Basic Security Techniques

1
Basic Security Techniques
2
Basic Security Techniques

• Antivirus software
• Firewalls
• Intrusion detection system
• Identification techniques
• Cryptography

3
Antivirus Software
4
Computer Virus

• A computer virus is a self-replicating program
  containing code that explicitly copies itself and
  can "infect" other programs by modifying them or
  their environment such that a call to an infected
  program implies a call to a (possibly evolved)
  copy of the virus. More on viruseswww.msun.edu/in
  fotech/its/how/glossary/c.htm

5
Computer Worm

• A computer worm is a self-replicating computer
  program. It uses a network to send copies of
  itself to other systems and it may do so without
  any user intervention. Unlike a virus, it does
  not need to attach itself to an existing program.
  Worms always harm the network (if only by
  consuming bandwidth), whereas viruses always
  infect or corrupt files on a targeted computer.

6
Antivirus Software

• Antivirus software consists of computer programs
  that attempt to identify, thwart and eliminate
  computer viruses and other malicious software
  (malware).
• Antivirus software typically uses two different
  techniques to accomplish this
• Examining (scanning) files to look for known
  viruses matching definitions in a virus
  dictionary
• Identifying suspicious behavior from any computer
  program which might indicate infection. Such
  analysis may include data captures, port
  monitoring and other methods.
• Most commercial antivirus software uses both of
  these approaches, with an emphasis on the virus
  dictionary approach.

7
Antivirus software

• DR Solomon's
• http//www.drsolomon.com/home/home.cfm
• Network Associates (McAfee) Online
• http//www.mcafee.com
• Norton's antivirus
• http//www.symantec.com/product/
• Windows antivirus Shareware Utilities
• http//winfiles.cnet.com/apps/98/antivirus.html

8
Spyware

• Any software that covertly gathers user
  information through the user's Internet
  connection without his or her knowledge, usually
  for advertising purposes.
• Spyware applications are typically bundled as a
  hidden component of freeware or shareware
  programs that can be downloaded from the
  Internet.
• Once installed, the spyware monitors user
  activity on the Internet and transmits that
  information in the background to someone else.
  www.tjiss.net/glossary_s.html

9
The threat of spyware

• Spyware is the PC users latest and biggest
  problem a larger source of worry, concern, and
  frustration than anything PC users have faced
  before, and potentially more damaging than the
  worst computer viruses.
• Due to the growing use of PCs for personal tax
  preparation, online banking, investment portfolio
  management, and real-time e-commerce, the threat
  from privacy violation and identity theft cannot
  be ignored.
• Steve Gibson, Spyware was inevitable,
  Communications of the ACM, Volume 48 ,  Issue 8
   (August 2005)

10
What SpyCop can do

• Stop Password Theft Dead- detects spyware that is
  put on your computer to capture your passwords
• Keep Your Emails Private - alerts you if your
  emails are being snooped by spyware.
• Kill Instant Message Chat Spyware - keeps your
  online chats and instant messages safe from
  prying eyes.
• Stop Surfing Monitors - prevents spyware from
  capturing recording what websites you're
  visiting.
• Stop Keystroke Loggers Dead- protects you from
  spyware that can capture record your every
  keystroke.
• Prevent Online Credit Card Theft - helps keep
  your credit card information safe if you shop
  online.

11
(No Transcript)
12
Firewalls
13
Firewalls

• Control access to or from a protected network
• implements a network access policy by forcing
  connections to pass through the firewall, where
  they can be examined and evaluated.
• usually located at a higher-level gateway, such
  as a site's connection to the Internet.
• http//csrc.nist.gov/publications/nistpubs/800-10/
  node30.html

14
Benefits

• Protection from Vulnerable Services
• Controlled Access to Site Systems
• Concentrated Security
• Enhanced Privacy
• Logging and Statistics on Network Use, Misuse
• Policy Enforcement

15
Problems

• Restricted Access to Desirable Services
• Large Potential for Back Doors
• Little Protection from Insider Attacks
• No virus protection
• Bottleneck of throughput
• All eggs in a single basket

16
Intrusion detection systems
17
Steps of Intrusion

• Discovering the key elements of the network
• Scanning for vulnerabilities
• Hacking the system to gain root or administrator
  privileges.
• Disabling auditing and removing traces from log
  files
• Stealing files, modifying data, and stealing
  source code or other valuable information
• Installing back doors and Trojan horses that
  permit undetectable reentry
• Returning at will to inflict more damage

