspect s of VB.NET. Thus t he book is excellent for VB program m ers m igrat ing t o t he m ore sophist icat ed VB.NET, as well as program m ers experienced in languages such as COBOL. This book would also be suit able as a college t ext book.

Programming Perl in the .NET Environment A very im port ant part of t he vision behind Microsoft .NET is t hat t he plat form is designed from t o support m ult iple program m ing languages from m any sources, and not j ust Microsoft languages. This book, like ot her books in t he series, is root ed in long experience in indust rial t eaching. I t covers t he

Perl language from t he ground up. Alt hough orient ed t oward t he Act iveSt at e PerlNET com piler, t he book also provides excellent coverage of t he Perl language suit able for ot her versions as well.

Intermediate .NET Framework Survey Books The second set of books is focused on t opics in t he .NET Fram ework, rat her t han on program m ing languages. Three parallel books cover t he .NET Fram ework using t he im port ant languages C# , VB.NET, and Visual C+ + . The C# and VB.NET books cont ain self- cont ained int roduct ions t o t he languages suit able for experienced program m ers, allowing t hem t o rapidly com e up t o speed on t he new languages wit hout having t o plow t hrough an int roduct ory book. The design of t he series m akes t hese books m uch m ore t arget ed t han m any sim ilar books. The language em phasis is cleanly broken out int o int roduct ory books, allowing t he int erm ediat e books t o cover t he im port ant t opics of t he .NET Fram ework in great er dept h. The series design also m akes for flexible reading pat hs. Less experienced readers can read t he language book followed by t he int erm ediat e fram ework book, while m ore experienced readers can go direct ly t o t he int erm ediat e fram ework book.

Application Development Using C# and .NET This book covers im port ant t opics in t he .NET Fram ework for experienced program m ers. The reader does not need prior experience in C# , because t here is a self- cont ained t reat m ent , but t he reader should have experience in som e obj ect - orient ed language such as C+ + or Java. A seasoned Visual Basic program m er who has experience working wit h obj ect s and com ponent s in VB could also read t he book. A less experienced reader com ing from t he int roduct ory C# book can skip t he chapt ers on C# and proceed direct ly t o a st udy of t he Fram ework. The book is pract ical, wit h m any exam ples and a m aj or case st udy. The goal is t o equip t he reader t o begin building significant applicat ions using t he .NET Fram ework.

Application Development Using Visual Basic and .NET This book is for t he experienced VB program m er who wishes t o quickly learn t he new VB.NET version of VB and t hen get on t o learning t he .NET Fram ework. I t is also suit able for experienced ent erprise program m ers in ot her languages who wish t o learn t he powerful RAD- orient ed Visual Basic language in it s .NET incarnat ion and go on t o build applicat ions. Like t he com panion C# book, t his book is very pract ical wit h m any exam ples, and t he sam e case st udy is im plem ent ed in VB.NET.

.NET Architecture and Programming Using Visual C++ This parallel book is for t he experienced Visual C+ + program m er who wishes t o learn t he .NET Fram ework t o build high perform ing applicat ions. Unlike t he C# and VB.NET book, t here is no coverage of t he C+ + language it self, because C+ + is t oo com plex t o cover in a brief space. This book is specifically for experienced C+ + program m ers. Like t he com panion C# and VB.NET books, t his book is very pract ical wit h m any exam ples, and it uses t he sam e case st udy im plem ent ed in Visual C+ + .

[ Team LiB ]

[ Team LiB ]

.NET Applications and Technology These books cover specific areas of .NET t echnology or applicat ion areas. I n som e cases, a specific language is used and, in ot her cases, t he book is about t he t echnology or applicat ion wit hout regard t o a part icular language.

Fundamentals of Web Applications Using .NET and XML This book provides t horough coverage of building Web applicat ions using .NET. Unlike ot her books about ASP.NET, t his book gives at t ent ion t o t he whole process of Web applicat ion developm ent . The book incorporat es a review t ut orial on classical Web program m ing, m aking t he book accessible t o t he experienced program m er new t o t he Web world. The book cont ains significant coverage on ASP.NET Web Form s, Web services, SOAP and XML.

.NET Security and Cryptography This book is int ended t o provide t he reader wit h a pract ical and com prehensive t ut orial on im plem ent ing bot h securit y and crypt ography on t he .NET plat form . I t is an effect ive t ut orial, providing a large num ber of clear and focused code exam ples, wit h am ple com m ent ary on how t he code exam ples work. Bot h C# and VB.NET code will be provided for all exam ples. The book is com prehensive, covering all of t he m ost im port ant concept s and t echniques support ed by t he .NET plat form . This book will also provide sufficient background inform at ion t o enable t he reader t o clearly see why securit y and crypt ography are crit ically im port ant t o m odern soft ware developm ent . I m port ant pract ical t opics t hat are covered include Code Access Securit y, Role- based Securit y, ASP.NET Securit y, Digit al Signat ures and Cert ificat e Aut horit ies, as well as Sym m et ric and Asym m et ric Crypt ography using t he .NET Fram ework.

[ Team LiB ]

[ Team LiB ]

.NET Interoperability and Migration These books cover issues of fundam ent al t echnologies im port ant t o .NET's vision of st rong int eroperabilit y across diverse plat form s. They also address issues of m igrat ing t o .NET.

Migrating to .NET: A Pragmatic Path to VB.NET, Visual C++ .NET, and ASP.NET This book gives an int roduct ion t o t he Microsoft .NET plat form and covers t he basic concept s of m igrat ion. I t cont ains a det ailed look on various program m ing languages and t echnologies ( VB.NET, Visual C+ + .NET and ASP.NET) and key differences as well as advant ages over t heir predecessors. The book has det ailed st eps involved in m igrat ion, and it also has a rich set of exam ples and case st udies t o cover im port ant aspect s of m igrat ion like Pre Migrat ion and Post Migrat ion. The last sect ion of t he book has coverage of issues relat ed t o com ponent m igrat ion and int eroperabilit y.

The .NET and COM Interoperability Handbook This book explains t he .NET Fram ework from t he perspect ive of a COM/ COM+ program m er. I t com pares COM/ COM+ and .NET. I t also shows readers how t o use t heir exist ing COM/ COM+ com ponent s from .NET and how t o call .NET com ponent s from t heir Win32/ COM applicat ions. This is not t he kind of cursory coverage of COM int eroperabilit y t hat is found in m ost .NET Fram ework books. We delve deep int o t he subj ect , covering it em s such as t he effect of t he COM Apart m ent t hreading m odel, Act iveX cont rols, lat e binding and t he im pedance m ism at ch bet ween reference count ing in COM and garbage collect ion in .NET. The book also covers how t o use t he COM+ Services from a .NET applicat ion.

[ Team LiB ]

[ Team LiB ]

Chapter One. .NET Cryptography and Security You do not oft en see books t hat discuss bot h crypt ography and securit y wit h equal prom inence. These t wo t opics seem , at least on t he surface, t o be ent irely separat e disciplines, and t hey are usually discussed independent ly of one anot her. Aft er all, how oft en does a net work adm inist rat or wonder about crypt ographic quest ions, such as how hard it is t o fact or a large product of t wo prim e num bers? And how oft en does a m at hem at ician t hink about securit y configurat ion t asks, such as cont rolling access t o it em s in t he Windows regist ry or I nt ernet I nform at ion Services ( I I S) virt ual direct ories? Books on crypt ography t end t o be quit e m at hem at ical and t heoret ical. I n cont rast , books on securit y t end not t o be program m er- orient ed but very hands- on, dealing wit h pract ical issues such as how t o set up a cert ificat e server, how t o creat e a new user account , and so on. Bet ween t hese t wo ext rem es, t here is t he .NET program m er, concerned m ainly wit h problem s t hat are neit her adm inist rat ive nor m at hem at ical in nat ure. However, program m ers are now becom ing increasingly int erest ed in incorporat ing crypt ography and securit y feat ures int o t heir program s. On t he one hand, all securit y- relat ed funct ionalit y is ult im at ely built on t op of crypt ographic foundat ions. I n fact , all real- world securit y prot ocols and t echnologies, such as Kerberos, t he Windows Encrypt ed File Syst em , Microsoft Cert ificat e Server, and all t he .NET Securit y Fram ework classes, are ent irely based on crypt ographic m at hem at ical prim it ives at t heir core. On t he ot her hand, all securit y- relat ed program m ing m ust at som e point int eract wit h t he underlying securit y configurat ion of t he plat form on which it runs t hat is ult im at ely est ablished by an adm inist rat or. I n t his chapt er, we t ake a wide- angle view of .NET crypt ography and securit y, and see how each of t hese m aj or aspect s of securit y and crypt ography fit t oget her int o t he overall .NET program m ing pict ure. I n subsequent chapt ers, we look m ore closely at t he det ailed aspect s of crypt ography and securit y t echnologies on t he .NET plat form .

