Chapter 16: Security Chapter 16: Security - PowerPoint Presentation

1. Chapter 16: Security

2. Chapter 16: SecurityThe Security ProblemProgram ThreatsSystem and Network ThreatsCryptography as a Security ToolUser AuthenticationImplementing Security DefensesFirewalling to Protect Systems and NetworksComputer-Security ClassificationsAn Example: Windows 7

3. ObjectivesDiscuss security threats and attacksExplain the fundamentals of encryption, authentication, and hashingExamine the uses of cryptography in computingDescribe the various countermeasures to security attacks

4. The Security ProblemSystem secure if resources used and accessed as intended under all circumstancesUnachievableIntruders (crackers) attempt to breach securityThreat is potential security violationAttack is attempt to breach securityAttack can be accidental or maliciousEasier to protect against accidental than malicious misuse

5. Security Violation CategoriesBreach of confidentialityUnauthorized reading of dataBreach of integrityUnauthorized modification of dataBreach of availabilityUnauthorized destruction of dataTheft of serviceUnauthorized use of resourcesDenial of service (DOS)Prevention of legitimate use

6. Security Violation MethodsMasquerading (breach authentication)Pretending to be an authorized user to escalate privilegesReplay attackAs is or with message modificationMan-in-the-middle attackIntruder sits in data flow, masquerading as sender to receiver and vice versaSession hijackingIntercept an already-established session to bypass authenticationPrivilege escalationCommon attack type with access beyond what a user or resource is supposed to have

7. Security Measure LevelsImpossible to have absolute security, but make cost to perpetrator sufficiently high to deter most intrudersSecurity must occur at four levels to be effective:PhysicalData centers, servers, connected terminalsApplicationBenign or malicious apps can cause security problemsOperating SystemProtection mechanisms, debuggingNetworkIntercepted communications, interruption, DOSSecurity is as weak as the weakest link in the chainHumans a risk too via phishing and social-engineering attacksBut can too much security be a problem?

8. Program ThreatsMany variations, many namesTrojan HorseCode segment that misuses its environmentExploits mechanisms for allowing programs written by users to be executed by other usersSpyware, pop-up browser windows, covert channelsUp to 80% of spam delivered by spyware-infected systemsTrap DoorSpecific user identifier or password that circumvents normal security proceduresCould be included in a compilerHow to detect them?

9. Four-layered Model of Security

10. Program Threats (Cont.)Malware - Software designed to exploit, disable, or damage computerTrojan Horse – Program that acts in a clandestine mannerSpyware – Program frequently installed with legitimate software to display adds, capture user dataRansomware – locks up data via encryption, demanding payment to unlock itOthers include trap doors, logic bomsAll try to violate the Principle of Least PrivilegeGoal frequently is to leave behind Remote Access Tool (RAT) for repeated access

11. C Program with Buffer-overflow Condition#include <stdio.h>#define BUFFER SIZE 256int main(int argc, char *argv[]){ char buffer[BUFFER SIZE]; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; }}Code review can help – programmers review each other’s code, looking for logic flows, programming flaws

12. Code InjectionCode-injection attack occurs when system code is not malicious but has bugs allowing executable code to be added or modifiedResults from poor or insecure programming paradigms, commonly in low level languages like C or C++ which allow for direct memory access through pointersGoal is a buffer overflow in which code is placed in a buffer and execution caused by the attackCan be run by script kiddies – use tools written but exploit identifiers

13. Code Injection (Cont.)Outcomes from code injection include:Frequently use trampoline to code execution to exploit buffer overflow:

14. Great Programming Required?For the first step of determining the bug, and second step of writing exploit code, yesScript kiddies can run pre-written exploit code to attack a given systemAttack code can get a shell with the processes’ owner’s permissionsOr open a network port, delete files, download a program, etc.Depending on bug, attack can be executed across a network using allowed connections, bypassing firewallsBuffer overflow can be disabled by disabling stack execution or adding bit to page table to indicate “non-executable” stateAvailable in SPARC and x86But still have security exploits

