Transcript CS3041 Software Engineering

Computer Security: Friend, Foe or Failure?
Dr. Ishbel Duncan
School of Computer Science
March 13th 2009
Some recent figures
o The American FBI Internet Crime Complaint Center received
207,000 complaints in 2007 relating to $240M of e-crimes.
o Japanese cybercrime is at record levels tripling between 2004
and 2008. Threats and illegal access increased by 90% and
20% between 2007 and 2008 but fraud has decreased
slightly.
o 33% increase in card fraud forecast for 2009
o 40% of UK children don’t know the people they are chatting to
online. Half admitted to downloading music illegally using P2P
software and 20% said their systems were infected by viruses
after downloading. Half share their home systems with other
members of the family.
UK bank cards
UK consumers lost £302M to card fraud in the first half of
2008. In 2007 it was £535M.
Spending on credit cards was £124Bn in 2007 and £126Bn in
2007.Debit card spending rose from £224Bn to £245Bn.
Debit cards accounted for 75% of all transactions and the
number of debit cards in circulation overtook credit cards in
2008. There are 75M debit cards in circulation and 71M credit
cards.
Online banking fraud rose 185% in the first half of 2008 mainly
because of phishing attacks.
1 in 8 UK online firms lose more than 5% of income to fraud.
Military Hacker
Gary McKinnon of London allegedly hacked into NASA, the
Pentagon and 12 other military networks between February
2001 and March 2002.
In one attack on an army computer at Fort Myer, Virginia he
obtained administrator privileges which allowed him to delete
1300 user accounts and copy files containing usernames and
encrypted passwords. He managed to shut down the
Internet on 2000 military computers for three days.
The US Government said it spent $1M cleaning up their
systems.
McKinnon was indicted in November 2002 but is contesting
extradition and the hearing is in July 2009 in London. His bail
agreement prevents him from using any computer equipment.
Online Theft
Online theft is currently estimated to cost $1Trillion a year.
and rising…..
But… card fraud identikits have fallen in price from $15 to $2.
More than half the world’s GDP is estimated to flow through
the internet every day through the SWIFT network.
At the World Economics Forum in Davos in January, it was
stated that “the internet was vulnerable but as it was now part
of society’s central nervous system, attacks could threaten the
whole economy.”
A virtual group had redirected the details of 25M credit cards
to the Ukraine.
Infections
The safest country for computer virus infections is Australia.
Only 1 in 574 emails contain a virus there compared to
1 in 213 here in the UK
1 in 415 for the USA
1 in 451 for Japan.
India is the most virus ridden with 1 in 197.
Spam emails this year spiked on Valentine’s Day, with 9% of all
email.
Phishing this year has taken advantage of the economic crisis
with 1 in 190 emails a phish attack in February (up from 396).
France is the most spammed country with 75% of all emails
being spam. The UK get spam in 67% of all email.
Cyber Warfare
Cybercrime is one thing, cyber warfare is another.
Estonia came under a denial of service attack from Russia in
2007 and 2008 which disabled banking and utilities.
Cyber Warfare is now a real threat to all countries but do we
want governments to regulate the internet to prevent misuse?
Legal problems:
o where an attack takes place is usually different from the
country of the perpetrator.
o many satellites or servers may be used to target a victim
bringing in more “victims” or “accomplices”
A Short Security History
Herodotus chronicles how Demaratus of Greece sent tablets covered
in wax to the Spartans to warn of a Persian invasion and, separately,
of Histaiaeus who shaved the head of a servant.
The Chinese wrote on fine silk and wrapped it in a small ball of wax.
Al-Kindi wrote on deciphering cryptographic messages in the 9th
Century by noting letter frequencies.
Chaucer encrypted plaintext (normal language) with symbols.
By the 15th Century, encryption was common among diplomats.
The Spartan Scytale
The Spartans used a scytale in the 5th Century BC – a rod of
wood with a strip of text wound around it.
The Caesar Cipher
Replace letters with another at a distance of N apart
Character Manipulation
o The most basic character manipulation is a substitution
cipher. Here letters are exchanged in the alphabet.
o The most famous substitution cipher is the Caesar cipher
where letters were replaced with one further down, or up,
the alphabet.
o e.g. HAL = IBM with a shift of 1.
o Often letters were/ are arranged in groups of 5 to avoid
noting word lengths.
kujdg nfpoe co
Mary of Scotland
The Babington Plot:
The code was a substitution cipher plus some
symbols representing words such as bearer,
my and pray.
Pattern Analysis
There are characteristic letter patterns in any language.
We know the most common letters in English are ASINTOER.