18
Denial of Service (DoS) attack

• Overwhelm a victims site with seemingly
  legitimate communications
• Disrupt service is easier than illegal access
• Bandwidth consumption attacks
• Resource consumption attacks

19
intrusion detection system (IDS)

• The goal of intrusion detection is to monitor
  network assets to detect anomalous behavior and
  misuse.
• Network Intrusion Detection (NID)
• Host-based Intrusion Detection (HID)
• Hybrid Intrusion Detection
• Network-Node Intrusion Detection (NNID)
• http//www.securityfocus.com/infocus/1514

20
Network Intrusion Detection (NID)

• Act as "packet-sniffers," network intrusion
  detection devices intercept packets traveling
  along TCP/IP.
• Compare the packet to a signature database
  consisting of known attacks and malicious packet
  "fingerprints
• Look for anomalous packet activity that might
  indicate malicious behavior

21
Host-based Intrusion Detection (HID)

• Designed to monitor, detect, and respond to user
  and system activity and attacks on a given host.
• Offer audit policy management and centralization
• Supply data forensics, statistical analysis and
  evidentiary support
• Best suited to combat internal threats

22
Network-Node Intrusion Detection (NNID)

• With NNID, the "packet-sniffer" is positioned in
  such a way that it captures packets after they
  reach their final target, the destination host.
  The packet is then analyzed just as if it were
  traveling along the network through a
  conventional "packet-sniffer.

23
IDS Players

• Cisco
• Internet Security Systems (ISS)
• Symantec
• Enterasys

24
Identification Techniques
25
Access Security
26
Identification Techniques

• The ability to identify people or organization
  creates accountability and helps to promote trust
• Identification is not enough. It should work
  with legal system to create a stable business
  environment

27
Computerized Identification Techniques

• Password-based systems something that you know
• Physical tokens something that you have
• Biometrics something that you are
• Location someplace you are
• Reference third party authentication

28
Password problem

• Has to be stored in file
• May be intercepted
• May forget
• May easy to guess
• May tell other people
• May put on the wall for easy access
• Use the same password for many accounts

29
How to select a good password

• Create a good, strong password using various
  mnemonics.
• 99 bottles of bear on the wall
• Password 99b0B0tW
• Tomorrow Never Dies James Bond
• Password TwNrDs007

30
Major threats to password

• External disclosure
• Guessing
• Communication eavesdropping
• Replay
• Host compromise

31
Authentication Protocols

• Transformed password
• Challenge-response
• Time stamp
• One-time password
• Digital signature
• Zero knowledge techniquespossession of
  information can be verified without any part of
  information being revealed

32
Physical Tokens

• Access card, storage token, synchronous one-time
  password generator, challenge-response, digital
  signature token
• Human-interface token, smart card, PCMCIA card
• RFID Radio Frequency Identification

33
Radio frequency identification RFID

• Radio frequency identification enables data to
  be captured wirelessly--via radio waves--and
  stored on electronic chips or tags.
• More powerful than barcode
• Read within 100 feet without seeing
• Cost 30 cents
• Hold 100 characters
• Paper thin stamp size

34
Problem with Physical Tokens

• The token does not prove who you are
• Token may be copied or forged
• Token may be used with password

35
Biometrics

• An image of persons face
• Fingerprints
• Footprints and walking style
• Hand shape and size
• Pattern of blood vessels in the retina
• DNA patterns
• Voice prints
• Handwriting techniques
• Typing characteristics

36
Fingerprints
MAIN SHAPES
MINUTIAE
EACH PERSON HAS A UNIQUE ARRANGEMENT OF MINUTIAE
SOURCE C3i
37
Fingerprint Capture
ST-Micro TOUCHCHIP (Capacitative)
Thompson-CSF FingerChip (Thermal-sensed
swipe) DEMO1, DEMO2
American Biometric Company BioMouse (Optical)
Biometric Partners Touchless Sensor
38
Iris Scan

• Human iris patterns encode 3.4 bits per sq. mm
• Can be stored in 512 bytes
• Patterns do not change after 1 year of life
• Patterns of identical twins are uncorrelated
• Chance of duplication lt 1 in 1078
• Identification speed 2 sec. per 100,000 people

PERSONAL IRIS IMAGER
Companies British Telecom, Iriscan, Sensar
SOURCE IRISCAN
39
Signature Dynamics