[ Team LiB ]

[ Team LiB ]

The Nature of This Book This book is writ t en specifically for program m ers int erest ed in .NET securit y and crypt ography, not for syst em adm inist rat ors. Therefore, we do not at t em pt t o describe m ore t han a sm all fract ion of t he skills needed by professional syst em adm inist rat ors. However, every program m er m ust have som e adm inist rat ive skills t o be effect ive soft ware developers, and securit y program m ing is no except ion. Therefore, t his book does explore som e aspect s of adm inist rat ion as it direct ly relat es t o t he t asks of .NET securit y program m ing. This book is also not int ended for professional crypt ographers[ 1] or m at hem at icians, so it does not go t oo far in t hat t heoret ical direct ion eit her. However, t o gain an appreciat ion for what goes on under t he hood, it can be rat her em powering for a program m er t o have som e underst anding of t he underlying crypt ographic t heory and relat ed m at hem at ics, so we provide som e light coverage in t hat direct ion as well. [ 1]

A crypt ographer is one who designs and analyzes crypt ographic algorit hm s, not one who m erely uses a crypt ographic library t o incorporat e crypt ographic and securit y feat ures int o his or her program s.

As a result , t his book t akes a blended approach, covering fundam ent al crypt ography t heory as well as crypt ographic and securit y program m ing on t he .NET plat form . We begin in t his first chapt er wit h an int roduct ion t o som e of t he m ore im port ant overarching concept s of crypt ography and securit y on t he .NET plat form , providing glim pses of t he pieces t hat work t oget her t oward im plem ent ing secure .NET applicat ions. I n Chapt er 2, we look at t he t heoret ical fundam ent als of crypt ography, st art ing wit h t he designs and crypt analysis of som e hist orically significant pencil- and- paper ciphers. Building on t hat t heoret ical fram ework, Chapt ers 3, 4, and 5 describe pract ical .NET program m ing t echniques in t he t hree m ain areas of m odern crypt ography: sym m et ric crypt ography, asym m et ric crypt ography, and digit al signat ures. These t hree chapt ers provide ext ensive exam ple code t hat dem onst rat es how t o work wit h t he relevant .NET Securit y Fram ework classes. Chapt er 6 cont inues t o explore encrypt ion and digit al signat ures, but wit hin t he specialized cont ext of XML crypt ography. Chapt ers 7 and 8 show how t he m ain program m ing t echniques work for im plem ent ing role- based securit y and code access securit y feat ures in .NET program s. Of course, dist ribut ed applicat ions and t he I nt ernet have m ade m any securit y issues m ore im port ant t han ever before, and Chapt ers 9 and 10 cover t he m ost im port ant aspect s of ASP.NET securit y and .NET Web services securit y, respect ively.

Risks Are Everywhere When you st art t hinking about all t he t hings t hat can go wrong, you m ay find yourself wondering if it all becom es a bit silly. The average cit izen is, aft er all, not t ypically under CI A or FBI invest igat ion ( as far as we know) or t he t arget of som e espionage plot . I f you let your im aginat ion go t oo far, m any of t he risks t hat com e t o m ind m ay seem rat her far- fet ched. You m ay even st art t o wonder if you should wrap your head in t infoil j ust in case t he aliens are t rying t o read your brain waves! Nevert heless, even t hough it m ay seem like a paranoid perspect ive, it is indeed t rue: Risks are everywhere, and t he m ore im port ant t he dat a is, t he m ore im port ant t he dat a securit y becom es. I t is act ually quit e surprising how easily and how oft en dangers can crop up unexpect edly in t he world of com put ing.

THINKING LIKE AN ATTACKER You m ay have heard t he old angler's advice: To cat ch a fish, you have t o t hink like a fish. I was never t oo com fort able wit h t hat odd- sounding advice, since it is not at all clear exact ly how a fish t hinks. However, t his advice is very applicable when you apply it t o dealing wit h hum an adversaries. I n part icular, t o prot ect yourself from at t ackers[ 2] and ot her such enem ies, it pays t o put yourself in t heir shoes and t ry t o t hink t he way t hey t hink. [ 2]

We use t he t erm at t acker t o refer t o som eone who gains unaut horized access for t he purpose of st ealing, forging, or dest roying dat a. Such an at t acker is oft en referred t o as a cracker. The t erm hacker is oft en incorrect ly used as a synonym for cracker, m ainly due t o t he confusion t hat is so prevalent in m ass m edia report ing on t echnical t opics. The t erm hacker m ore correct ly refers t o a com put er expert or ent husiast , oft en connot ing ext ensive self- t aught knowledge and an undisciplined at t it ude.

Perhaps one of t he biggest problem s is t hat nice folks like you and m e have a very hard t im e t hinking ult ra- deviously, while t he enem y oft en seem s t o have an endless supply of brainpower, t im e, energy, and m ischievousness. Oft en, all we can do is t ry our best t o play cat ch- up. Unfort unat ely, it is an uneven playing field in t hat if a single at t acker finds j ust a single weakness, t he algorit hm is in j eopardy. I n cont rast , t he weary defender m ust at t em pt t o ant icipat e and deal wit h all pot ent ial weaknesses. To get a feel for t he kinds of t hings t hat t he enem y m ay t ry, let 's look at som e exam ples of t he pot ent ial risks.

EXAMPLES OF RISKS AND PRESCRIBED REMEDIES There is probably no lim it t o t he num ber of ingenious t ricks and t raps t hat can be conceived of by our pot ent ial enem ies. Securit y pit falls t hat garden- variet y em ail users m ight experience are concept ually ident ical t o t he securit y pit falls t hat program m ers m ust also be able t o deal wit h. For exam ple, m ost people do not encrypt t heir em ail correspondence, which is som ewhat analogous t o sending an open post card rat her t han sending a let t er in a sealed envelope. This oversight could be a risk, since it is quit e easy t o int ercept em ail packet s as t hey are rout ed t hrough your I SP and t hrough various rout ers over t he I nt ernet . As anot her exam ple, an em ail virus could cause you grief by random ly select ing m essages from your previously sent em ail and forwarding copies of t hem t o cont act s found in your address book. This could be very em barrassing if not downright cost ly. I f you encrypt ed your sensit ive correspondence, t hen t hese problem s would be solved. I nt ercept ed em ail packet s would be unint elligible, and t he virus j ust described would send only copies of gibberish t o t hose unint ended recipient s. There are even em ail viruses t hat m ake file shares on arbit rarily select ed folders, unexpect edly exposing large am ount s of your inform at ion t o ot hers on your net work. By sim ply encrypt ing t hose folders t hat cont ain sensit ive inform at ion, such unint ended file sharing becom es a nonissue. Of course, you should probably have already updat ed your virus scanner, defensively configured your em ail client program , and applied any necessary securit y pat ches t o avoid t he virus in t he first place. But t hen, em ail and file syst em encrypt ion provides a nice ext ra layer of securit y j ust in case all ot her up- front effort s fail. These exam ples prove t he im port ance of using encrypt ion in t he world of em ail. By analogy, it should be clear t hat encrypt ion is im port ant t o use wherever sensit ive dat a m ay be exposed in t he world of program m ing as well. Using digit al signat ures is anot her way t o avoid securit y risks. Unfort unat ely, m ost em ail users do not have a personal digit al I D for signing t heir im port ant em ail correspondence. I f you do not digit ally sign your m ost sensit ive em ail m essages, t hen som eone could send a fraudulent em ail in your nam e t o som eone in an at t em pt t o fram e you wit h bogus evidence or t o com m it you t o som e com prom ising posit ion. I f you m ake a habit of digit ally signing all of your sensit ive correspondence, t hen t he recipient s of your crit ical m essages will expect a signat ure t hat t hey can verify and t hus will be able

t o discern t hat such a bogus em ail was not act ually from you. This exam ple shows t he im port ance of using digit al signat ures in t he world of em ail, and by analogy, it shows t hat it is also im port ant t o use digit al signat ures where appropriat e in your own program m ing.

A FALSE SENSE OF SECURITY Unfort unat ely, people oft en assum e t hat using a com put er in a fam iliar or rout ine m anner is inherent ly safe, when in fact it is never ent irely safe. Here is a st art ling exam ple: During t he sum m er of 2002, Microsoft accident ally dist ribut ed a copy of t he Nim da worm in it s Korean language version of Visual St udio .NET. Fort unat ely, as it t urned out , t he copy of t he Nim da worm was included in such a way t hat it did not in fact result in any realist ic risk of infect ion t o anyone's syst em . But who would have ever t hought t wice about t he securit y ram ificat ions of inst alling such an applicat ion from such an est ablished and t rust ed soft ware vendor? This news it em was cert ainly a wake- up call [ 3] t o program m ers around t he world! There are m any ot her exam ples in which our im plicit t rust and assum pt ion of securit y t urns out t o be quest ionable or even dangerously wrong. How oft en have you heard of newly discovered securit y vulnerabilit ies, followed short ly by t he announcem ent of a corresponding securit y pat ch? Sadly, t his sort of t hing happens on a m uch t oo frequent basis. The good news is t hat t he .NET Securit y Fram ework and t he .NET plat form can be used t o effect ively prot ect applicat ions and dat a from m any of t hese pot ent ial dangers. Unfort unat ely, securit y will never be a com plet ely solved problem , but .NET goes a long way in helping us writ e program s t hat can prot ect users bet t er t han ever before. [ 3]

Earlier, in t he hist ory of Unix, t here was anot her very int erest ing and convincing wake- up call regarding t he risk we t ake when we blindly t rust t he securit y of t he soft ware t hat we use. To read m ore about it , see what Ken Thom pson ( t he fat her of Unix) has t o say about shaken t rust at ht t p: / / www.acm .org/ classics/ sep95/ . As you will see, t he st ory has a fascinat ing t wist .

