121 Security Threats Types of Damage Vulnerable Resources Types of Attacks 122 Functions of a Protection System 123 User Authentication Approaches to Authentication Passwords 124 Secure Communication ID: 714380
Download Presentation The PPT/PDF document "12. Protection/Security Interface" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
12. Protection/Security Interface
12.1 Security Threats Types of Damage Vulnerable Resources Types of Attacks 12.2 Functions of a Protection System12.3 User AuthenticationApproaches to AuthenticationPasswords12.4 Secure CommunicationPrinciples of CryptographySecret-Key CryptosystemsPublic-Key Cryptosystems
Operating Systems
1Slide2
Security Threats
Types of damageInformation Disclosuretheft Information Destructionpossible without disclosureUnauthorized Use of servicesi
nstall SW without license, pirated copies (theft) use fake ID/password to use online service
Denial
of Servicedifficult to quantifyVulnerable resourcesHardware (CPU, memory, communications, devices)Software (files, processes, VM)
Operating Systems
2Slide3
Types of Attacks
Browsing of InformationUnauthorized search for residual informationUnused memory and disk space is generally not deletedTypically done by a user who is already insideInformation leakingA trusted service leaks confidential/secret information (Confinement Problem)
Operating Systems
3Slide4
Types of Attacks
Trojan Horse Greek mythology—the siege of Troywooden horse = “present” by Greekssoldiers hidden insideTrojans pulled the horse into the city soldiers opened the gates for the Greeks, causing the destruction of Troy
Attack: trusting user accepts a “
present
”, e.g. a free program, that causes damage (don’t open email attachments)
Trap door
a
n
undocumented
feature
i
nserted on
purpose
or as a
flaw
to enter later
Operating Systems
4Slide5
Types of Attacks
VirusesDesigned to replicate themselvesremovable storage media, email, file transferIntended to cause damageNeed a host programattach to and modify hostexecute as part of hostVirus detectioncheck program length(but virus can hide or compress program)c
heck for virus “signature”—bit pattern used by virus to mark already infected program (viruses use encryption)
Operating Systems
5Slide6
Types of Attacks
WormsIntended to cause damageExploit some system weakness to replicateNo host neededExample: Robert Morris Internet Worm (Nov 2, 1988)Excessive replication caused major havoc on the internet (denial of service)3 separate attacks:rsh: Spawn process on remote machine without pw (using a list of “trusted” systems)sendmail
: Exploited an error that allows a message to send itself and startfinger: Buffer overflow
not checked – major weakness to take over the system
Operating Systems
6Slide7
Types of Attacks
Buffer Overflow: Example:foo calls fingerAttack hijacks return address by supplying aparameter that islonger than the buffer (overflows)When
finger terminates,control goes to a placeset by the attack and
is not returned to
foo
.
Operating Systems
7Slide8
Types of Attacks
Remote executionService to upload and start code on remote machineMobile agent: may migrate among machinesLike worm but legitimate migrationMust be designed carefully to prevent abuse of privileges of remote host environmentWire tappingInsert a device into line or listen to wirelessPassive (listen) or Active (modify)Waste searchingLook for passwords or sensitive data
Operating Systems
8Slide9
Types of Attacks
MasqueradingImpersonate process, user, serviceUsed from outside: Use stolen password (impersonate a legitimate user)Break communication line, assume sessionUsed from within (spoofing):Impersonate login shell, steal passwordTrial and errore.g., try to guess passwordOperating Systems
9Slide10
Types of Attacks -- Classification
From withindirect access as a valid processindirect Access via agent (attacker not present during attack)From outsidechannels provided for legitimate purposesillegitimate channels
Operating Systems
10Slide11
Functions of a Protection System
External safeguardsguard physical access (locks, badges, cameras)Verification of user identity (User Authentication) Communication safeguardsprotect public/vulnerable lines: cryptographyAccess control (Ch 13)c
an Subject perform function on R
esource
Information flow
control (Ch 13)can S get information contained in R (indirectly)
Operating Systems
11Slide12
User Authentication
Approaches:Knowledge of some informationPassword, dialogPossession of some artifactMachine-readable cards (ATM)Combine with knowledge (PIN)Biometrics: Physical characteristics of personFingerprintHand geometryFace geometryRetina or iris scanVoice printSignature dynamics