15. Program Threats (Cont.)VirusesCode fragment embedded in legitimate programSelf-replicating, designed to infect other computersVery specific to CPU architecture, operating system, applicationsUsually borne via email or as a macroVisual Basic Macro to reformat hard driveSub AutoOpen()Dim oFS Set oFS = CreateObject(’’Scripting.FileSystemObject’’) vs = Shell(’’c:command.com /k format c:’’,vbHide)End Sub

16. Program Threats (Cont.)Virus dropper inserts virus onto the systemMany categories of viruses, literally many thousands of virusesFile / parasiticBoot / memoryMacroSource codePolymorphic to avoid having a virus signatureEncryptedStealthTunnelingMultipartiteArmored

17. A Boot-sector Computer Virus

18. The Threat ContinuesAttacks still common, still occurringAttacks moved over time from science experiments to tools of organized crimeTargeting specific companiesCreating botnets to use as tool for spam and DDOS deliveryKeystroke logger to grab passwords, credit card numbersWhy is Windows the target for most attacks?Most commonEveryone is an administratorLicensing required?Monoculture considered harmful

19. System and Network ThreatsSome systems “open” rather than secure by defaultReduce attack surfaceBut harder to use, more knowledge needed to administerNetwork threats harder to detect, preventProtection systems weakerMore difficult to have a shared secret on which to base accessNo physical limits once system attached to internetOr on network with system attached to internetEven determining location of connecting system difficultIP address is only knowledge

20. System and Network Threats (Cont.)Worms – use spawn mechanism; standalone programInternet wormExploited UNIX networking features (remote access) and bugs in finger and sendmail programsExploited trust-relationship mechanism used by rsh to access friendly systems without use of passwordGrappling hook program uploaded main worm program99 lines of C code Hooked system then uploaded main code, tried to attack connected systemsAlso tried to break into other users accounts on local system via password guessingIf target system already infected, abort, except for every 7th time

21. System and Network Threats (Cont.)Port scanningAutomated attempt to connect to a range of ports on one or a range of IP addressesDetection of answering service protocolDetection of OS and version running on systemnmap scans all ports in a given IP range for a responsenessus has a database of protocols and bugs (and exploits) to apply against a systemFrequently launched from zombie systems To decrease trace-ability

22. System and Network Threats (Cont.)Denial of ServiceOverload the targeted computer preventing it from doing any useful workDistributed Denial-of-Service (DDoS) come from multiple sites at onceConsider the start of the IP-connection handshake (SYN)How many started-connections can the OS handle?Consider traffic to a web siteHow can you tell the difference between being a target and being really popular?Accidental – CS students writing bad fork() codePurposeful – extortion, punishmentPort scanningAutomated tool to look for network ports accepting connectionsUsed for good and evil

23. Standard Security Attacks

24. Cryptography as a Security ToolBroadest security tool availableInternal to a given computer, source and destination of messages can be known and protectedOS creates, manages, protects process IDs, communication portsSource and destination of messages on network cannot be trusted without cryptographyLocal network – IP address?Consider unauthorized host addedWAN / Internet – how to establish authenticity Not via IP address

25. CryptographyMeans to constrain potential senders (sources) and / or receivers (destinations) of messagesBased on secrets (keys)EnablesConfirmation of sourceReceipt only by certain destinationTrust relationship between sender and receiver

26. EncryptionConstrains the set of possible receivers of a messageEncryption algorithm consists ofSet K of keysSet M of MessagesSet C of ciphertexts (encrypted messages)A function E : K → (M→C). That is, for each k  K, Ek is a function for generating ciphertexts from messagesBoth E and Ek for any k should be efficiently computable functionsA function D : K → (C → M). That is, for each k  K, Dk is a function for generating messages from ciphertextsBoth D and Dk for any k should be efficiently computable functions

27. Encryption (Cont.)An encryption algorithm must provide this essential property: Given a ciphertext c  C, a computer can compute m such that Ek(m) = c only if it possesses kThus, a computer holding k can decrypt ciphertexts to the plaintexts used to produce them, but a computer not holding k cannot decrypt ciphertextsSince ciphertexts are generally exposed (for example, sent on the network), it is important that it be infeasible to derive k from the ciphertexts