Soft ware vendors, syst em adm inist rat ors, program m ers, and users all need t o becom e m uch m ore vigilant of t he m yriad risks and aware of t heir prescribed precaut ions. Everyone m ust be on guard against falling int o a false sense of securit y. Clearly, securit y is an im port ant issue t hat m ust be recognized by all com put ing professionals. This is especially t rue now t hat our world has becom e so heavily dependent on com put ing in alm ost all facet s of our lives, and our syst em s have becom e so t horoughly int erconnect ed by way of t he I nt ernet .

[ Team LiB ]

[ Team LiB ]

The Nature of Cryptography and Security The m aj or focus of t his book is on t he t heory and pract ice of .NET crypt ography and securit y. But when you are in t he t hick of it , it is easy t o lose sight of t he following t wo fundam ent al quest ions regarding t he basic nat ure of crypt ography and securit y: Why are crypt ography and securit y im port ant ? What can and cannot be done wit h crypt ography and securit y? The first quest ion considers why we would want t o use it , and t he second quest ion considers what we act ually accom plish by using it . Let 's t ake a m om ent now, before we get int o all of t he t echnical det ails in t he upcom ing chapt ers, t o consider t hese t wo fundam ent al quest ions in som e det ail. Then, as you read t hrough t he rem ainder of t his book, you m ight want t o keep t hese t wo quest ions in t he back of your m ind.

Why Cryptography and Security Are Important Why are crypt ography and securit y im port ant ? We have all heard of m any exam ples in business, warfare, and m aybe som et im es even personal life where a bit m ore secrecy could have helped avoid cost ly problem s. I n m any ot her cases, severe em barrassm ent and hum iliat ion could have been avoided wit h t he applicat ion of j ust a bit m ore discret ion. Of course, encrypt ion can help you be m uch m ore secure and discret e, [ 4] at least when t he inform at ion is in digit al form . [ 4]

I t is obviously illegal in m ost count ries t o conceal or dest roy evidence t hat is relevant t o a crim e or request ed by court order, so caut ion should be exercised where appropriat e. Discret ion is one t hing, but obst ruct ion of j ust ice is anot her.

There are four m ain aspect s of securit y t hat t ypically present t hem selves: secrecy, aut hent icat ion, int egrit y, and nonrepudiat ion. Obviously, secrecy can be very im port ant in m any cont ext s. Of course, secrecy is im port ant whenever sensit ive inform at ion m ust be prot ect ed from being known by your adversaries. You can also im agine how im port ant it can som et im es be t o know exact ly whom you are com m unicat ing wit h, which is a problem known as aut hent icat ion. I t can be equally im port ant at t im es t o know t hat t he com m unicat ed inform at ion you send or receive cannot be som ehow m anipulat ed or corrupt ed during t ransit or aft er receipt , which is a problem known as int egrit y. You m ay also be concerned wit h t he possibilit y of som eone reneging on an agreem ent t hat you have already m ade wit h him or her, which is t he dast ardly act known as repudiat ion. Securit y prot ocols m ay be devised using digit al signat ures and digit al cert ificat es, as well as sym m et ric algorit hm s, crypt ographic hashes, and Message Aut hent icat ion Codes ( MACs) t hat can be used t o avoid all of t hese problem s of secrecy, aut hent icit y, int egrit y, and nonrepudiat ion.

WHY WORRY IF YOU HAVE NOTHING TO HIDE? Why should you worry about privacy if you have not hing t o hide? This rhet orical quest ion is

som et im es posed by people who naively assum e t hat privacy is of int erest only t o crim inals, subversives, and deviant s wit h dirt y lit t le secret s t o hide. The fallacious argum ent is t hat fine upst anding folks should not need m uch privacy and t hat aggressively pursuing privacy is evidence of crim inalit y or depravit y. I t is im port ant t o recognize t hat st rong privacy really is a legit im at e concern of all good law- abiding cit izens. This is especially t rue if t he aut horit ies t hat you m ust deal wit h are less t han perfect . To shed som e light on t his quest ion, consider how you would react if you were not perm it t ed any privacy. For exam ple, how would you feel if your governm ent passed legislat ion t hat nobody is perm it t ed t o enclose post al let t ers in envelopes and t hat all m edical and banking records m ust be m ade publicly open in a nat ional dat abase? How would you feel if you were not perm it t ed t o prot ect your personal inform at ion from being hij acked by crim inals for fraudulent purposes? How would you like it if all I nt ernet em ail m essages and all Web page access hist ories were archived in a publicly searchable dat abase host ed by www.google.com ? Surely, t he vast m aj orit y of honest and et hical people m ust agree t hat privacy is honorable and legit im at e, and privacy should be recognized as a fundam ent al and inalienable hum an right .

CATEGORIES OF SECURITY ISSUES There are m any exam ples of specific cases t hat could be list ed, but t o avoid going overboard wit h nam ing nam es, let 's look inst ead at som e of t he broad cat egories of securit y issues t hat have proved t o be t he downfall of m any hapless unfort unat es in t he past . For each of t hese, you m ight be able t o t hink of specific exam ples t hat you have heard about in t he news or m aybe even know about personally. Leaks of int ellect ual propert y, m erger and acquisit ion plans, and cont ract s Malicious code, such as evil em ail script s, logic t im e bom bs, viruses, and t roj ans Unaut horized access program m ing t echniques, such as buffer overrun at t acks Bogus m essages from m asqueraders [ 5] [ 5]

Bogus m essages can t ake on several form s. One exam ple is t he m an- in- t he- m iddle at t ack ( also known as TCP hij acking) in which an at t acker pulls packet s from t he net work and m odifies t hem in som e nefarious way, such as changing an account num ber or a dollar am ount , and t hen reinsert s t hem back ont o t he net work. Anot her exam ple is I P spoofing: The at t acker forges a bogus source I P address in each packet t o im personat e som eone else and t hen sends t he spoofed packet s over t he net work. I n it s crudest and sim plest form , a hum an readable m essage, such as a fraudulent em ail, m ay be sent t o swindle an unsuspect ing vict im in som e way.

Cont ract ual agreem ent repudiat ion Bugs t hat corrupt code or dat a When properly planned and applied, .NET crypt ography and securit y feat ures go a long way t o help avoid all of t hese issues.

What Cryptography and Security Can and Cannot Do

Now for t he second quest ion: What can and cannot be done wit h crypt ography and securit y? Alt hough crypt ography and securit y are very im port ant t ools, t hey are not a panacea for all securit y problem s. Knowing what is possible and what is beyond t he reach of crypt ography and securit y is im port ant t o being able t o apply solut ions t o real- world problem s. Let 's first look at what crypt ography and securit y can do.

WHAT CRYPTOGRAPHY AND SECURITY CAN DO Crypt ography and securit y t echnology can help deal only wit h risks t hat relat e t o soft ware design, not wit h issues t hat relat e t o hum an charact er. Just as hum an error appears t o be t he m ost frequent point of failure in t radit ional t ragedies, such as aut om obile and aircraft accident s, it is t he program m er or end user who t ends t o be t he frequent source of securit y failure in t he com put ing world. Som e of t he prot ect ions t hat t he .NET plat form and .NET Securit y Fram ework classes can provide include Privacy of inform at ion Aut hent icat ion of users I nt egrit y of inform at ion Nonrepudiat ion of agreem ent Access cont rol of resources Availabilit y of service I nform at ion privacy can be used t o lim it access t o aut horized users by m eans of encrypt ion. User aut hent icat ion can be used t o ensure t hat users are who t hey claim t o be by m eans of password hash com parison or digit al signat ure verificat ion. I nform at ion int egrit y can be used t o ensure t hat only aut horized users can creat e or m odify inform at ion based on digit al signat ure verificat ion. Nonrepudiat ion can be used t o ensure t hat t he aut hor of a m essage cannot , aft er t he fact , deny t he exist ence of t he m essage or abrogat e an agreem ent defined in t he m essage t hat he or she has digit ally signed. Access cont rol can be used t o ensure t hat access t o inform at ion resources are lim it ed in specified ways t o aut horized users only. Availabilit y of service relat es t o how available a given server applicat ion is when needed. Availabilit y is closely relat ed t o issues of reliabilit y ( i.e., upt im e) . I t is also relat ed t o quot a m anagem ent , which is used t o foil denial- of- service ( DOS) at t acks. Alt hough quot a m anagem ent , which is usually program m at ically built int o server applicat ions, is not direct ly support ed by any specific .NET feat ure at t he current t im e, t he enhanced reliabilit y m ade possible by t he .NET runt im e does help a great deal in im proving availabilit y of service.

WHAT CRYPTOGRAPHY AND SECURITY CANNOT DO Com m only used crypt ographic algorit hm s have been t horoughly analyzed and have st ood up rat her well in a m at hem at ical sense for t heir int ended purposes over t he years. However, real crypt ography is done in t he real world, not j ust in a m at hem at ician's head. I n t he real world, we have a very lovable weak link, affect ionat ely referred t o as t he user,[ 6] who is, aft er all, j ust a hum an being. All t he crypt ography and securit y t hat m at hem at icians, program m ers, and adm inist rat ors can m ust er cannot prot ect against t he user's hum an frailt ies. I t is a fact t hat m any securit y program m ers and

adm inist rat ors—who are t hem selves only hum an—m ake t he m ist ake of focusing far t oo m uch on t he securit y of t his algorit hm or t hat prot ocol, but t he m ost frequent point of failure result s from t he im perfect ions of ordinary folks m uch like you and m e. For exam ple, you can use t he st rongest cipher ever designed in your applicat ion, but if t he user writ es his or her password on a st icky not e at t ached t o t he side of a display screen, t he bat t le is lost . Here are som e of t he t ypes of risk t hat pert ain t o hum an im perfect ions rat her t han t o t he st rengt h of any algorit hm design or crypt ographic t heory. [ 6]

Som e rat her unkind program m ers have a cruel habit of pronouncing t he word user wit h an addit ional leading l. We do not condone t his arrogant pract ice, since, aft er all, if it were not for t he user, we program m ers would not be paid for our effort s.