A
E
I
O
8.0%
13.0%
6.5%
8.0%
S
T
N
R
The least frequent is?
6.0%
9.0%
7.0%
6.5%
Digrams and Trigrams
Just as there are common letters so also are there common
pairs or triples of letters (digrams and trigrams).
Transpositions leave the plaintext letters intact so if the
letter frequencies are similar to “normal” frequencies then we
infer that transposition has taken place.
Some of the most common are:
er
th
en
ed
an
or
in
gh
ent
ion
and
ing
ive
for
tio
one
Charles Babbage
Babbage broke the
Vigenere cipher which
uses a keyword to
determine a different
cipher alphabet.
Vigenère Tableau Example
Using the key phrase:
I am I exist, that is certain
To send the message
Machines cannot think
i am i exist that is certain
m ac h inesc anno tt hink
o Row M, column I is u
o Row A column A is a
o Row M column C is o …………uaopm kmkvt unhbl jmed
The Underground Railroad
Escaping Slaves in the
American States would
allegedly follow signals in
quilts laid out to air.
World War 2: The Enigma machine
Scherbius’s machine was patented in 1918. It had 3 scramblers to encipher the
plaintext plus a plugboard that swapped 6 letters.
Rejewski of Poland spent 8 years deciphering Enigma and his work was passed
on to Bletchley Park where it was deciphered.
A story: Key Exchange
In pre-revolutionary Ruritania, the postal service was not to be
trusted. Boxes would be opened and contents removed. Only
those that could not be opened were delivered. Stout boxes
and padlocks were available but each padlock had a single unique
key that could open the lock.
How can Prince Rupert send a priceless necklace to his beloved
Princess Irena if there is no other way of transporting his gift
other than via the postal service?
In other words, how can we send a secret message that only
the sender and receiver can read.
Rupert sends his gift inside a padlocked box.
Irena returns the box with her padlock on the box.
Rupert removes his padlock and sends back the box to Irena with
only her padlock attached.
History remembers those who publish first
One major stumbling block of any cryptographic system is the
exchange of keys. Any public way of interchange may be overheard.
Whitfield Diffie, Martin Hellman and Ralph Merkle of Stanford
are remembered as the fathers of public key cryptography,
publishing and patenting their idea in 1976.
There system allows two people to agree keys which allow them
to communicate an encrypted message without them having the
same key.
However, James Ellis of GCHQ had the same idea 10 years earlier
and Clifford Cocks and Malcolm Williamson discovered the key
exchange algorithm by 1975. However, their work was classified and
GCHQ did not contest the American patent.
Crypto Basics
Encryption and Decryption.
Meet Alice and Bob
Alice and Bob wish to converse secretly. Alice has message M
which she encrypts with a function E.
C = E(M)
She sends this to Bob who decrypts the message with function D.
D(C) = D( E(M)) = M
However, Eve wishes to listen in and can deduce the form of the
functions E and D or the message M. Bob and Alice now have to
use a more robust mechanism to pass their messages.
Symmetric Encryption
Symmetric algorithms use one key, a secret key encryption.
A and B share the key and as long as it is private it offers
authentication. But A and B have to agree on the key in
advance.
What happens if C is invited to share a secret with A and B.
We may need two more keys for A-C and B-C communication.
For an N-user system we would require n(n-1)/2 keys for
each pair of users.
Cryptosystem
o A cryptosystem is one in which rules are applied to encrypt
and decrypt text. These algorithms often use a key, denoted
by K, as a mechanism to adapt the plaintext.
o The ciphertext is the plain text adapted by the algorithm
and using the key value.
C = E(K,P)
o E is the Encryption Algorithm, or more precisely the set of
Algorithms, and K is the Key which selects precisely one
algorithm.
o (Think of Yale keys – there are many but only one fits your
door lock)
Alice and Bob again
o Alice and Bob could know each other’s key (or share a key).
o Eve would then be able to mount a ciphertext only attack as
she knows C but not P. If she had previous knowledge of
plaintext she may still be able to deduce the messages, or
she may use probabilities and distribution characteristics of
the language.
Asymmetric Encryption
In public key or asymmetric encryption, each user has two keys:
a public and a private key. The public key is published freely
because it is only one half of an inverse pair.
Using keys for decryption and encryption we have:
P = D(KD, E(KE,P))
Now we have P = D(Kprivate, E(Kpublic,P))
The public key encryption is decrypted via the private key.
P = D(Kpublic, E(Kprivate,P))
The private key encryption is decrypted via the public key.
Multiple users can send messages privately to each other using
public keys.
Encryption with Keys.