Operating Systems
12Slide13
Fingerprint Recognition
Extremely useful biometrics technologyFingerprints are a primary and accurate identification method
Operating Systems
13Slide14
Fingerprint Recognition
Uses the ridge endings and bifurcation's to plot points known as minutiaeThe number and locations of the minutiae vary from finger to finger and from person to person
Minutiae
Finger Image
+ Minutiae
Finger Image
Operating Systems
14Slide15
Face Recognition
Uses an image or series of images
Principle: analysis of the unique
shape, pattern and positioning
of facial
features
Passive
: does not require a person’s cooperation
Highly
complex
technology
Common approach:
Face geometry
Operating Systems
15Slide16
Voice Recognition
Not speech recognition, it is speaker recognition Low-cost (cheap hardware)
Not very accurate (voice varies, noise)Can be
stolen
(recorded)
Operating Systems
16Slide17
Hand geometry
one of the most deployed biometrics world wide
Ben
Gurion
Airport
(Israel)
Operating Systems
17Slide18
Signature Verification
Static/off-line: match pattern (image)can easily be reproducedDynamic/On-line:match movement
of the pen during signing process (pressure, speed)
Many commercial products
Operating Systems
18Slide19
Iris recognition
Based on visible features, i.e. rings, furrows, freckles and the corona Safest, most accurate biometrics technology
Heathrow Airport (London
)
Operating Systems
19Slide20
Retina recognition
Capture the pattern of blood vessels throughout the retinaNo two retinas are the same, even in identical twins
More difficult/less convenient than iris scan
Operating Systems
20Slide21
Thermograms
infrared camera to detect the heat patterns
Other techniques
DNA
Unique
(except for identical twins) but many
imitations
:
n
ot fully automated, slow, expensive
p
rivacy
issue – DNA contains information about
race
, paternity, medical
conditions
r
equires
a physical sample of tissue
Operating Systems
21Slide22
User Authentication
Problem with biometrics:uncertainty in recognitionSystem generates anumber 0 n 1Bimodal distributionThreshold must be chosen to minimizefalse alarmsimposter acceptance
Operating Systems
22Slide23
User Authentication
PasswordsMust protect stored password files from accessMust prevent trial and error (guessing)Protecting password filesMaintain unencrypted; rely on access controlEncrypt using “one-way” function H:H-1 is unknownknowing H(x) does not yield x
keep only H(pw) with user namea
t login, compute
H(pw’)
and compare with H(pw)Operating Systems23Slide24
User Authentication
Preventing password guessingSystem-generated pwRandom string: difficult to memorize“Pronounceable” wordsSystem-validatedAccept only passwords that obey specifications (length, mix of letters/digits, upper/lower case)Employ
password-cracking programs toreject easy-to-guess passwords
Time-limited
Expiration
date or number of usesOperating Systems
24Slide25
User Authentication
One-time passwords Smart card (can be lost or stolen)Use secret function; System generates a challenge n, user replies with f(n) as password; e.g. f(n)=3*n/2Use one-way function to generate series ofone-time passwords from one password
pw… H(H(H(pw))) H(H(pw)) H(pw) pwIntruder can derive H(H(pw)) from
H(pw)
but not
H(pw) from H(H(pw))because H-1 is unknownOperating Systems
25Slide26
User Authentication
guess any valid password:repeatedly generate strings s (dictionary, random, …), check if H(s) is in tableSystem-extended pwfor each pw, generate randomnumber slt (called “salt”)store: UserName,
slt,H(slt,pw
)
g
uessing: must check H(slt,s) for every slt in tablesalting does not make it harder to guess the password of a
specific user
Operating Systems
26Slide27
Functions of a Protection System
External safeguardsGuard physical access (locks, badges, cameras)Verification of user identity (User Authentication)Communication safeguards Protect public/vulnerable lines: cryptographyAccess controlCan Subject perform function on ResourceInformation flow controlCan S get information contained in R
(indirectly)Operating Systems
27Slide28
Secure Communication
Principles of cryptography: Cipher text, Plain text, Key(s)Encrypt: C = E(P,Ke)Decrypt: D(C,Kd) = P Goals:Secrecy
= message content not revealedIntegrity = message not modifiedAuthenticity = establish identity of sender
Nonrepudiability
= establish identity of creator (regardless of who sent it)
an actor cannot deny creation of message (signature)