Lack of t raining, diligence, and discipline Carelessness, such as exposing keys, poor choice of password, or not encrypt ing dat a, I nexperience, gullibilit y, and m isplaced t rust Social engineering at t acks and con- art ist ry Bribery, int im idat ion, and blackm ail Poor soft ware design and coding bugs Crypt ography and securit y are like seat belt s. What is t he use of having fancy prot ect ion if it is not used properly and consist ent ly? Obviously, unencrypt ed dat a is not kept secret , and unsigned dat a can be easily t am pered wit h and repudiat ed. And what is t he point of using a password- prot ect ed applicat ion if t he password is easy t o guess? Effect ive securit y requires vigilance and discipline. Anot her concern is m isplaced t rust . For exam ple, firewalls m ay not be able t o prot ect against a t rust ed but disgrunt led em ployee. Proper securit y policies and procedures as well as effect ive user t raining and m anagem ent are very im port ant for keeping confident ial inform at ion privat e. Social engineering at t acks apply psychological or em ot ional t ricks and lies on t rust ed users t o gain access t o secure syst em s. I n general, you should be ext rem ely skept ical of anyone who says, " You can t rust m e," since t he people you can really t rust rarely need t o t ell you so. One aspect of t his t ype of at t ack t hat m akes it hard t o address aft er t he fact is t hat vict im s of con- art ist ry have a hard t im e adm it t ing t hat t he com prom ise happened. Denial is at t ract ive—aft er all, who want s t o adm it t hat he or she has been foolish or gullible? So, never let your guard down, and if you do, t hen don't let your pride get in t he way of dealing wit h t he result effect ively. Bribery, int im idat ion, blackm ail, and ( heaven forbid) t ort ure is like a social engineering at t ack on st eroids, but on an ent irely m ore evil and illegal level. You m ay t hink t hat t his sort of t hing doesn't happen except in m ovies; unfort unat ely, it also happens in realit y if t he st akes are high and t he part icipant s are vicious. When you t hink about t he econom ics of cipher cracking, you can see why. Let 's say t hat it would cost $50,000 over t hree m ont hs of CPU t im e on a m ult im illion- dollar supercom put er t o crack a key for a given cipher. And let 's say t hat it cost s only $2,000 t o cont ract a gangst er t o apply his own persuasive m et hods t o get t he sam e result in a couple of hours. Now, assum ing t hat you have no m oral com punct ions what soever ( and such people do exist ) , which opt ion would you t ake? Of course, you should st ay wit hin t he law, wat ch t he com pany t hat you keep, and avoid accept ing or giving bribes. But as for t he m ore violent possibilit ies, probably no advice can help you once you are t here. Fort unat ely, t ort ure seem s t o be exceedingly rare in m ost dem ocracies, but it is unfort unat ely a serious hum an right s problem in m any count ries around t he world. [ 7] [ 7]

For m ore det ails on t his gruesom e problem , you m ight want t o visit ht t p: / / www.am nest y.org/ .

Of course, we cannot blam e everyt hing on t he user. There are a few securit y issues t hat crypt ography and securit y cannot deal wit h t hat are also com plet ely beyond t he cont rol of t he user. These are physical securit y and side- channel leakage risks. Physical securit y pert ains t o t hings like how heavy t he door is, how big t he lock is, how t hick t he walls are, and t he caliber of rifle used. Sidechannel leakage relat es t o any form of inform at ion t hat is unint ent ionally leaked from t he com put ing prem ises, which can t hen be det ect ed and int erpret ed in exceedingly clever ways. Physical at t acks, such as break- ins, t heft , and vandalism , cannot be prevent ed by any crypt ographic algorit hm , and it is obviously asking t oo m uch of a t ypical user t o m ount any defense. Obviously, physical problem s need physical solut ions. You m ay not have t he sam e securit y needs as t he NORAD Air Defense Cent er in t he Cheyenne Mount ain Com plex. But virt ually everyone has at least som e physical securit y requirem ent s. Do you care if all your em ail is read by your babysit t er? I f not hing else, would you at least be int erest ed in prot ect ing t he replacem ent value of your PC? Probably everyone should have at least password prot ect ion and a lockable door bet ween t he PC and t he out side world. When cont em plat ing prot ect ion against physical at t acks, keep in m ind t hat t heft and vandalism do not com e only from perpet rat ors on t he out side. I nt ernal securit y can be j ust as im port ant as ext ernal securit y. You should prot ect your com put ing facilit ies according t o t he value of t he resource and t he pot ent ial t hreat s t hat you perceive. Side- channel leakage is a problem where physical side effect s of com put ing m ay leak sensit ive inform at ion. Side- channel leakage can com e in m any surprising form s. For exam ple, what happens t o sensit ive plaint ext dat a t hat is left in a swap file or m ade available as a result of a syst em crash m em ory dum p? I f you are not careful, it is t here for t he t aking. Side- channel leakage can also result from t he radio frequency inform at ion t hat com put ers nat urally em anat e, which is t he focus of Tem pest [ 8] t echnologies. When you consider t he m illions of digit al swit ches t hat are t urning on and off wit hin a com put er every few m icroseconds, it is ast onishing t hat anyone can gat her any int elligible inform at ion in t his way. However, it has been dem onst rat ed t hat dat a displayed on one com put er screen can be replicat ed on anot her specialized device based ent irely on t he em it t ed elect rom agnet ic radiat ion. I n one widely published case of side- channel leakage, infrared signal crosst alk accident ally shared inform at ion bet ween t wo com pet ing com panies via cordless keyboards and PCs in adj acent buildings. [ 8] Tem pest , which st ands for Transient Elect rom agnet ic Pulse Em anat ion St andard, refers t o a set of classified t echnologies developed by t he U.S. m ilit ary for analyzing em it t ed elect rom agnet ic radiat ion ( EMR) produced by analog and digit al equipm ent .

Side- channel leakage also has been shown t o occur whenever a com put ing device encrypt s dat a. Specifically, t he execut ion t im ings of t he crypt ographic operat ions can leak inform at ion in som e cases. Addit ionally, power consum pt ion m easurem ent s can reveal subt le det ails about t he operat ions t hat a com put ing device perform s, right down t o t he precise sequence of m icroprocessor inst ruct ions being execut ed! By analyzing t hese t im ing and power consum pt ion m easurem ent s, an adversary m ay be able t o obt ain som e crit ical inform at ion about t he plaint ext being encrypt ed. Each of t hese det ect ive t echniques is a spect acular exam ple of how incredibly clever and resourceful researchers in t his indust ry can be. Yet anot her variet y of side- channel leakage occurs in usage and m essage t raffic pat t erns. Even if you are careful t o hide t he cont ent s of your sensit ive m essages, t he fact t hat you are com m unicat ing in t he first place coupled wit h t he ident it y of t he persons wit h whom you are com m unicat ing m ay be enough t o get you int o t rouble. Alt hough t his is less of a concern in m ost dem ocrat ic count ries, it can occasionally be relevant even t o law- abiding cit izens in respect able j urisdict ions. I f som eone want s badly enough t o know what you are doing and has subst ant ial resources at her disposal, t hen you

m ay have a very hard t im e prevent ing her from get t ing t hat inform at ion. I n fact , at t em pt ing t oo st renuously t o prevent it m ay it self work against you! [ 9] I f you are concerned about side- channel leakage, you should t ake t he necessary st eps t o block t he leaks. A wire m esh cage can be used t o shield em anat ing radio frequency energy, power line filt ering can help hide variat ions in power consum pt ion, and so on. [ 10] But t hen your at t em pt s at shielding will probably be det ect able. I nt ernet t raffic pat t erns can t o som e ext ent be hidden behind services such as anonym ous rem ailers, but such services cannot guarant ee absolut e anonym it y. [ 9]

Do you rem em ber hearing about t he McCart hy era in your high school hist ory class?

[ 1 0 ] These precaut ions require t he skills of a professional elect rical engineer wit h appropriat e experience t o be done properly.

We have considered several cat egories of risk and rem edy wit h t he im plied assum pt ion t hat not hing illegal was being com m it t ed. however, if crim es have been com m it t ed, t hen t he following possibilit ies m ay arise. Nat urally, t here is not hing t hat crypt ography or securit y can do t o help you if you com e t o t his point . Test im onial evidence from wit nesses or spies Behavioral evidence, such as suspicious t ravel and ext ravagant lifest yle Physical evidence, such as fingerprint s, phot ographs, financial records, and paper t rails Governm ent invest igat ion [ 11] [ 1 1 ] We are t he Borg. Resist ance is fut ile. Many governm ent s have com put er surveillance t ools at t heir disposal for collect ing evidence on crim inal and subversive act ivit y. According t o num erous report s, t he FBI 's Carnivore proj ect enables t he recording of t arget ed em ail m essages via a cooperat ing I SP, and t he Magic Lant ern proj ect enables insert ing a virus ont o a suspect 's com put er t o obt ain encrypt ion keys used t o hide crim inal evidence.