28. Symmetric EncryptionSame key used to encrypt and decryptTherefore k must be kept secretDES was most commonly used symmetric block-encryption algorithm (created by US Govt)Encrypts a block of data at a timeKeys too short so now considered insecureTriple-DES considered more secureAlgorithm used 3 times using 2 or 3 keysFor example 2001 NIST adopted new block cipher - Advanced Encryption Standard (AES)Keys of 128, 192, or 256 bits, works on 128 bit blocksRC4 is most common symmetric stream cipher, but known to have vulnerabilitiesEncrypts/decrypts a stream of bytes (i.e., wireless transmission)Key is a input to pseudo-random-bit generatorGenerates an infinite keystream

29. Secure Communication over Insecure Medium

30. Asymmetric EncryptionPublic-key encryption based on each user having two keys:public key – published key used to encrypt dataprivate key – key known only to individual user used to decrypt dataMust be an encryption scheme that can be made public without making it easy to figure out the decryption schemeMost common is RSA block cipherEfficient algorithm for testing whether or not a number is primeNo efficient algorithm is know for finding the prime factors of a number

31. Asymmetric Encryption (Cont.)Formally, it is computationally infeasible to derive kd,N from ke,N, and so ke need not be kept secret and can be widely disseminatedke is the public keykd is the private keyN is the product of two large, randomly chosen prime numbers p and q (for example, p and q are 512 bits each)Encryption algorithm is Eke,N(m) = mke mod N, where ke satisfies kekd mod (p−1)(q −1) = 1The decryption algorithm is then Dkd,N(c) = ckd mod N

32. Asymmetric Encryption ExampleFor example. make p = 7and q = 13We then calculate N = 7∗13 = 91 and (p−1)(q−1) = 72We next select ke relatively prime to 72 and< 72, yielding 5Finally, we calculate kd such that kekd mod 72 = 1, yielding 29We how have our keysPublic key, ke,N = 5, 91Private key, kd,N = 29, 91 Encrypting the message 69 with the public key results in the cyphertext 62Cyphertext can be decoded with the private keyPublic key can be distributed in cleartext to anyone who wants to communicate with holder of public key

33. Encryption using RSA Asymmetric Cryptography

34. Cryptography (Cont.)Note symmetric cryptography based on transformations, asymmetric based on mathematical functionsAsymmetric much more compute intensiveTypically not used for bulk data encryption

35. AuthenticationConstraining set of potential senders of a messageComplementary to encryptionAlso can prove message unmodifiedAlgorithm componentsA set K of keysA set M of messagesA set A of authenticatorsA function S : K → (M→ A)That is, for each k  K, Sk is a function for generating authenticators from messagesBoth S and Sk for any k should be efficiently computable functionsA function V : K → (M × A→ {true, false}). That is, for each k  K, Vk is a function for verifying authenticators on messagesBoth V and Vk for any k should be efficiently computable functions

36. Authentication (Cont.)For a message m, a computer can generate an authenticator a  A such that Vk(m, a) = true only if it possesses kThus, computer holding k can generate authenticators on messages so that any other computer possessing k can verify themComputer not holding k cannot generate authenticators on messages that can be verified using VkSince authenticators are generally exposed (for example, they are sent on the network with the messages themselves), it must not be feasible to derive k from the authenticatorsPractically, if Vk(m,a) = true then we know m has not been modified and that send of message has kIf we share k with only one entity, know where the message originated

37. Authentication – Hash FunctionsBasis of authenticationCreates small, fixed-size block of data message digest (hash value) from mHash Function H must be collision resistant on mMust be infeasible to find an m’ ≠ m such that H(m) = H(m’)If H(m) = H(m’), then m = m’The message has not been modifiedCommon message-digest functions include MD5, which produces a 128-bit hash, and SHA-1, which outputs a 160-bit hashNot useful as authenticatorsFor example H(m) can be sent with a messageBut if H is known someone could modify m to m’ and recompute H(m’) and modification not detectedSo must authenticate H(m)