Diffie-Hellman (1976)
Diffie and Hellman published the first paper on public key
cryptography. There are three conditions:
o It must be computationally easy to encode/ decode with the
a key.
o It must be computationally infeasible to derive the private
key from the public key.
o It must be computationally infeasible to determine the
private key from a plaintext attack.
Mathematically we require to find k such that
n = gk mod p
Where p is prime and g <> 0,1, or p-1
Asymmetric Encryption Example
Alice and Bob have chosen
p = 53
g = 17
p is the prime modulus, g is the mantissa.
Their private keys are
kalice = 5
kbob = 7
Their public keys are
kalice = 175 mod 53 = 40
kbob = 177 mod 53 = 6
Bob sends Alice a message by computing a shared key:
S Bob, Alice
= K Alice kBob mod p
= 407 mod 53 = 38
Alice decrypts using her private key:
S Alice, Bob
= K Bon kAlice mod p
= 65 mod 53 = 38
RSA
The Rivest-Shamar-Adelman (1978) cryptosystem is a public
key system and has been a de facto standard for many years.
n =pq, where p and q are prime numbers. The totient Φ(n) is the
number of numbers < n with no factors in common with n.
Example:
p = 7, q = 11, n = 77, Φ(n) = 60.
e, the encryption key, is relatively prime to (p-1)(q-1)
d, the decryption key, is e-1 mod ((p-1)(q-1))
Encrypt as c = me mod n
Decrypt as m = cd mod n
RSA Example
Alice chooses public key as 17, private as 53.
Bob sends “Hello World” which is encoded as
07 04 11 11 14 26 22 14 17 11 03
Bob’s ciphertext is
0717 mod 77 = 28
0417 mod 77 = 16 etc
=> 28 16 44 44 42 38 22 42 19 44 75
Nonrepudiation
The use of a public key system provides non repudiation of the
the source of the message and the message itself as only the
private and public key pair can encode and decode the system.
The security of RSA depends on the factoring problem and is
an obvious means of attack; knowledge of one pair of
exponents or use of a common modulus will allow attacks.
Messages should be padded with random values when low
encryption exponents are used.
General Users: passwords
• Consider what is at risk if you password is compromised.
• Consider how much you trust the systems that see your
passwords.
• Which is better – write down a few important passwords or
reuse passwords or make them “weak”?
• Use a phrase or a song rather than single word.
• If the password is 6 characters, 99.95% of variants will be
non words – use one of them!
Passwords
Feb 2009:
28,000 log in details stolen from a well known website were
posted online. It was noted that
o 14% of users used sequential passwords such as 123456 or
QWERTY
o 16% used their first name as a password
o 5% used the names of popular celebrities.
o 4% used “password”
o 3% chose “idontcare”, “whatever”, “yes” and “no”
Are these users naïve?
Biometrics
o Voice recognizers, handprint detectors, thumbprint analysis,
retinal scanners are coming into more use for other than
military security or government systems.
o Biometrics are biological authenticators based on physical
characteristics. These cannot be lost, but may be stolen!
o Authentication is not always easy – fingerprints may be
damaged by scarring, voice recognition systems must be
trained to the user’s voice/ accent.
o Current biometric systems are expensive, bulky and slow.
Users are still unsure about the privacy issues and some
consider the systems intrusive.
Biometric Systems
o Fingerprint recognition
o Iris Scanners
o Keystrokes
Voice recognition
Face Recognition
Signatures
o Combination systems use two or more of the above. Most
systems are used in supervised areas, e.g. airports.
o Systems use sampling and thresholds for pattern matching.
This requires training the systems and a lot of statistical
data.
o Performance:
False acceptance rate (fraud rate), False rejection rate
(insult rate) are major issues.
Today’s problems
Computers have come a long way in 25 years from being research
instruments to everyday tools for schools, libraries, telephones,
transport etc.
Most people have over 6 computers in their home: mobiles, tv,
video, CD players/ recorders, microwave, cookers, a Wii plus the
computer itself.
Walking in the street we may have cameras watching us and all
our movements recorded and analysed by computer.
We assume that computers are safe and reliable.
But… they can also be our enemy.
Key Principles
o Principle of Easiest Penetration:
An intruder must be expected to attempt any available
means of penetration and the one that succeeds may not be
the obvious one.
o Principle of Adequate Protection:
Computer Items must be protected until they lose their
value and they must be protected to a degree consistent
with their value.
o Principle of the Weakest Link:
Security is as strong as the weakest link.
o Principle of Effectiveness:
Controls must be used, be appropriate and be applied
properly
Security Failures
The vast majority of attacks are done by Bots or Botnets.
