Transcript Introduction to computer security
Introduction to Information Security
Overview
Definitions
Design issues
Cryptography
Security Protocols
[And08] R. J. Anderson. Security Engineering: A guide to building dependable distributed systems. John Wiley & Sons Inc, New York, Second edition, 2008. http://www.cl.cam.ac.uk/~rja14/book.html
[Sch04b] B. Schneier. Secrets and Lies: Digital Security in a Networked World. Wiley Publishing Inc, Indianapolis, Indiana, second edition, 2004. http://www.schneier.com/book-sandl.html
IIS
Definitions
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
Security is asset protection
owners 1 impose countermeasures 5 that may possess may be aware of to reduce that may be reduced by vulnerabilities 4 wish to minimize value threat agents 7 that exploit leading to risk 3 to give rise to threats 6 that increase to assets 2 wish to abuse and/or may damage [ISO09] ITSEC. Information technology security techniques evaluation criteria for IT security part 1: Introduction and general model. Int. Standard ISO/IEC 15408-1, ISO/IEC, Dec 2009. http://standards.iso.org/ittf/PubliclyAvailableStandards/c050341_ISO_IEC_15408-1_2009.zip
IIS
IIS
Definitions
Availability: authorised users want the system to work as/when they expect it to Reliability: the ability of a system or component to perform its required functions Safety: being protected against non-desirable events (not specifically malicious) Confidentiality: to stop unauthorised from reading sensitive information users Integrity: Every data item/system component is as the last authorised modifier left it Maintainability: ease with which a software product can be modified
Dependability vs. Security
Dependability Availability (systems, data ) Reliability (systems ) Safety (systems ) Confidentiality (data ) Security Integrity (systems, data ) Maintainability (systems ) [Avi04] A. Avižienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. on Dependable and Secure Computing, 1(1):11 33, Jan 2004. http://doi.ieeecomputersociety.org/10.1109/TDSC.2004.2
IIS
Access control model – AU
3
Authentication Authorisation Principal Do Operation Reference Monitor Object Source request guard resource Audit log
Authentication: determine who makes request Authorisation: determine who is trusted to do which operation on an object Auditing: determine what happened and why
[Lam04] B. W. Lampson. Computer security in the real world. IEEE Computer, 37(6):37-46, Jun 2004. http://doi.ieeecomputersociety.org/10.1109/MC.2004.17
IIS
Privacy vs. Security
Privacy is the right of an individual to determine what information about oneself to share with others
Security can help
» Selectively encrypt data
Security can hinder
» » Calling home to prevent piracy (Audit) logging [War1890] S. D. Warren and L. D. Brandeis. The right to privacy. Harvard Law Review, 4(5):193-220, Dec 1890. http://www.jstor.org/stable/1321160
IIS
Design issues
Examples of design goals
Good:
As secure as the real world [Lam04]
Defense in depth Make it usable Be explicit about: naming, typing, freshness, assumptions, goals, limitations etc [And95a] Bad:
Design security as an afterthought
Security by obscurity [Ker1883] Make it complicated
[Ker1883] A. Kerckhoffs. La cryptographie militaire. J. des Sciences Militaires, IX:5-38, Jan 1883. http://www.petitcolas.net/fabien/kerckhoffs/
IIS
IIS
Tools
Policy – what is supposed to happen?
» Access control
Mechanisms – how should it happen?
» » » Tamper resistance Biometrics Cryptography, Hashing, Random numbers
Assurance – does it work?
