Next Previous Contents

9. Data Encryption, Cryptography and Authentication

An integral part of host and network security is data encryption. There are vast resources of information on the Internet available on the topic of data security. Various data encryption mechanisms are available for use with Linux.

This section attempts to discuss some of the encryption features that are available for use with Linux. For an overview of encryption and cryptography, be sure to consult the RSA Cryptography FAQ, available at http://www.rsa.com/rsalabs/newfaq/

9.1 Password Security

One of the most important security features used today are passwords. It is important for both you and all your users to have secure, unguessable passwords. Most of the more recent Linux distributions include password programs that do not allow you to set a easily guessable password. Make sure your passwd program is up to date and has these features.

Most UNIXs (and Linux is no exception) primarily use a one-way encryption algorithm, called DES (Data Encryption Standard) to encrypt your passwords. This encrypted password is then stored in (typically) /etc/passwd (or less commonly) /etc/shadow. When you attempt to login, whatever you type in is encrypted again and compared with the entry in the file that stores your passwords. If they match, it must be the same password, and you are allowed access. Although DES is a two-way encryption algorithm (you can code and then decode a message, given the right keys), the variant that most unicies use is one-way. This means that it should not be possible to reverse the encryption to get the password from the contents of /etc/passwd (or /etc/shadow).

Any entry in the password file with a user-ID of ``0'' (zero) is a root entry, regardless of what it's called.

Choose effective passwords. There is a great deal of information available on the Internet regarding choosing good passwords. A password minimum of 6 characters should be enforced, and 8 characters provides a significant improvement in security. You can find more information on improving password security at ftp://sunos-wls.acs.ohio-state.edu:/pub/security/Dan_Klein_password_security.ps.Z which is titled ``Foiling the Cracker: A Survey of, and Improvements, to Password Security''.

Brute force attacks, such as ``Crack'' or ``John the Ripper'' (see below) can often guess passwords unless your password is sufficiently random. PAM modules (see below) allow you to use a different encryption routine with your passwords (MD5 or the like).

You can go to http://consult.cern.ch/writeup/security/security_3.html for information on how to choose a good password.

There is also a quick list of things to keep in mind when choosing a password available at http://www.alw.nih.gov/Security/Docs/passwd.html and should be consulted when developing your security policy.

9.2 PGP and Public Key Cryptography

Public Key Cryptography, such as that which is used for PGP, involves cryptography that uses one key for encryption, and one key for decryption. Traditionally, cryptography involves using the same key for encryption that is used for decryption. This "secret key" must be known to both parties, and somehow transferred from one another securely.

Public key encryption alleviates the need to securely transmit the key that is used for encryption by using two separate keys, a public key and a private key. Each person's public key is available by anyone to do the encryption, while at the same time each person keeps his or her private key to decrypt messages encrypted with the correct public key.

There are advantages to both public key and private key cryptography, and you can read about those differences in the RSA Cryptography FAQ, listed at the end of this section.

PGP (Pretty Good Privacy) is well supported on Linux. Versions 2.6.2 and 5.0 are known to work well. For a good primer on PGP and how to use it, take a look a the PGP FAQ. http://www.pgp.com/service/export/faq/55faq.cgi

Be sure to use the version that is applicable to your country, as due to export restrictions by the US Government, strong-encryption is prohibited from being transferred in electronic form outside the country.

US export controls are now managed by EAR (Export Administration Regulations). They are no longer governed by the International Traffic in Arms Regulations (ITAR).

There is a good introductory guide explaning public key cryptography, that includes graphic illustrations, available at PC Magazine Online, available http://www8.zdnet.com/pcmag/features/inetsecurity/howencrypt.htm

There is also a step-by-step guide for configuring PGP on Linux available at http://mercury.chem.pitt.edu/~angel/LinuxFocus/English/November1997/article7.html It was written for the International version of PGP, but is easily adaptable to the United States version. You may also need a patch for some of the latest versions of Linux, which is available at ftp://sunsite.unc.edu/pub/Linux/apps/crypto.

More information on cryptography can be found in the RSA cryptography FAQ, available at http://www.rsa.com/rsalabs/newfaq/. Here you will find information on such terms as "Diffie-Hellman", "public-key cryptography", "Digital Certificates", etc.

An excellent 147-page publication written by the government describing practically all you'll need to know unless you're a cryptographer is available at http://csrc.nist.gov/nistpubs/800-2.txt

There is a project working on a free re-implementation of PGP with open source. See the GNU Privacy Guard web page for more information, available at http://www.d.shuttle.de/isil/crypt/gnupg.html

9.3 SSL, S-HTTP, HTTPS and S/MIME

Often times users ask about the differences between the various security and encryption protocols, and how to use them. While this isn't an encryption document, it is a good idea to explain briefly what each are, and where to find more information.