[ Team LiB ]

[ Team LiB ]

Windows Security Comes of Age Securit y and crypt ography have always been recognized as im port ant issues in m ult iuser and ent erprise- level com put ing. Even in t he early m ainfram e syst em s of t he m id- 1960s, such as Syst em / 360, [ 12] m ult iuser operat ing syst em s were designed wit h careful at t ent ion given t o user aut hent icat ion, program isolat ion, audit ing, and privacy. Sym m et ric crypt ographic algorit hm s, such as t he Dat a Encrypt ion St andard ( DES) , were used heavily in m ainfram e applicat ions by banks and governm ent s by t he lat e 1970s. UNI X[ 13] syst em s cont inued t o t reat securit y as a first - class design requirem ent t hroughout it s hist ory. I n t he early 1990s, UNI X syst em s m ade use of sym m et ric and asym m et ric crypt ography in various t echnologies and prot ocols, such as Kerberos net work aut hent icat ion. [ 1 2 ] Syst em / 360 was developed by I BM in 1964. The chief archit ect working on t his operat ing syst em was Gene Am dahl. [ 13]

Unix was init ially developed by Bell Labs ( t hen part of ATT) in 1969 and t he early 1970s. Ken Thom pson wrot e t he first UNI X syst em in assem bly language, and m any ot her cont ribut ors, t oo num erous t o m ent ion, developed it furt her over t he last 30 years. Many vendors cont ribut ed t o it s developm ent , result ing in m any com pet ing im plem ent at ions, including BSD, Syst em V, Solaris, HP- UX, AI X, Linux, and FreeBSD.

I n cont rast , t he hist ory of Windows has shown a m arked lack of awareness t oward issues relat ed t o securit y and crypt ography. This is t o som e degree underst andable, considering t hat for m uch of it s early hist ory, Windows ( especially in it s 16- bit form ) was used prim arily as a single- user, nonm ission- crit ical product ivit y t ool and ent ert ainm ent console. This is not t o disparage Windows in any way. I ndeed, Windows quickly grew t o becom e a significant indust ry in it s own right , providing t he world wit h effect ive and affordable com put ing capabilit ies. However, t he concept s of securit y, privacy, and aut hent icat ion were largely unknown t o m ost Windows users, and t he vendor sim ply cat ered t o t hat m arket . I n cont rast t o t he obsession wit h securit y, privacy, and reliabilit y t ypical of large corporat e com put ing facilit ies, Windows users have been generally t olerant of securit y weaknesses and m ore int erest ed in powerful user- orient ed feat ures. This is why, m uch t o t he chagrin of m ainfram e old- t im ers, Windows has been plagued wit h m alicious code, operat ing syst em reliabilit y problem s, and inform at ion leakage. Fort unat ely, t his is all changing now, for m any reasons. PC users are now m ore sophist icat ed, dem anding great er securit y, privacy, and reliabilit y. Corporat ions recognize t he need t o ext end securit y policy over t he I nt ernet . Microsoft has recent ly st epped up it s int erest in securit y and reliabilit y t o a st rat egic level. Many secure corporat e com put ing t asks have m oved from t he m ainfram e t o t he PC. The Win32 API provides powerful but arcane support for securit y and crypt ography. The .NET plat form provides powerful and convenient support for securit y and crypt ography. Code has becom e m ore m obile, m aking code aut hent icat ion and verificat ion m ore im port ant . Many expert s in t he field, including Bruce Schneier, have effect ively evangelized securit y.

Hardware cost and perform ance im provem ent s m ake securit y and crypt ography m ore pract ical. U.S. export rest rict ions on st rong encrypt ion were dram at ically relaxed in January 2000. [ 14] [ 14]

High- st rengt h crypt ographic product s are now generally export able from t he Unit ed St at es wit hout license t o m ost count ries. At t he t im e of writ ing, em bargoed count ries included Cuba, I ran, I raq, Libya, Nort h Korea, and a few ot hers. See t he Bureau of I ndust ry and Securit y at www.bxa.doc.gov for t he m ost current inform at ion on U.S. export regulat ions.

Public awareness of viruses and issues such as buffer overflow [ 15] vulnerabilit ies has increased. [ 15]

As we shall see lat er in t his book, t he buffer overflow is a nast y t echnique used by t he likes of t he Code Red I nt ernet worm in which a m alicious request overwhelm s a server wit h dat a t hat overflows int o a sensit ive m em ory area, such as a param et er st ack, where it can t hen t ake over cont rol of t he server and wreak havoc.

The growt h in m ission- crit ical Web services has m ade securit y a front - burner concern.

[ Team LiB ]

[ Team LiB ]

The .NET Framework and the CLR The .NET Fram ework and Com m on Language Runt im e ( CLR) enable program m ers t o deal effect ively wit h each of t he im port ant securit y issues described in t his chapt er. For exam ple, inform at ion t heft can be avoided by im plem ent ing appropriat e crypt ographic feat ures int o your applicat ions. Malicious code can be st ifled by defensive program m ing pract ices and by configuring appropriat e user- based securit y and Code Access Securit y ( CAS) feat ures. Buffer overrun at t acks becom e virt ually im possible t o im plem ent given t he secure and rigorously m anaged runt im e environm ent provided by t he .NET plat form . Bugs result ing from buffer overruns and im proper t ype cast ing are virt ually elim inat ed by m anaged code and CLR runt im e checks. The following .NET plat form feat ures provide t he m ost im port ant aspect s of prot ect ion relat ed t o securit y and crypt ography. Evidence and securit y policy configurat ion ( adm inist rat ive cont rol over .NET securit y) CAS ( execut ion cont rol based on evidence and securit y policy) Role- based securit y ( access cont rol based on user ident it y and role m em bership) Managed code runt im e verificat ion ( address range checking and t ype checking) Applicat ion dom ains ( light weight execut ion isolat ion) Crypt ography classes ( access t o powerful crypt ographic algorit hm s)

How the .NET Framework Simplifies Security One big problem wit h securit y program m ing using t he raw Win32 API was t hat it was difficult t o underst and and difficult t o use. A ridiculous num ber of lines of code had t o be im plem ent ed in order t o do t he sim plest operat ion, such as obt ain a key from t he operat ing syst em 's current crypt ographic service provider ( CSP) key st ore. Many developers sim ply ignored it wherever t hey could get away wit h it . Developers who needed t o apply securit y by direct ly calling t he Win32 API oft en did t he best t hey could wit h a difficult program m ing m odel. The .NET Fram ework provides m any sim plificat ions by wrapping cert ain aspect s of t he underlying Win32 Securit y API wit h a powerful and sim plified obj ect - orient ed int erface. Many operat ions, such as obt aining a key from t he CSP key st ore, now happen aut om at ically using t he .NET Securit y classes where appropriat e. I n addit ion, each of t he classes in t he .NET Securit y Fram ework t hat are ent rust ed wit h crit ical securit y funct ionalit y are declared as sealed classes so t hat t hey cannot be hij acked or spoofed int o com prom ising securit y.

Reliability and the .NET Platform

Before you can reap t he benefit s of any securit y or crypt ographic t echnology, you m ust first have t he assurance of applicat ion reliabilit y. What is t he use of having a well- planned securit y infrast ruct ure if t he underlying applicat ion frequent ly falls apart ? The .NET plat form goes a long way t o help ensure t his all- im port ant reliabilit y requirem ent is sat isfied. First , it is im port ant t o recognize t hat .NET applicat ions are not com piled int o nat ive code. I nst ead, t hey are com piled int o an int erm ediat e form known as Microsoft I nt erm ediat e Language ( MSI L, or j ust I L for short ) , m uch like t he byt ecode inst ruct ion form at used on t he Java [ 16] plat form . This allows t he CLR and t he .NET Fram ework t o perform m any securit y- relat ed services aut om at ically, including t he following: [ 16]

There are som e t ruly new cont ribut ions t hat .NET has m ade t o t he cause of securit y, crypt ography, and reliabilit y. However, t o be fair, it should be acknowledged t hat m any of t he m ost effect ive of t hese .NET securit y- relat ed feat ures were originally m ade available on t he Java plat form and in t he Java Crypt ography Ext ension ( JCE) class library.

Bounds checking perform ed at runt im e prevent s m em ory corrupt ion and st ack overruns. Dat at ype checking perform ed at runt im e prevent s im proper t ypecast ing. St ack walks are used t o verify perm issions grant ed t o calling code. Aut om at ic garbage collect ion effect ively addresses m em ory leak problem s. Except ion handling allows graceful response t o abnorm al runt im e sit uat ions. Role- based securit y is used t o aut hent icat e and lim it act ions of t he current user. Evidence- based securit y is used t o cont rol m anaged code based on perm issions.