» » Risk management Protocol verification
Attacks
Definition: a successful exploitation of a vulnerability
Examples:
» » Attacker shuts you out by trying to log in as you Cold boot attack (remember the movie?) [Hal08] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold boot attacks on encryption keys. In 17th USENIX Security Symp., pp 45-60, San Jose, California, Jul 2008. USENIX Association. http://citp.princeton.edu/memory/
IIS
Cryptography
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
Algorithms + keys
Cipher (aka cryptosystem)
» » “Public” algorithm + Secret keys “attack” encrypt “sdwr$350” decrypt
IIS
Symmetric ciphers
Public algorithm + one secret key
Standard algorithms: DES, AES
Example: one time pad 01011001 01010101 ---------------- 00001100 01010101 ---------------- 01011001 XOR XOR Message Secret key Cipher text Secret key Decrypted message
IIS
IIS
Asymmetric ciphers
Public algorithm+private key+public key
Example: El Gamal
» » » » » » » Multiplicative group Z n *={1...n-1} with n prime Generator g: Z n * = { g i | i N } Private key: Public key: Salt: Enc(m,h): Dec((c,d),x): x c/d x Z n * h = g x y R Z n * (c,d) = (mh y , g y ) All calculations modulo n
Exercise: prove that this works...
IIS
Random numbers
Pseudo random in SW True random in HW Standard statistical tests
» NIST web site
For example
» » » » » r Linear Congruential Method 0 = s r n+1 =(a r n +c) mod m Cyclic Deterministic
IIS
Hash functions
Map arbitrary bit string to fixed size output
» » » Easy to calculate for given input Practically impossible to invert Extremely unlikely that two inputs give the same hash
For example
» Knuth
’
s variant on Division » » Hash(n) = n(n+h) mod m Try it out
…
Visual Cryptography
[Nao97] M. Naor and B. Pinkas. Visual authentication and identification. In Burton S. Kaliski Jr., editor, 17th Int. Conf. on Advances in Cryptology (CRYPTO), volume LNCS 1294, pages 322 336, Santa Barbara, California, Aug 1997. Springer. http://www.springerlink.com/content/ghv31wm0pexkd3kq/
IIS
Security Protocols
[And95a] R. J. Anderson and R. Needham. Programming satan's computer. In J. van Leeuwen, editor, Computer Science Today, volume LNCS 1000, pages 426-440. Springer, 1995. http://dx.doi.org/10.1007/BFb0015258
Definitions
Sequence of communications by two or more parties to achieve security objective(s)
Not like this (why?): A
B: B
A: A
B: A Enter password: $R%&^8!
“Hi, I’m Alice” “Prove It!” “Here’s the proof”
IIS
Dolev Yao attacker model
Eve can:
» » » » See all messages Delete, alter, inject and redirect messages Initiate new communications Reuse messages from past sessions
Eve cannot:
» Solve
“
hard
”
problems (such as?) » » » Guess pseudo-random values (eg. nonces) Get another identity (identity theft) Time computations
What to do: Make everything explicit
IIS
Design is hard
‘‘Security protocols are three line programs that people still manage to get wrong’’ (Roger Needham)
[Low96] G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key protocol using FDR. In 2nd Int. Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume LNCS 1055, pages 147-166, Passau, Germany, Mar 1996. Springer. http://dx.doi.org/10.1007/3-540-61042-1_43
IIS
Authentication protocol (1)
A
B: B
A: A
B: A Enc(Nb,PKa) Nb “Hi, I’m Alice” “Prove It!” “Here’s the proof”
What’s the problem with this?
» The nonce Nb leaks, so it cannot be used to secure the session
IIS
Authentication protocol (2)
A
B: B
A: A
B: A Enc(Nb,PKa) Enc( Nb ,PKb) “Hi, I’m Alice” “Prove It!” “Here’s the proof”
(Wo)man in the middle attack: A
E
B : B
E
A : A
E : A Enc(Nb,PKa) Enc(Nb,PKe) B receives “A” from E E uses A to decrypt Nb Now E has Nb E
B : Enc(Nb,PKb) E fools B
IIS
Authentication protocol (3)
A
B: B
A: A
B: A Enc({ B, Nb},PKa) Enc(Nb,PKb)
Does it work now?
A
E
B : B
E
A : A Enc({ B, Nb},PKa) “Hi, I’m Alice” “Prove It!” “Here’s the proof” “Hi, I’m Alice” A can see that the message is not from E
IIS
IIS
Conclusions
Consider the system as a whole
Know your enemy
Be explicit
Use standard tools