9.4 IPSec and S/WAN and other IP Encryption Implementations

IPSec is an effort by the IETF to create cryptographically secure communications at the IP network level, which also provides authentication, integrity, access control, and confidentiality. IPsec is the basic host-to-host security mechanism. It is appropriate for use any time address-based protection would have been used, including with such programs as rsh and rlogin. If and when platforms support user-based keying, this scope may be expanded. Information on IPSec and Internet draft can be found at http://www.ietf.org/html.charters/ipsec-charter.html. You can also find links to other protocols involving key management, and an IPSec mailing list and archives.

A good starting point for Linux implementations of Virtual Private Networking is available at http://www.imib.med.tu-dresden.de/imib/Internet/index.html

One of the Linux implementations, which is being developed at the University of Arizona, uses an object-based framework for implementing network protocols called ``x-kernel'', and can be found at http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html. Most simply, the x-kernel is a method of passing messages at the kernel level, which makes for an easier implementation.

There is also an implementation of RSA's Secure Wide Area Networking, S/WAN, called FreeSWAN, available at http://www.xs4all.nl/~freeswan/

A description of S/WAN is available at http://www.sunworld.com/swol-06-1996/swol-06-swan.html

Microsoft Point-to-Point Tunneling Protocol is also available for Linux. You can find more information on this at http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP/. More information on this protocol is available from the Linux PPTP page.

An implementation of PPTP that works with Linux masquerading is available at http://bmrc.berkeley.edu/people/chaffee/linux_pptp.html as well as kernel patches, and a pointer to more information.

It is well known now that PPTP is insecure, and really should only be used in existing installations. Rhino9, the security research group, have put together an exploit, as well as more documentation on the protocols involved. You can find it at http://www.rhino9.ml.org/texts/pptp.doc

As with other forms of cryptography, it is not distributed with the kernel by default due to export restrictions.

9.5 The Secure Shell and Secure Telnet

SSH and stelnet are programs that allow you to login to remote systems and have a encrypted connection.

SSH is a suite of programs used as a secure replacement for rlogin, rsh and rcp. It uses public-key cryptography to encrypt communications between two hosts, as well as for user authentication. This can be used to securely login to a remote host or copy data between hosts, while preventing man-in-the-middle attacks (session hijacking) and DNS spoofing. It will perform data compression on your connections, and secure X11 communications between hosts. The SSH home page can be found at http://www.cs.hut.fi/ssh/

You can also use SSH from your Windows workstation to your Linux SSH server. There are several freely available Windows client implementations, including the one at http://guardian.htu.tuwien.ac.at/therapy/ssh/ as well as a commercial implementation from DataFellows, at http://www.datafellows.com.

There is also an open source implementation of SSH being developed. You can find more information about this at http://www.net.lut.ac.uk/psst/

SSLeay is a free implementation of Netscape's Secure Sockets Layer protocol, developed by Eric Young. It includes several applications, such as Secure telnet, a module for Apache, several databases, as well as several algorithms including DES, IDEA and Blowfish.

Using this library, a secure telnet replacement has been created that does encryption over a telnet connection. Unlike SSH, stelnet uses SSL, the Secure Sockets Layer protocol developed by Netscape. You can find Secure telnet and Secure FTP by starting with the SSLeay FAQ, available at http://www.psy.uq.oz.au/~ftp/Crypto/

An SSL-based POP3 daemon is also available at http://mike.daewoo.com.pl/computer/stunnel/

9.6 SKIP - Simple Key management for Internet Protocols

SKIP, which provides IP-Level cryptography, much like SSH, is available for Linux. A quick overview from http://www.skip.org states:

SKIP secures the network at the IP packet level. Any networked application gains the benefits of encryption, without requiring modification. SKIP is unique in that an Internet host can send an encrypted packet to another host without requiring a prior message exchange to set up a secure channel. SKIP is particularly well-suited to IP networks, as both are stateless protocols. Some of the advantages of SKIP include:

There is a wealth of information available at http://www.skip.org as well as the actual Linux implementation available at http://www.tik.ee.ethz.ch/~skip/

9.7 PAM - Pluggable Authentication Modules

Newer versions of the Red Hat Linux distribution ship with a unified authentication scheme called "PAM". PAM allows you to change on the fly your authentication methods, requirements, and encapsulate all local authentication methods without re-compiling any of your binaries. Configuration of PAM is beyond the scope of this document, but be sure to take a look at the PAM web site for more information. http://www.kernel.org/pub/linux/libs/pam/index.html

Just a few of the things you can do with PAM:

Within a few hours of installing and configuring your system, you can prevent many attacks before they even occur. For example, use PAM to disable the system-wide usage of dot-rhosts files in user's home directories by adding these lines to /etc/pam.d/login:

                #
                # Disable rsh/rlogin/rexec for users
                #
                login auth required pam_rhosts_auth.so no_rhosts

9.8 Cryptographic IP Encapsulation (CIPE)

The primary goal of this software is to provide a facility for secure (against eavesdropping, including traffic analysis, and faked message injection) subnetwork interconnection across an insecure packet network such as the Internet.