38. Authentication - MACSymmetric encryption used in message-authentication code (MAC) authentication algorithmCryptographic checksum generated from message using secret keyCan securely authenticate short values If used to authenticate H(m) for an H that is collision resistant, then obtain a way to securely authenticate long message by hashing them firstNote that k is needed to compute both Sk and Vk, so anyone able to compute one can compute the other

39. Authentication – Digital SignatureBased on asymmetric keys and digital signature algorithmAuthenticators produced are digital signaturesVery useful – anyone can verify authenticity of a messageIn a digital-signature algorithm, computationally infeasible to derive ks from kvV is a one-way functionThus, kv is the public key and ks is the private keyConsider the RSA digital-signature algorithmSimilar to the RSA encryption algorithm, but the key use is reversedDigital signature of message Sks (m) = H(m)ks mod NThe key ks again is a pair (d, N), where N is the product of two large, randomly chosen prime numbers p and qVerification algorithm is Vkv(m, a) (akv mod N = H(m))Where kv satisfies kvks mod (p − 1)(q − 1) = 1

40. Authentication (Cont.)Why authentication if a subset of encryption?Fewer computations (except for RSA digital signatures)Authenticator usually shorter than messageSometimes want authentication but not confidentialitySigned patches et alCan be basis for non-repudiation

41. Key DistributionDelivery of symmetric key is huge challengeSometimes done out-of-bandAsymmetric keys can proliferate – stored on key ringEven asymmetric key distribution needs care – man-in-the-middle attack

42. Digital CertificatesProof of who or what owns a public keyPublic key digitally signed a trusted partyTrusted party receives proof of identification from entity and certifies that public key belongs to entityCertificate authority are trusted party – their public keys included with web browser distributionsThey vouch for other authorities via digitally signing their keys, and so on

43. Man-in-the-middle Attack on Asymmetric Cryptography

44. Implementation of CryptographyCan be done at various layers of ISO Reference ModelSSL at the Transport layerNetwork layer is typically IPSecIKE for key exchangeBasis of Virtual Private Networks (VPNs)Why not just at lowest level?Sometimes need more knowledge than available at low levelsi.e., User authenticationi.e., e-mail deliverySource: http://en.wikipedia.org/wiki/OSI_model

45. Encryption Example - TLSInsertion of cryptography at one layer of the ISO network model (the transport layer)SSL – Secure Socket Layer (also called TLS)Cryptographic protocol that limits two computers to only exchange messages with each otherVery complicated, with many variationsUsed between web servers and browsers for secure communication (credit card numbers)The server is verified with a certificate assuring client is talking to correct serverAsymmetric cryptography used to establish a secure session key (symmetric encryption) for bulk of communication during sessionCommunication between each computer then uses symmetric key cryptographyMore details in textbook

46. User AuthenticationCrucial to identify user correctly, as protection systems depend on user IDUser identity most often established through passwords, can be considered a special case of either keys or capabilitiesPasswords must be kept secretFrequent change of passwordsHistory to avoid repeatsUse of “non-guessable” passwordsLog all invalid access attempts (but not the passwords themselves)Unauthorized transferPasswords may also either be encrypted or allowed to be used only onceDoes encrypting passwords solve the exposure problem?Might solve sniffingConsider shoulder surfingConsider Trojan horse keystroke loggerHow are passwords stored at authenticating site?

47. Passwords Encrypt to avoid having to keep secretBut keep secret anyway (i.e. Unix uses superuser-only readably file /etc/shadow)Use algorithm easy to compute but difficult to invertOnly encrypted password stored, never decryptedAdd “salt” to avoid the same password being encrypted to the same valueOne-time passwordsUse a function based on a seed to compute a password, both user and computerHardware device / calculator / key fob to generate the passwordChanges very frequentlyBiometricsSome physical attribute (fingerprint, hand scan)Multi-factor authenticationNeed two or more factors for authenticationi.e., USB “dongle”, biometric measure, and password

