PPT - CCSS - University of Southern California
Download
Report
Transcript PPT - CCSS - University of Southern California
Dr. Jelena Mirkovic
University of Southern California
Information Sciences Institute
If
you wish to enroll and do not have D
clearance yet, send an email to
[email protected] with:
oYour name
oWhich prerequisites you have completed
oA phone number
oRequest to receive a D clearance
I
will let you know within a day or two
http://ccss.usc.edu/530
oSyllabus
oAssignments
oNews
oLecture notes (also on DEN)
Keep checking it!
http://ccss.usc.edu/530L
o1 of the 4 units
oInstructor is David Morgan
oInstruction 4 – 4:50 Fridays in RTH105
WebCast via DEN
Hands on work in the lab – exercising the
theoretical knowledge from class
Some labs will be done remotely using DETER
testbed
Four
reports, due as noted online
Each discusses a paper of your choice from a
few top security conferences/journals
oSummary of the paper and its critique
oYour ideas on the topic
o2-4 pages, submitted via DEN
oYou can submit reports early if you like
One report from each student will be chosen
for presentation in class
Total 20% of your grade, 4% each
4
quizzes
oDone before each DETER exercise
oRepeated after the exercise
oYou MUST take each quiz
Total 5% of your grade
Class
e-mail: [email protected] (TA and inst)
Instructor
oDr. Jelena Mirkovic
oOffice hours Fri 12:30-1:30pm or by appt
in SAL 234
oContact via email (on class web page)
TA
oMelina Demertzi
oOffice hours Tu and We 10-11 am
oContact via email (on class web page)
Grading:
oPaper reports/presentations: 20%
oLab: 20%
oQuizzes: 5%
oParticipation: 5%
oMidterm Exam: 20%
oFinal Exam: 30%
Grades assigned using an absolute curve:
A
A-
B+
B
B-
C+
C
C-
D+
D
D
93
90
86
83
80
76
73
70
66
63
60
DEN
system will host the class discussion
board
oTo gain access and log in
https://mapp.usc.edu/
oContact [email protected] if you have
difficulty with the system
oI will check the discussion board once daily
but if you want a reliable response from me
email me directly
Class
participation is important
oAsk and answer questions in class
oAsk, answer, participate on-line
Class participation carries 5% of your grade
oIf I don’t remember you from class, I look in the
web discussion forum to check participation
Did you ask good questions
Did you provide good answers
Did you make good points in discussions
oFor DEN students, discussion board is the
primary means of class participation
You can also call into the class if you like
What
is and is not OK
oI encourage you to work with others to learn the
material but everyone must DO their work ALONE
oDo not to turn in the work of others
oDo not give others your work to use as their own
oDo not plagiarize from others (published or not)
oDo not try to deceive the instructors
See
the Web site
oMore guidelines on academic integrity
oLinks to university resources
oDon’t just assume you know what is acceptable.
No
o
o
o
o
o
o
o
o
o
one should be able to:
Break into my house
Attack me
Steal my TV
Use my house to throw water balloons on
people
Damage my furniture
Pretend to be my friend Bob and fool me
Waste my time with irrelevant things
Prevent me from going to my favorite
restaurant
Destroy my road, bridge, city ..
No
o
o
o
o
o
o
o
I
o
o
one should be able to:
Break into my computer
Attack my computer
Steal my information
Use my computer to attack others
Damage my computer or data
Use my resources without my permission
Mess with my physical world
want to talk to Alice
Pretend to be Alice or myself or our computers
Prevent me from communicating with Alice
An
o
isolated computer has a security risk?
Computer security aims to protect a single,
connected, machine
Networking
= communication at all times
and in all scenarios!!!
o
Network security aims to protect the
communication and all its participants
Computer security
Security
Network security
= robustness or fault tolerance?
Breaking
o
into my computer
Hackers
Break a password or sniff it off the network
Exploit a vulnerability
A vulnerability is a bug in the software that creates
unexpected computer behavior when exploited, such
as enabling access without login, running unauthorized
code or crashing the computer.
An exploit is an input to the buggy program that makes
use of the existing vulnerability.
Use social engineering
Impersonate someone I trust
Viruses and worms
o
Attacking
o
my computer
Denial-of-service attacks
A DOS attack aims to disrupt a service by either
exploiting a vulnerability or by sending a lot of
bogus messages to a computer offering a service
o
Viruses and some worms
A virus is a self-replicating program that requires
user action to activate such as clicking on E-mail,
downloading an infected file or inserting an infected
floppy, CD, etc ..
A worm is a self-replicating program that does not
require user action to activate. It propagates itself
over the network, infects any vulnerable machine it
finds and then spreads from it further.
Stealing
o
o
o
my information
From my computer or from communication
I will use cryptography!
There are many ways to break ciphers
There are many ways to divulge partial
information (e.g. who do you talk to)
I would also like to hide who I talk to and when
I will use anonymization techniques
Anonymization hinders other security
approaches that build models of normal
traffic patterns
Using
o
o
o
o
my machine to attack others
E-mail viruses
Worms
Denial-of-service attacks (including reflector
attacks)
Spam, phishing
Damaging
o
o
o
o
my computer or data
I have to prevent break-ins
I will also use cryptography to detect
tampering
I must replicate data to recover from
tampering
Denial-of-service attacks and worms can
sometimes damage computers
Taking
up my resources with irrelevant
messages
o
o
o
o
Denial-of-service attacks
Spam mail (takes time to read and fills space)
Malicious mail (may contain a virus)
Viruses and worms
Messing
o
up with my physical world
Cyber-physical attacks or collateral victims
o
o
o
o
Power systems, traffic control, utilities
Travel agencies
Medical devices
Smart vehicles
Pretending
computers
o
o
o
to be Alice or myself or our
I want to be sure who I am talking to
(authentication and digital signatures)
It is hard to impersonate a computer in twoway communication, such as TCP
But it has been done
Plain IP spoofing seems an extremely hard
problem to solve
IP spoofing means putting a fake IP address in the
sender field of IP packets.