CIPE encrypts the data at the network level. Packets travelling between hosts on the network are encrypted. The encryption engine is placed near the driver which sends and receives packets.

This is unlike SSH, which encrypts the data by connection, at the socket level. A logical connection between programs running on different hosts is encrypted.

CIPE can be used in tunneling, in order to create a Virtual Private Network. Low-level encryption has the advantage that it can be made to work transparently between the two networks connected in the VPN, without any change to application software.

Summarized from the CIPE documentation:

The IPSec standards define a set of protocols which can be used (among other things) to build encrypted VPNs. However, IPSec is a rather heavyweight and complicated protocol set with a lot of options, implementations of the full protocol set are still rarely used and some issues (such as key management) are still not fully resolved. CIPE uses a simpler approach, in which many things which can be parameterized (such as the choice of the actual encryption algorithm used) are an install-time fixed choice. This limits flexibility, but allows for a simple (and therefore efficient, easy to debug...) implementation.

Further information can be found at http://www.inka.de/~bigred/devel/cipe.html

As with other forms of cryptography, it is not distributed with the kernel by default due to export restrictions.

9.9 Kerberos

Kerberos is an authentication system developed by the Athena Project at MIT. When a user logs in, Kerberos authenticates that user (using a password), and provides the user with a way to prove her identity to other servers and hosts scattered around the network.

This authentication is then used by programs such as rlogin to allow the user to login to other hosts without a password (in place of the .rhosts file). This authentication method can also used by the mail system in order to guarantee that mail is delivered to the correct person, as well as to guarantee that the sender is who he claims to be.

The overall effect of installing Kerberos and the numerous other programs that go with it is to virtually eliminate the ability of users to "spoof" the system into believing they are someone else. Unfortunately, installing Kerberos is very intrusive, requiring the modification or replacement of numerous standard programs.

You can find more information on kerberos at http://www.veritas.com/common/f/97042301.htm and the code can be found at http://nii.isi.edu/info/kerberos/

[From: Stein, Jennifer G., Clifford Neuman, and Jeffrey L. Schiller. "Kerberos: An Authentication Service for Open Network Systems." USENIX Conference Proceedings, Dallas, Texas, Winter 1998.]

9.10 Shadow Passwords.

Shadow passwords are a means of keeping your encrypted password information secret from normal users. Normally this encrypted password is stored in your /etc/passwd file for all to read. They can then run password guesser programs on it and attempt to determine what it is. Shadow passwords save this information to a /etc/shadow file that only privileged users can read. In order to run shadow passwords you need to make sure all your utilities that need access to password information are recompiled to support it. PAM (above) also allows you to just plug in a shadow module and doesn't require re-compilation of executables. You can refer to the Shadow-Password HOWTO for further information if necessary. It is available at http://sunsite.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.html It is rather dated now, and will not be required for distributions supporting PAM.

9.11 Crack and John the Ripper

If for some reason your passwd program is not enforcing non easily guessable passwords, you might want to run a password cracking program and make sure your users passwords are secure.

Password cracking programs work on a simple idea. They try every word in the dictionary, and then variations on those words. They encrypt each one and check it against your encrypted password. If they get a match they are in. Also, the "dictionary" may include usernames, Star Trek ships, foreign words, keyboard patterns, etc...

There are a number of programs out there...the two most notable of which are ``Crack'' and ``John the Ripper'' http://www.false.com/security/john/index.html . They will take up a lot of your CPU time, but you should be able to tell if an attacker could get in using them by running them first yourself and notifying users with weak passwords. Note that an attacker would have to use some other hole first in order to get your passwd (Unix /etc/passwd) file, but these are more common than you might think.

9.12 Cryptography and File Systems

Linux provides several mechanisms in which to encrypt data on a filesystem.

CFS is a way of encrypting entire directory trees and allow users to store encrypted files on them. It uses a NFS server running on the local machine. RPMs are avail at http://www.replay.com/Red Hat/ and more information on how it all works is at: ftp://ftp.research.att.com/dist/mab/

TCFS improves on CFS, adding more integration with the file system, so that it's transparent to any users using the file system that it's encrypted. more information at: http://edu-gw.dia.unisa.it/tcfs/

It also need not be used on entire filesystems. It works on directories trees as well.

There are two implementations of DES encryption on the loopback device also available. It is available at ftp://ftp.csua.berkeley.edu/pub/cypherpunks/filesystems/linux Patches to the 2.0 kernel and the mount executable are available at ftp://ftp.is.co.za/linux/local/kernel/crypto/loopback-device-berkeley-recent/ Patches to the 2.1 kernel, written by Andrew E. Mileski, [email protected] are available at ftp://ftp.is.co.za/linux/local/kernel/crypto/loopback-device-aem



Next Previous Contents