Operating Systems
28Slide29
Secure Communication
Secret-key Cryptosystems
Symmetric
:
S
and
R
s
hare
a common
secret
key
K
which is used for both encrypting and decryptingOperating Systems29Slide30
Examples
transposition
cipher:
rearranges the order of letters
example algorithm: swap 2 letters, skip n
key: n
e.g., n=1: 'hello world' → '
ehlol
owrdlnd
’
substitution
cipher
replace letters or groups of letters
e
xample: Cesar cypheralgorithm: replace every letter by the letter k positions down in the alphabetkey: ke.g., k=1: 'fly at once' → 'gmz bu podf‘Easy to break using statistical analysisSecure CommunicationOperating Systems30Slide31
Example: DES
US standard (1977)
Blocks of 64 bits
Block is divided into L and R half
F applies Key to R
result is
XOR’d
with L, becomes new R
old R becomes new L
repeat 16 times
F uses:
permutations
s
ubstitutions
XOR with a 56-bit key
Triple-DESC = DEA(DEA(DEA(P, K3), K2, K1)Secure CommunicationOperating Systems
31Slide32
Secure Communication
With Secret-key cryptosystems:Secrecy: only R can decrypt CIntegrity: intruder cannot produce valid messageNonrepudiation: not possible, S can denyAuthenticity of sender: must prevent
replay
Operating Systems
32Slide33
Secure Communication
Use nonce N to prevent replay of message: S R(1) N(2)
C=
E
({
P,N},
K)
Capturing either message does not help;
both are different every time
Use
timestamp
T
to prevent replay
S R C=E({P,T},K) Limits possible replay to a chosen time intervalOperating Systems
33Slide34
Secure Communication
Key distribution and authenticationBoth S and R must have the same key KTrusted server approach:Each process has its own secret key for communication with trusted Key Distribution Center (KDC)At runtime, process A asks KDC for a Session Key KAB for communication with process B
KDC A B
(
1) A,B
(2) E({KAB,B,
ticket},K
A
)
(3)
ticket
ticket
=
E
({KAB,A},KB)Operating Systems34Slide35
Secure Communication
Public-key cryptosystems (Diffie-Hellman, 1976)Asymmetric: different keys for encryption and decryption One cannot be derived from the otherOne is Public key, other is Private
Operating Systems
35Slide36
Secure Communication
With Public-key cryptosystemsSecrecy: only R can decrypt message using KRprivIntegrity: intruder cannot produce valid message without KSprivAuthenticity of creator: same as integrity: only
S knows KSpriv
Authenticity of
sender
: use nonce or timestamp to prevent replay
Operating Systems
36Slide37
Secure Communication
How to make a key/function so that the other cannot be derived from it?RSA (Rivest, Shamir, Adelman) Public Key C = E(P) = Pe mod n P = D(C) = Cd mod n(e,n
): Public encryption key(d,n
)
:
Private/secret decryption key; d cannot be derived from eOperating Systems
37Slide38
Secure Communication
RSA Key GenerationChoose large primes p and q; compute n=p*qExample: p=5, q=7, n=35Choose d to be a (large) prime number having no factors in common with (p
1)*(q1)Example
:
(51)*(71)=24; d=5 or 7 or 11 (choose 11)
Choose e such that e*d mod (p
1)*(q
1) = 1
Example
:
e*11 mod 24 = 1; e = 11
or 35 or 59 or 83 … C = E(P) = P59 mod 35 P = D(C) = C11 mod 35Operating Systems38Slide39
Secure Communication
Why is RSA encryption secure?n is derived from p and q; (n=p*q)d is also derived from p and q; (no common factors)e
is derived from d but also needs p and
q;
only
d is known/public, p and q have been discarded → e cannot be derivedsimilarly, d cannot be derived from
e without p and q
Operating Systems
39Slide40
Secure Communication
Public key distribution and authenticationMaking key public is easy, but need to authenticate it:How does A safely get B’s public key KBpubl ?Trusted server approach: KDC A(1) A,B
(2) E
({
B,
KBpubl},K
KDCpriv)
KDC provides B’s public key
K
B
publ
K
KDC
priv
guarantees authenticity (KDC sent it)
Operating Systems40Slide41
Secure Communication
Digital Signatures: How can a document be “signed” and transmitted electronically?Here is my signatureAnyone can copy and attach it to any documentSign on paper, scanAny document is
digitized and can be modified
Public-key cryptosystems permit
unforgeable
electronic “signatures”?
Operating Systems
41Slide42
Secure Communication
Digital Signature: document M is to be “signed”Sender generates unique digest: d = H(M)Sender encrypts E(d,KS
priv),
receiver decrypts with
KSpubl
Receiver computes d’ = H(M);
d’
is a unique signature of document
M
d=d’
means that
d
is a also a unique signature of
M
;Decryption authenticates sender, proving sender sent d i.e., sender signed MOperating Systems42