These are automatic, and to some extent autonomous, small
programs which trawl the internet. They can be:
o Spam
o Viruses & Worms
o Rootkits
o DDOS attacks
o Phishing attacks
o Bots
Another technique is Social engineering
We need to secure networks, operating systems, applications
and files.
Botnets
Large numbers of computers have been brought under
Non-owner control (?) to launch attacks, spam, DoS or some
fraudulent activity.
The BBC (25 Jan 2007): “Of the 600 million computers
currently on the internet, between 100 and 150 million were
already part of these botnets.”
Yahoo suffered one botnet using up 15% of search capacity.
Whose Failure?
Security is not just technical, it also requires educating users.
If users fail to follow advice then it is not surprising attacks
and failures happen. But, can the user be blamed for not
following advice when most computer users are non technical
and believe they are safe because they buy protection.
Users are led to believe that if they pay for cover they are
safe. But measures against security are allegedly directly
proportional to the perceived threat. Every breach will make us
protect even more.
All companies have losses, perhaps we should expect failure in
our protection systems?
If you build it, they will come….
You can build a secure system but if you can’t enforce a
security policy then you can’t be 100% secure.
This is not unknown in history:
You can build a fortress but attacks will happen if people can
climb the walls or break down the small servants back door.
We don’t want to live in isolation so we need to communicate,
therefore choices must be made between total security and
openness.
Companies are the same: they want network and file security as
long as it doesn’t cost too much in money and effort.
Lost Discs
HMRC sent two discs containing the entire Child Benefit
database to the National Audit Office unregistered and
unencrypted in 2007. The data contained personal details of
25 Million people and was reckoned to be worth up to £1.5B to
criminals.
The discs were lost
90,000 staff at HMRC have been given extra training and
20,000 MoD laptops have been encrypted.
An ex contractor of the DWP had two discs with benefit
claimant details. She forgot to return them but was never
asked for them (2007).
More Lost Data
It was estimated that sensitive data affecting 4M people was
lost in 2007/8:
o NI numbers of 17,000 people lost on a disc
o theft of a laptop with encrypted details of 17,000 Sats
markers
o The Ministry of Justice lost information on 45,000 people
regarding their criminal histories.
o The FO lose data on 190 people in 5 separate cases.
o The Dept. of Transport lost 3M records of driving test
applicants.
o The HSBC lost a disc with data on 370,000 customers.
o HMRC sent Standard Life a CD through the post containing
data on 15,00 Standard Life customers. It didn’t arrive.
o Documents from the DWP were dumped on a roundabout in
Devon.
Missing Laptops
In 2007, a laptop was stolen from the boot of an HMRC
car. It was suggested that the computer contained data on
400 customers holding high value ISAs at five different
companies.
Also in 2007, a laptop was stolen from a Nationwide employee’s
home. It contained 11M customer records. Nationwide were
Fined £980,000 by the City watchdog.
A Royal Navy officer had his laptop stolen from his car. It
contained information on 600,000 people.
Hard drives were reported missing from the MoD and the
National Offender Management Service.
More Government mishaps…
The MoD lost an encrypted laptop with 620,000 personal
records including bank account and NI numbers as well as
45,000 people named as referees or next-of-kin for service
applicants.
An external contractor downloaded information onto a memory
stick and then lost it. The data concerned 10,000 offenders
and the names, dates of birth and release dates of 84,000
prisoners in England and Wales.
The MoD confirmed 121 computer memory sticks had been lost
or stolen since 2005 and 658 laptops since 2004.
Only 5 memory sticks contained secret data!
Security Mechanisms: Access Control List
An Access Control Matrix describes the rights of subjects and
objects.
ACLs work well with data oriented system where permissions
are stored with the data or the owner can set up the ACL.
ACLs are less suited to systems with large user populations.
Roles
Role based access control (RBAC) is an example of access
control that applies at the application layer. Here we have
functional groups or user roles.
A user could be a system administrator, a general user, a tutor
etc. Some roles could be qualified such as a tutor on a module.
Each role allows the certain privileges or allows them to
execute some tasks (procedures).
Rings of Protection
Rings of protection offer different levels of privilege for the
users or system programs. (Multics, Unix, Intel 80286 onwards)
Ring 0 : kernel, access to disk
Ring 1 : process manager
Ring 3 : all other programs.
Current privilege can only be changed by a process in Ring 0.
Outer rings have fewer privileges, I/O forbidden, memory
mapping disallowed.
Bell-LaPadula (Multilevel Security)
David Bell and Len LaPadula (1973) responded to problems with
the US Air Force mainframe security. The goal is to identify
Allowable communication when maintaining secrecy.