Managed Code and Type Safety Code t hat can use t he services of t he CLR is called m anaged code. The CLR provides a set of services, such as t ype- safet y checking and aut om at ic garbage collect ion, t hat enhance applicat ion reliabilit y and securit y. I n order t o m ake use of t hese CLR services, m anaged code m ust behave in a predict able, orderly, and consist ent m anner. Type safet y is an im port ant aspect of reliabilit y and securit y. Type safet y is m ade possible by t he fact t he CLR knows all t he det ails about each of t he m anaged dat at ypes. Using t his knowledge, t he CLR is able t o st rict ly enforce rules of t ype safet y. For exam ple, all dat at ypes, including st rings and arrays, have consist ent layout s and abide by st rict behavioral rules. The Com m on Type Syst em ( CTS) defines t hese rules for each of t he m anaged dat at ypes as well as t he operat ions t hat t he CLR defines for t hose dat at ypes. These rest rict ive rules are defined by t he CTS and are im plem ent ed by MSI L. The CTS also defines each of t he dat at ype m em ory layout s and t he operat ions t hat are allowed in m anaged code. I t is t he CTS t hat lim it s class t ypes t o single im plem ent at ion inherit ance and prevent s unsafe operat ions, such as cast ing an int eger int o a point er and overflowing t he bounds of an array. MSI L code is t ypically com piled [ 17] at runt im e int o t he nat ive inst ruct ion set of t he local hardware aft er t his t ype checking is com plet e. [ 17]

This is known as j ust - in- t im e ( JI T) com pilat ion.

To m ake t his t ype- safet y checking possible, .NET assem blies cont ain descript ive m et adat a t hat define t he cont ained code and dat a. Managed dat a is allocat ed and deallocat ed aut om at ically by t he CLR on t he heap. This aut om at ic m em ory m anagem ent is referred t o as garbage collect ion. Garbage collect ion reduces m em ory leaks and relat ed reliabilit y problem s.

Every obj ect has a t ype, and t herefore every reference t o an obj ect refers t o a defined m em ory layout . Since arbit rary point er operat ions are not allowed ( unless t he unsafe keyword is used) , t he only way t o access an obj ect is t hrough it s public m em bers. Therefore, it is possible for t he CLR t o verify an obj ect 's safet y by analyzing only t he obj ect 's m et adat a, which is cont ained in t he assem bly. There is no need t o analyze all t he code t hat uses t he obj ect t o verify t hat it will be used safely. Unsafe code can use point ers, which can be used t o subvert t he CTS and access arbit rary m em ory locat ions. I t is also possible t o im plem ent unm anaged code in t he C# language using t he unsafe keyword, but cert ain languages, such as VB.NET are capable of generat ing only t ype- safe m anaged code. The unsafe keyword is required for working direct ly wit h m em ory point ers. Unm anaged code is useful for calling int o legacy DLLs, using t he PI nvoke facilit y, but unm anaged code is not verifiably t ype- safe by t he CLR. MSI L defines a plat form - independent [ 18] inst ruct ion set t hat is used by all .NET com pilers. This language im plem ent s and enforces t he CTS t yping rules at runt im e. MSI L is t hen convert ed int o plat form - specific nat ive code aft er t he CLR t ype checking is com plet e. Type checking is perform ed by default , but it can be opt ionally skipped for code t hat is t rust ed. [ 18]

Plat form independence for .NET CLR is possible in t heory. However, it rem ains t o be seen if t he CLR is port ed t o as m any plat form s as t he Java Runt im e Environm ent .

[ Team LiB ]

[ Team LiB ]

.NET Cryptography Programming As we shall see in Chapt ers 3, 4, 5, and 6, t here are several crypt ography classes available in t he .NET Fram ework. These classes support all of t he m ost im port ant crypt ographic algorit hm s in m odern use. We will see t hese again in m uch great er det ail in t he appropriat e upcom ing chapt ers, but for now, let 's j ust get a bird's- eye view of t he m aj or areas of funct ionalit y t hat are covered by t hese classes. DES, 3DES, and RC2 sym m et ric encrypt ion Crypt ographic st ream s RSA asym m et ric encrypt ion RSA and DSA digit al signat ures Hash algorit hm s, including MD5, SHA1, SHA- 256, and so on Message Aut hent icat ion Codes ( MAC) Keyed hash algorit hm Pseudorandom num ber generat ors[ 19] ( PRNG) [ 19]

The .NET Fram ework provides a useful class nam ed Ra n dom in t he Sy st e m nam espace t hat can be used for generat ing pseudorandom num ber sequences for gam es, sim ulat ions, and m ost st at ist ical purposes. However, you m ust never use it for crypt ographic purposes, or you run t he risk of seriously weakening t he securit y of your applicat ion. For crypt ographic purposes, be sure t o always use a crypt ographic st rengt h PRNG, as explained in lat er chapt ers.

XML encrypt ion XML signat ures ASP.NET securit y Web services securit y

[ Team LiB ]

[ Team LiB ]

.NET Security Programming As we shall see in Chapt ers 7 and 8, t here are t wo powerful approaches t o securit y program m ing support ed by t he .NET Fram ework: role- based securit y and CAS. These t wo approaches t o securit y program m ing are t hen explored furt her in t he cont ext of I nt ernet and dist ribut ed applicat ions in Chapt ers 9 and 10 . We shall see t hese t wo t erm s defined m ore com plet ely wit h support ing code exam ples in t he relevant chapt ers t o com e, but for now, let 's t ake a very brief look at t hese t wo m aj or concept s.

Role-Based Security and Principals Most people have at least an int uit ive underst anding of users and roles based on t heir experience using an operat ing syst em such as Windows 2000 or Windows XP. The idea is t hat you can cont rol how cert ain users can access cert ain resources, such as files, regist ry ent ries, and so on. Thus, rolebased securit y com es down t o t he t wo basic quest ions of aut hent icat ion and aut horizat ion. The aut hent icat ion quest ion asks who you are, and t he aut horizat ion quest ion asks if you are perm it t ed t o perform t he act ion you are at t em pt ing. I n role- based securit y program m ing, t he word " you" in t hese t wo quest ions is represent ed by an obj ect referred t o as t he principal. The principal obj ect cont ains an ident it y propert y t hat represent s t he user I D t hat is running t he current t hread. We shall see in Chapt er 7 exact ly how t o use rolebased securit y t o accom plish various securit y goals in .NET program s.

CAS, Evidence, Policy, and Permissions Code Access Securit y ( CAS) allows adm inist rat ive cont rol over t he act ions t hat code is perm it t ed t o perform . CAS is based on t he idea t hat you can assign levels of t rust t o assem blies and rest rict t he act ions of t he code wit hin t hose assem blies based on est ablished perm issions. CAS is closely relat ed t o t he concept of evidence- based securit y. Evidence is t he set of t ellt ale inform at ion t hat is used by t he CLR t o m ake decisions about what code group t he assem bly belongs t o and t herefore what act ions t he code is allowed t o perform . A piece of evidence m ight be t he locat ion from which t he code originat ed or t he digit al signat ure t hat was used t o sign t he assem bly, and so on. Securit y policy is t he configurable set of rules t hat is est ablished by an adm inist rat or and used by t he CLR t o m ake CAS decisions. Securit y policy can be set at t he ent erprise, m achine, user, or applicat ion dom ain level. Securit y policy is defined in t erm s of perm issions. A perm ission is an obj ect t hat is used t o describe t he right s and privileges of assem blies t hat belong t o a code group t o access various resources or undert ake cert ain act ions. I n effect , policy m aps perm issions t o evidence. Assem blies can program m at ically or declarat ively request t o be grant ed cert ain perm issions. Securit y policy dict at es what perm issions will ult im at ely be grant ed t o a given assem bly. Securit y policy is based on a set of rules t hat adm inist rat ors can set , and t he CLR uses t hose rules t o enforce t he desired policy. The evidence, represent ed by t he ident it y perm issions, is used t o det erm ine which policy t o apply according t o t he code group t hat t he assem bly belongs t o. The CLR det erm ines which

perm issions are t o be assigned t o a loaded assem bly by evaluat ing it s evidence. Evidence can refer t o ident it y of t he assem bly, t he digit al signer of t he assem bly, and t he origin of t he assem bly, including it s URL, sit e, and I nt ernet Zone. I n Chapt er 8, we shall see m uch m ore det ail about how t o program using use code access securit y. [ Team LiB ]

[ Team LiB ]

Summary I n t his first chapt er we learned how crypt ography and securit y differ and how t hey are relat ed t o one anot her. Aft er a guide t o how t his book is organized, we looked at t he kinds of risk t hat program m ers m ust learn t o deal wit h as well as t he solut ions prescribed for dealing wit h t hose risks. We also t ook a bird's- eye view of t he broad issues confront ing program m ers who are int erest ed in im plem ent ing crypt ography and securit y feat ures int o .NET applicat ions. Finally, we briefly int roduced t he m aj or .NET- specific program m ing t opics t hat will be covered in great er dept h in subsequent chapt ers. [ Team LiB ]

[ Team LiB ]

Chapter Two. Fundamentals of Cryptography This chapt er int roduces m any of t he basic ideas t hat are required for fully underst anding several subsequent chapt ers. Our purpose is t o int roduce t erm inology and concept s, and we consider several sim ple, classical crypt ographic algorit hm s as exam ples. These concept s are used in lat er chapt ers where m ore sophist icat ed algorit hm s are discussed. This chapt er also gives som e int erest ing hist orical perspect ives on crypt ography. The rem ainder of t he book provides a great deal m ore current , pract ical inform at ion, covering m any m odern crypt ographic and securit y t echniques. Som e chapt ers also delve int o t he use of t he Microsoft .NET Securit y Fram ework for im plem ent ing m any aspect s of crypt ography and securit y. Of course, if you are already fam iliar wit h basic crypt ographic t erm inology and concept s, you m ay safely skip t his chapt er. The t it le of t his book refers t o securit y and crypt ography, which are closely int errelat ed at a fundam ent al level. Securit y com es in m any flavors, but t he basic idea is always t he sam e: prevent ing som et hing dangerous or undesirable from happening. For exam ple, you m ay wish t o ensure t hat only aut horized users are perm it t ed t o perform cert ain operat ions on cert ain com put ing resources or t o cont rol access t o sensit ive inform at ion. Com put er securit y is ult im at ely based on t he science of crypt ography. For exam ple, Kerberos,[ 1] which is a powerful net work securit y prot ocol for aut hent icat ing users, and .NET evidence- based securit y, which is used t o secure execut able code, are bot h based on st rong underlying crypt ographic t echnologies. [ 1]

Kerberos is t he aut hent icat ion syst em of MI T's Proj ect At hena, based on sym m et ric key crypt ography. The Greek nam e Kerberos ( also known by t he Lat in spelling Cerberus) was t he nam e of t he t hree- headed guard dog at t he ent rance t o Hades in Greek m yt hology. Wit h a nam e like t hat , it 's got t o be secure!