48. Passwords (Cont.)

49. Implementing Security DefensesDefense in depth is most common security theory – multiple layers of securitySecurity policy describes what is being securedVulnerability assessment compares real state of system / network compared to security policyIntrusion detection endeavors to detect attempted or successful intrusionsSignature-based detection spots known bad patternsAnomaly detection spots differences from normal behaviorCan detect zero-day attacksFalse-positives and false-negatives a problemVirus protectionSearching all programs or programs at execution for known virus patternsOr run in sandbox so can’t damage systemAuditing, accounting, and logging of all or specific system or network activitiesPractice safe computing – avoid sources of infection, download from only “good” sites, etc

50. Firewalling to Protect Systemsand NetworksA network firewall is placed between trusted and untrusted hostsThe firewall limits network access between these two security domainsCan be tunneled or spoofedTunneling allows disallowed protocol to travel within allowed protocol (i.e., telnet inside of HTTP)Firewall rules typically based on host name or IP address which can be spoofedPersonal firewall is software layer on given hostCan monitor / limit traffic to and from the hostApplication proxy firewall understands application protocol and can control them (i.e., SMTP)System-call firewall monitors all important system calls and apply rules to them (i.e., this program can execute that system call)

51. Network Security ThroughDomain Separation Via Firewall

52. Computer Security ClassificationsU.S. Department of Defense outlines four divisions of computer security: A, B, C, and DD – Minimal securityC – Provides discretionary protection through auditingDivided into C1 and C2C1 identifies cooperating users with the same level of protectionC2 allows user-level access controlB – All the properties of C, however each object may have unique sensitivity labelsDivided into B1, B2, and B3A – Uses formal design and verification techniques to ensure security

53. Security Defenses SummarizedBy applying appropriate layers of defense, we can keep systems safe from all but the most persistent attackers. In summary, these layers may include the following:Educate users about safe computing—don’t attach devices of unknown origin to the computer, don’t share passwords, use strong passwords, avoid falling for social engineering appeals, realize that an e-mail is not necessarily a private communication, and so onEducate users about how to prevent phishing attacks—don’t click on email attachments or links from unknown (or even known) senders; authenticate (for example, via a phone call) that a request is legitimateUse secure communication when possiblePhysically protect computer hardwareConfigure the operating system to minimize the attack surface; disable all unused servicesConfigure system daemons, privileges applications, and services to be as secure as possible

54. Security Defenses Summarized (Cont.)Use modern hardware and software, as they are likely to have up-to-date security featuresKeep systems and applications up to date and patchedOnly run applications from trusted sources (such as those that are code signed)Enable logging and auditing; review the logs periodically, or automate alertsInstall and use antivirus software on systems susceptible to viruses, and keep the software up to dateUse strong passwords and passphrases, and don’t record them where they could be foundUse intrusion detection, firewalling, and other network-based protection systems as appropriateFor important facilities, use periodic vulnerability assessments and other testing methods to test security and response to incidents

55. Security Defenses Summarized (Cont.)Encrypt mass-storage devices, and consider encrypting important individual files as wellHave a security policy for important systems and facilities, and keep it up to date

56. Example: Windows 10Security is based on user accountsEach user has unique security IDLogin to ID creates security access tokenIncludes security ID for user, for user’s groups, and special privilegesEvery process gets copy of tokenSystem checks token to determine if access allowed or deniedUses a subject model to ensure access securityA subject tracks and manages permissions for each program that a user runsEach object in Windows has a security attribute defined by a security descriptorFor example, a file has a security descriptor that indicates the access permissions for all users

57. Example: Windows 7 (Cont.)Win added mandatory integrity controls – assigns integrity label to each securable object and subjectSubject must have access requested in discretionary access-control list to gain access to objectSecurity attributes described by security descriptorOwner ID, group security ID, discretionary access-control list, system access-control listObjects are either container objects (containing other objects, for example a file system directory) or noncontainer objectsBy default an object created in a container inherits permissions from the parent objectSome Win 10 security challenges result from security settings being weak by default, the number of services included in a Win 10 system, and the number of applications typically installed on a Win 10 system

58. End of Chapter 16