Information cannot flow downwards:
o The simple security policy (ss-property): no process can read
data at a higher level, i.e. no read up (NRU)
o The *-property: no process can write data to a lower level,
i.e. no write down (NWD)
i.e sensitive data can only be written to the same or a higher
level.
BLP Secure Flow of Information.
The Chinese Wall
Brewer and Nash (1989) defined the Chinese Wall to reflect
protection requirements for commercial information.
Objects: files, low level information pertaining to one company
Groups: All objects pertaining to one company is grouped
together
Conflict Classes: all groups of objects for competing companies
are clustered together
A person can access any information as long as they have not
accessed information from a different company is the same
conflict class.
Chinese Wall Security Policy for chocolate companies, airlines and banks.
Chinese Walls for Banks and Chocolate Makers
Attacks
•
•
•
•
•
•
•
What?
Fraud
Monetary Theft
Denial of Service
Brand Theft
Publicity
Surveillance
Destructive Attacks
Reputation destruction
Identity Theft
Intellectual Property Theft
Terrorism
•
•
•
•
•
•
•
Who?
Hackers
Organised Crime
Malcontents
Press
Intelligence Services
Info Warriors
System Crackers
Career Criminals
Industrial spies
Police
Terrorists
Attack Trees (Schneier)
The goal is the root and the lower nodes the possible routes/ subgoals . Each node
can have an associated risk assessment. Logical or/and may be applied.
Costs
Firewalls
A firewall is a special monitor which mediates access to a
network and hides the structure of the internal network.
Firewalls may be:
o Packet filters // looks at packet headers
o Stateful inspection filters // maintains state information
o Application proxies //simulates application and performs
access control
o Personal firewalls //blocks traffic
Types of Attacks: DoS, DDoS, Flash Crowds (not really an
attack but can still bring down a network)
Firewall Problems
o No protection against attacks based on bugs.
o No protection against internal attackers.
o No protection inside once an internal machine is compromised.
o Accidental routes around the firewall – dialup servers, cross
links.
o Can be too restrictive and interfere with wanted traffic.
o Encryption prevents the firewall blocking malicious traffic.
o A lot of services are done through HTTP so the firewall just
sees Web traffic.
Information Warfare
Information warfare isn’t a new post WW2 issue:
5000 years ago Chinese emperors guarded secrets of silk production,
3500 years ago Mesopotamians guarded secrets of pottery glazing,
2000 years ago Julius Caesar wrote messages in code.
However, it is true to say the post Internet world has increased
problems of secrecy, privacy, trust and integrity. The current online
population is 1,574,313,184 as of December 31 2008, 23.7% of the
Planet. (http://www.internetworldstats.com/stats.htm)
Advances in computers have also led to advances in sensors and
ubiquitous computing (Pervasive Computing, Gloss Project).
Information technologies will increasingly be worn (biosensors), and
therefore used to monitor, predict, perhaps manage people.
Offensive Information Warfare
o Computers and telecomm systems support energy
distribution, emergency services, financial services. The
critical infrastructure of many western countries are now
solely dependent on technology.
o 95% of military communications are routed over civilian
networks.
o The number of potential targets and critical points for
failure is increasing. Operations or attacks can be launched
by governments, military or civilians. Conventional warfare is
expensive (cost of weaponry, vehicles, manpower, lives) but
computational power is a lot cheaper. Automated scripts for
eavesdropping, password cracking etc are available online.
The Enemy Within
We trust computers We store a lot of personal information on it –
We use an internet provider to attach to the WWW –
Our machine gets viruses
Hackers may hack into our systems (our own PC or the
businesses we log into)
We lose information, identity, money…..
The computer itself is not our enemy but the amount of trust
we put into it is. It has no loyalty like a dog or best friend.
We presume privacy and integrity but a computer is only as
secure as we can make it.
The Future: Big Brother?
• Your computer may be watching you!
• The government certainly is, via cameras, banking records,
automatic licence plate scanners, RFID chips etc.
Can a computer ever be as secure as we want it to be?
Can we stop it from watching us?
The latest thing in Computer Science is Cloud Computing.
Yesterday, an article in the Register (www.theregister.co.uk)
indicated a flaw in a search service that could attack many
users.
A Scottish Aphorism
As my granny used to say:
Ye cannae keep what ye cannae hud in yer hands
Bibliography
o
o
o
o
o
Simon Singh “The Code Book”
www.securitywatch.co.uk
Pfleeger and Pfleeger “Security in Computing”
News.bbc.co.uk
http://www.internetworldstats.com/stats.htm