Preventing
Alice
o
o
o
me from communicating with
Alice could be attacked
Routers could be overloaded or tampered with
DNS servers could be attacked
Confidentiality
(C)
oKeep data secret from non-participants
Integrity (I)
oAka “authenticity”
oKeep data from being modified
oKeep it functioning properly
Availability (A)
o Keep the system running and reachable
No
one should be able to:
oBreak into my computer – A, C, I
oAttack my computer – A, C, I
oSteal my information - C
oUse my computer to attack others – I?
oDamage my computer or data - I
o
o
I
o
o
Use my resources without my permission – A
Mess with my physical world – I, A
want to talk to Alice
Pretend to be Alice or myself or our computers – C, I
Prevent me from communicating with Alice - A
Policy
oDeciding what confidentiality, integrity and
availability mean
Mechanism
oImplementing the policy
Your
security frequently depends on
others
oTragedy of commons
A good solution must
o Handle the problem to a great extent
o Handle future variations of the problem, too
o Be inexpensive
o Have economic incentive
o Require a few deployment points
o Require non-specific deployment points
Fighting
o
o
o
o
a live enemy
Security is an adversarial field
No problem is likely to be completely solved
New advances lead to improvement of attack
techniques
Researchers must play a double game
Attack
patterns change
Often there is scarce attack data
Testing security systems requires
reproducing or simulating legitimate and
traffic
o
No agreement about realistic traffic patterns
No
agreement about metrics
There is no standardized evaluation
procedure
Some security problems require a lot of
resources to be reproduced realistically
Risk
analysis and risk management
o How important it is to enforce a policy
o Which threats matter
o Legislation may play a role
The role of trust
o Assumptions are necessary
Human factors
o The weakest link
Motivation
o Bragging Rights
o Profit (Spam, Scam, Phishing, Extortion)
o Revenge / to inflict damage
o Terrorism, politics
Risk to the attacker
o Usually small
o Can play a defensive role
Buggy
code
Protocol design failures
Weak crypto
Social engineering/human factor
Insider threats
Poor configuration
Incorrect policy specification
Stolen keys or identities
Misplaced incentives (DoS, spoofing, tragedy
of commons)
Policy
defines what is allowed and how the
system and security mechanisms should act
Policy is enforced by mechanism which
interprets and enforces it, e.g.
o Firewalls
o IDS
o Access control lists
Implemented as
o Software (which must be implemented correctly and
without vulnerabilities)
Encryption
Checksums
Key
management
Authentication
Authorization
Accounting
Firewalls
VPNs
Intrusion Detection
Intrusion Response
Virus scanners
Policy managers
Trusted hw
Most
deployment of security services today
handles the easy stuff, implementing security
at a single point in the network, or at a single
layer in the protocol stack:
o Firewalls, VPN’s
o IPSec
o SSL
o Virus scanners
o Intrusion detection
Unfortunately,
security isn’t that easy. It must
be better integrated with the application.
o At the level at which it must ultimately be specified,
security policies pertain to application level objects,
and identify application level entities (users).
Security
is made even more difficult to
implement since today’s systems lack a
central point of control.
o Home machines unmanaged
o Networks managed by different organizations.
o A single function touches machines managed by
different parties.
Clouds
o Who is in control?
Goal:
Protect private communication in
the public world
Alice and Bob are shouting messages in a
crowded room
Everyone can hear what they are saying
but no one can understand (except them)
We have to scramble the messages so
they look like nonsense or alternatively
like innocent text
Only Alice and Bob know how to get the
real messages out of the scramble
Authentication
o
Bob should be able to verify that Alice has
created the message
Integrity
o
checking
Bob should be able to verify that message has
not been modified
Non-repudiation
o
Alice cannot deny that she indeed sent the
message
Exchanging
a secret with someone you
have never met, shouting in a room full
of people
Proving to someone you know some
secret without giving it away
Sending secret messages to any m out of
n people so only those m can retrieve
messages and the rest n-m cannot
Sending a secret message so that it can
be retrieved only if m out of n people
agree to retrieve it
Alice
could give a message covertly
“Meeting at the old place”
o Doesn’t work for arbitrary messages and
o Doesn’t work if Alice and Bob don’t know
each other
Alice
could hide her message in some
other text – steganography
Alice could change the message in a
secret way
o Bob has to learn a new algorithm
o Secret algorithms can be broken by bad guys
Good cryptography assumes knowledge of algorithm
by anyone, secret lies in a key!!!
Substitute
each letter with a letter which
is 3 letters later in the alphabet
o HELLO becomes KHOOR
Instead of using number 3 we could use
n [1,25]. n would be our key
How can we break this cipher? Can you
decipher this:
Bpqa kzgxbwozixpg ammua zmit miag.
Em eivb uwzm!
We
can also choose a mapping for each
letter:
(H is A, E is M, L is K, O is Y). This
mapping would be our key. This is
monoalphabetic cipher.
o HELLO becomes AMKKY
How can we break this cipher?
Symmetric
key crypto: one key
o We will call this secret key or shared key
o Both Alice and Bob know the same key
Asymmetric key crypto: two keys
o Alice has public key and private key
o Everyone knows Alice’s public key but only
Alice knows her private key
o One can encrypt with public key and decrypt
with private key or vice versa
Hash
functions: no key
o Output depends on input in non-linear
fashion