[ Team LiB ]

[ Team LiB ]

Security and Keeping Secrets Securit y is t he art of prot ect ing access t o inform at ion and ot her com put ing resources from t hose whom you do not fully t rust . Of course, securit y is only possible if you are able t o keep cert ain secret s, such as passwords, keys, and so fort h. Securit y is ult im at ely based on one sim ple concept : keeping secret s. I ndeed, crypt ography is t he science of keeping secret s. I n fact , crypt ography is generally not hing m ore t han hiding large secret s ( which are t hem selves awkward t o hide) wit h sm all secret s ( which are m ore convenient t o hide) . As we will see in t he next sect ion, t he large secret is t ypically referred t o as plaint ext , and t he sm all secret is referred t o as t he encrypt ion key.

Basic Cryptographic Terminology A cipher is a syst em or an algorit hm used t o t ransform an arbit rary m essage int o a form t hat is int ended t o be unint elligible t o anyone ot her t han one or m ore desired recipient s. A cipher represent s a t ransform at ion t hat m aps each possible input m essage int o a unique encrypt ed out put m essage, and an inverse t ransform at ion m ust exist t hat will t hen reproduce t he original m essage. A key is used by a cipher as an input t hat cont rols t he encrypt ion in a desirable m anner. A general assum pt ion in crypt ography work is t hat t he key you choose is t he crit ical secret , whereas t he det ails about t he cipher design should not be assum ed t o be secret . [ 2] A well- designed encrypt ion algorit hm produces an encrypt ed m essage t hat is essent ially indist inguishable from a random ly generat ed byt e sequence and provides as lit t le inform at ion as possible about t he original m essage t o an at t acker. A key space is t he set of all possible keys t hat can be used by a cipher t o encrypt m essages. [ 2] This is known as Kerckhoff's principle, which st at es t hat t he securit y of a cipher should depend only on t he secrecy of t he key and not on t he secrecy of t he algorit hm . The reason for t his principle is t hat it is usually very difficult t o keep t he algorit hm secret , whereas t he key can be changed frequent ly and is t herefore m uch easier t o hide. Kerckhoff was a hist orically significant figure in t he science of crypt ography in t he lat e 1800s.

The original m essage is referred t o as plaint ext . The word plaint ext is not m eant t o im ply t hat t he dat a is necessarily hum an readable or t hat it is ASCI I t ext . The plaint ext can be any dat a ( t ext or binary) t hat is direct ly m eaningful t o som eone or t o som e program . The encrypt ed m essage is referred t o as ciphert ext . Ciphert ext m akes it possible t o t ransm it sensit ive inform at ion over an insecure channel or t o st ore sensit ive inform at ion on an insecure st orage m edium . Exam ples of such applicat ions are Secure Socket s Layer ( SSL) and t he NTFS Encrypt ed File Syst em ( EFS) , respect ively. The t erm encrypt ion refers t o t he process of t ransform ing plaint ext int o ciphert ext . Decrypt ion is t he inverse process of encrypt ion, t ransform ing ciphert ext back int o t he original plaint ext . Figure 2- 1 shows how a sym m et ric[ 3] cipher is used t o encrypt a confident ial m essage. [ 3]

Sym m et ric ciphers are discussed in det ail in chapt er 3 . Anot her cipher cat egory, known as asym m et ric ciphers, is discussed in det ail in chapt er 4 .

Figu r e 2 - 1 . Sym m e t r ic e n cr ypt ion .

A sender refers t o som eone who encrypt s a plaint ext m essage and sends t he result ing ciphert ext t o an int ended recipient . The int ended recipient is referred t o as t he receiver. Anyone who t ries t o get bet ween t he sender and receiver wit h t he int ent ion of obt aining t he key and/ or t he plaint ext m essage is referred t o as an at t acker . An at t acker is also known by ot her nam es, including int erloper, villain, and eavesdropper . Figure 2- 2 shows t he relat ionship bet ween sender, receiver, and at t acker. To m ake a crypt ographic scenario m ore vivid, t hese charact ers are oft en port rayed in crypt ographic lit erat ure as prot agonist s nam ed Alice and Bob, and a villain nam ed Eve. I n m ore com plex scenarios, addit ional charact ers are oft en brought int o t he st ory. These charact ers can be very useful for clearly describing com plex crypt ographic prot ocols in a fam iliar m anner.

Figu r e 2 - 2 . Se n de r , r e ce ive r , a n d a t t a ck e r , a .k .a . Alice , Bob, a n d Eve .

The design and applicat ion of ciphers is known as crypt ography, which is pract iced by crypt ographers. The breaking of ciphers is known as crypt analysis. Because cipher designs m ust be t horoughly t est ed, crypt analysis is also an int egral part of designing ciphers. Crypt ology refers t o t he com bined m at hem at ical foundat ion of crypt ography and crypt analysis. A crypt analyt ic at t ack is t he applicat ion of specialized t echniques t hat are used t o discover t he key and/ or plaint ext originally used t o produce a given ciphert ext . As was previously m ent ioned, it is generally assum ed t hat t he at t acker knows t he det ails of t he cipher and only needs t o det erm ine t he part icular key t hat was em ployed. Anot her im port ant concept t hat you should be aware of is represent ed by t he word break. When a break has been discovered for a part icular algorit hm ( i.e., t he algorit hm is said t o have been broken) , it does not necessarily m ean t hat an effect ive m eans has been found t o at t ack t he algorit hm in pract ice. A break is a m ore t heoret ical concept , which sim ply m eans t hat a t echnique has been found t hat reduces t he work required for an at t ack t o fall below t hat of a brut e- force approach in which all possible keys are t est ed. The breaking at t ack m ay well st ill be out of reach given exist ing com put at ional power in t he real world. Alt hough t he discovery of such a break does not necessarily im ply t hat t he algorit hm is vulnerable in t he real world, it is generally no longer considered suit able for fut ure usage. Aft er all, why not play it safe?

Secret Keys Versus Secret Algorithms An im port ant aspect of any effect ive cipher is t he fact t hat t he efficacy of t he cipher is ent irely based on t he secrecy of t he key, not on t he secrecy of t he cipher algorit hm . [ 4] This m ay seem count erint uit ive at first , since it would appear t hat a secret algorit hm would be a great idea. However, it is very hard t o keep an algorit hm secret and m uch easier t o keep a sim ple key secret . You could im agine m any problem s wit h t he secret algorit hm approach: What do you do when one person in your t rust ed group becom es unt rust ed? I t would be easier t o change keys t han t o change algorit hm s. What if you suspect t hat your cipher algorit hm has been com prom ised? I f your key becom es com prom ised, you would nat urally change t o a new key. Changing algorit hm s would be m uch m ore difficult . I f you rely on t he secrecy of t he cipher algorit hm , t hen t hese scenarios require you t o replace your ent ire crypt ographic infrast ruct ure, forcing you t o select an ent irely new secret algorit hm . On t he ot her hand, if only a secret key is com prom ised, t hen you sim ply need t o random ly select a new secret key and cont inue using your exist ing crypt ographic infrast ruct ure.

[ 4]

By analogy, open- source operat ing syst em s m ay pot ent ially achieve st ronger securit y t han propriet ary operat ing syst em s where source code is kept secret . This is current ly an open quest ion and t he focus of m uch heat ed debat e.

The idea of depending on t he secrecy of an algorit hm is oft en referred t o as secrecy t hrough obscurit y, which is analogous t o hiding your valuables in an obscure but insecure locat ion, such as under your m at t ress. Relying on a well- known but powerful algorit hm is a m uch m ore secure approach, which is analogous t o st oring your valuables in a hardened bank vault . Several st rong st andard algorit hm s exist , which have been heavily st udied and t est ed. Never use an algorit hm t hat you design yourself ( unless you happen t o be a world- class crypt ographer) , and never use a propriet ary algorit hm offered by t he m any snake oil vendors out t here. I f you see any propriet ary algorit hm advert isem ent t hat m akes claim s such as " perfect securit y" and " unbreakable," you know t hat t he algorit hm is alm ost cert ainly weak. Real crypt ographers never use such phrases. By using a respect ed, well- known, published cipher algorit hm , you benefit from t he analysis and at t acks carried out by t he m any researchers in t he crypt ographic com m unit y. This goes a long way in helping you gain t rust in t he crypt ographic st rengt h of t he cipher you choose t o use. Also, t here is always a t rem endous advant age in adopt ing st andards. This generally reduces cost s, increases im plem ent at ion choices, and im proves int eroperabilit y. Obviously, if you use a st andard cipher algorit hm , t hen t he algorit hm it self cannot be m uch of a secret ! Exam ples of est ablished crypt ographic st andards t hat we discuss in lat er chapt ers include DES ( Dat a Encrypt ion St andard) Triple DES AES ( Advanced Encrypt ion St andard) RSA ( Rivest , Sham ir, and Adlem an) DSA ( Digit al Signat ure Algorit hm ) SHA ( Secure Hash Algorit hm ) Not e t hat DES has t echnically been broken, but it is st ill considered t o be quit e st rong. We shall see t hat DES, Triple DES, and AES are sym m et ric algorit hm s used for bulk dat a encrypt ion. RSA and DSA are asym m et ric algorit hm s used for key exchange and digit al signat ure aut hent icat ion, respect ively. SHA is a hashing algorit hm used for several crypt ographic purposes.

Classical Techniques for Keeping Secrets Over t he course of hum an hist ory, secret - keeping and secret - breaking t echnologies have developed in a cont inuous st ruggle resem bling t he gam e of leapfrog. We now look at a few sim ple, classical ciphers. Alt hough you would never act ually use t hese t echniques t oday, t hey are helpful in clearly seeing t he big concept ual pict ure and int roducing som e of t he m at hem at ical concept s.

THE CAESAR CIPHER To see how som e of t he t erm inology is applied t o a concret e scenario, we now consider a very sim ple

cipher t hat is at t ribut ed t o Julius Caesar. You could im agine t hat if anyone ever needed crypt ography, Caesar m ost cert ainly did! [ 5] By m odern st andards, t his cipher is t rivial t o break, and so it has lit t le real- world applicat ion t oday, but it has t he virt ue of sim plicit y, and it will t herefore serve us well as a gent le int roduct ion t o t he t opic of ciphers. St art ing in t he next chapt er, we look at m uch m ore effect ive m odern ciphers. [ 5]

Julius Caesar ( 100–44 BC) had m any secret s t o keep. He invaded Brit ain and Egypt , and m ost of t he land bet ween, so he m ust have had m any m ilit ary secret s. Being t he first t rue Rom an dict at or, he had m any polit ical enem ies, including t he republicans Cassius and Brut us, who event ually assassinat ed him . He also probably want ed t o keep confident ial a few of t he m essages he sent t o his rom ant ic pal Cleopat ra in Egypt . Adding t o t his int rigue, Cleopat ra had int im at e relat ions wit h Caesar's m ost powerful general, Mark Ant ony. Obviously, t hey all had a few secret s t o keep.

I n t he Caesar cipher, each plaint ext let t er is shift ed by t hree so t hat A is replaced wit h D, B is replaced wit h E, and so on. This wraps around so t hat X is replaced wit h A, Y is replaced wit h B, and Z is replaced wit h C. The Caesar cipher shift s each let t er by t hree, but in a generalized sense t his cipher can be t hought of as a shift by k, where k is an int eger t hat can be considered t he cipher's key. I n t his chapt er we refer t o t his generalized shift cipher as t he Caesar cipher wit hout being t oo concerned wit h hist orical accuracy. Because each individual charact er is replaced by a specific corresponding charact er, t his cipher is a m onoalphabet ic cipher. Figure 2- 3 shows t he sim ple m apping t hat t akes place in t he Caesar cipher.

Figu r e 2 - 3 . Th e Ca e sa r ciph e r .

To cut our t echnical t eet h, let 's look at t he definit ion of t he Caesar cipher expressed in m at hem at ical not at ion. The nice t hing about m at hem at ical not at ion is t hat it is exceedingly precise and concise. Anot her good t hing about using form al m at hem at ics is t hat when you have proven a t heorem , you know exact ly what you have proved, and t he result m ay t hen be used in proving ot her t heorem s. The unpleasant t hing about it is t hat it can give som e folks a headache. Alt hough t his is such a sim ple cipher t hat a m at hem at ical t reat m ent is probably not necessary, m ore com plex ciphers can be underst ood in t heir ent iret y only by devising a rigorous m at hem at ical represent at ion. Therefore, if you want t o seriously pursue crypt ography, it is recom m ended t hat you learn a m odicum of several branches of m at hem at ics, including num ber t heory and abst ract algebra. I n any case, t he next page shows t he Caesar cipher in m at hem at ical t erm s. [ 6] [ 6]

For an explanat ion of m at hem at ical concept s, see A Course in Num ber Theory and Crypt ography , by Neal Koblit z.

Definition: Shift Cipher (Generalized Caesar Cipher) Given an arbit rary key k, where k

Z 26 ( which m eans an int eger where 0

k

25) ,

and an arbit rary plaint ext p is a t uple, [ 7] where p = ( p 1 , p 2 ,…p m ) and p i

Z 26 for 1

i

m,

let t he result ing ciphert ext c be represent ed as a t uple, c = ( c 1 , c2 ,…c m ) , where c i

Z 26 for 1

i

m.

Then, we define t he encrypt ion Ek ( p) for t he shift cipher as follows: c i = Ek ( p i ) = p i + k ( m od 26) for 1

i

m,

and we define decrypt ion D k ( c) as follows: p i = Dk ( c i ) = c i – k ( m od 26) for 1

i

m.

Not e t hat a cipher m ust be invert ible, so we m ust prove t he following: D k ( Ek ( x ) ) = x for all x [ 7]

Z 26 .

The word t uple is used in linear algebra t o refer t o an ordered set of values.

You can see t hat t his m at hem at ical definit ion does not concern it self wit h real- world det ails, such as t he let t ers from A t o Z t hat are t o be used in t he m essage. I nst ead, t he charact ers in t he plaint ext and ciphert ext are sym bolized by t he int egers from 0 t o 25 rat her t han a by m ore realist ic choice, such as ASCI I or Unicode values. Ot her det ails, such as dealing wit h punct uat ion and spaces, are also ignored. I n t his definit ion Ek is t he encrypt ion funct ion, D k is t he decrypt ion funct ion, and k is t he encrypt ion key. The st andard not at ion Z 26 represent s t he set of int egers { 0,1,2,3,…25} . The t erm ( m od 26) indicat es t hat we are using m odular arit hm et ic, wit h a m odulus of 26, rat her t han regular grade- school arit hm et ic. For a descript ion of m odular arit hm et ic, please see Appendix B on crypt ographic m at hem at ics. I f you would like t o see a C# im plem ent at ion of t his cipher, look at t he Ca e sa r Ciph e r code exam ple provided. The im plem ent at ion is st raight forward, so we om it t he code list ing here; however, you m ay want t o look at t he source code provided. I f you run t his program , you will not ice t hat it can deal wit h charact ers in t he ranges A t o Z plus t he space charact er. I t does not accept any lowercase charact ers or nonalphabet ic charact ers. I t prom pt s you for a key from 0 t o 25, and it rej ect s any value out side of t his range. A t ypical run of t he Ca e sa r Ciph e r exam ple produces t he following out put . [View full width] Enter uppercase plaintext: VENI VIDI VICI[8] Enter from 0 to 25: 3 Resulting ciphertext: YHQL YLGL YLFL

Recovered plaintext: VENI VIDI VICI

[ 8]

The Lat in phrase veni, vidi, vici m eans " I cam e I saw I conquered," which was at t ribut ed t o Julius Caesar by t he second- cent ury Rom an hist orian Suet onius. I t is not cert ain t hat Caesar ever act ually said t his phrase, but if he did, it cert ainly was not one of his secret s!

I f you are a frequent user of Usenet , you m ay be fam iliar wit h an encoding known as ROT13. This is act ually t he Caesar cipher, but wit h a key k = 13. Because ROT13 is ext rem ely easy t o break, it is never used for t rue encrypt ion. However, Usenet [ 9] client program s t ypically provide a ROT13 capabilit y for post ing m essages t hat m ight offend som e people or t o obscure t he answers t o riddles, and so on. Anyone can easily decipher it , but it involves an int ent ional act by t he reader t o do so. The nice t hing about ROT13's key value of 13 is t hat t he sam e key can be used for encoding and decoding. [ 9]

Usenet is t he I nt ernet - based bullet in board t hat provides access t o t housands of newsgroups t hat sat isfy virt ually every im aginable hum an int erest , including crypt ography.

BRUTE-FORCE ATTACK: CRACKING THE CAESAR CIPHER The t erm brut e- force search refers t o t he t echnique of exhaust ively searching t hrough t he key space for an int elligible result . To do t his on t he Caesar cipher, you would st art wit h k = 1 and cont inue t oward k = 25 unt il a key is found t hat successfully decrypt s t he ciphert ext t o a m eaningful m essage. Of course, k = 0 or k = 26 would be t rivial, since t he plaint ext and ciphert ext would be ident ical in t hose cases. The Ca e sa r Ciph e r Br u t e For ce At t a ck code exam ple shows an im plem ent at ion of t his at t ack.

class CaesarCipherBruteForceAttack { static void Main(string[] args) { ... //exhaustively test through key space for (int testkey=1; testkey