• Examines formation of signature, not final
  appearance
• DSV (Dynamic signature verification)
• Parameters
• Total time
• Sign changes in x-y velocities and
  accelerations
• Pen-up time
• Total path length
• Sampling 100 times/second

Companies CyberSIgn, Quintet, PenOp, SoftPro
SignPlus,
40
Error in Biometric Systems
VERY BAD
BAD
SOURCE IDEX
41
Problems with biometrics

• A persons biometric print must be on file
  before that person can be identified
• Require expensive, special purpose equipment
• Unprotected biometrics equipment is vulnerable to
  sabotage and fraud
• Possibility of false match

42
Cryptography
43
Cryptography

• Cryptography is the study and practice of
  scrambling information in a manner that is
  difficult to unscramble, and making scrambled
  information intelligible. It is used as the basis
  of much computer security, in that it can be used
  to keep information confidential, and also
  preserve the integrity of data, particularly when
  being stored or being transmitted.www.primode.com
  /glossary.html

44
Cryptography

• Symmetric cryptosystems
• Public-key cryptosystems
• Integrity check-values (message digest)
• Digital Certificate
• Digital Signature

45
Symmetric Cryptography
46
Symmetric Cryptography

• The same key is used for encryption and
  decryption
• Operates as block cipher (fixed size) or stream
  cipher (arbitrary size, byte by byte)
• Fast encryption and decryption
• Require secure key distribution

47
Role of the Key in Cryptography

• The key is a parameter to an encryption procedure
• Procedure stays the same, but produces different
  results based on a given key

NOTE THIS METHOD IS NOT USED IN ANY REAL
CRYPTOGRAPHY SYSTEM. IT IS AN EXAMPLE INTENDED
ONLY TO ILLUSTRATE THE USE OF KEYS.
48
Information Loss with Exclusive-OR

• x ? y 1 if either x or y is 1 but not both
• If x ? y 1 we cant tell which one is a 1
• Cant trace backwards to determine values

y
x
49
Encryption and Decryption with Exclusive-OR

• Message 11010101101111101
• Key 10001011101001110
• Encryption 01011110000110011
• Key 10001011101001110
• Decryption 11010101101111101

50
Symmetric key algorithms

• DES (Data Encryption Standard)64-bit block
  cipher with 56-bit key
• Triple-DES used by financial industry
• AES (Advanced Encryption Standard)
• SKIPJACK use Clipper chip,Gov.
• IDEA (international Data Encryption Algorithm)
  Ascom-Tech, Switzerland used by PGP
• RC2,RC4,RC5 by RSA

51
Data Encryption Standard (DES)

• Symmetric, key-based encryption-decryption
  standard. No public keys
• Block cipher operates on 64-bit blocks
• Uses 56-bit key
• 16 rounds -- key for each round is a 48-bit
  function of the original 56-bit key. Each key
  bit participates in an average of 14 rounds
• Completely symmetric. Same algorithm decrypts.
• Fast implementation in hardware 1 gigabit/second
• http//www.aci.net/Kalliste/des.htm

52
(No Transcript)
53
(No Transcript)
54
Cryptographic strength

• The secrecy of the key
• The difficulty of guessing the key
• The difficulty of inverting the encryption
  algorithm without knowing the key
• The existence of back doors
• The ability to decrypt entire message if know
  portion of it.
• Cryptographic strength can almost never be
  proven it can only be disproved
• Most encryption algorithms have fundamental flaws
  that make them unsuitable for serious use

55
Attacks on Symmetric Encryption

• Key search (brute force attacks)
• Cryptanalysis
• System-based attacks

56
Key Search Attack

• There is no way to defend against key search
  attack
• Brute force key search attacks are not efficient
• 40 bit key 3.5 hours, 128 bit key 1013 years
  with the use of 1 billion computers
• May be simpler because most user pick keys based
  on small passwords with printable characters

57
Cracking Symmetric Encryption
ESTIMATED TIME TO CRACK KNOWN SYMMETRIC
ENCRYPTION ALGORITHMS
(40-bit symmetric key 384-bit PKE key)
58
Cryptanalysis

• Most encryption algorithm can be defeated by the
  combination of math and computer power

59
System-based Attacks

• Attack the system not the algorithm
• Monitor the random number generator used by
  Netscape Navigator for SSL.

60
Integrity check value
61
Message Authentication Code
62
Public Key Cryptosystems

• A pair of related keysPrivate key (kept secret)
  Public key (publicly known)They are related but
  it is not feasible to determine the private key
  by knowing the public key
• Two ways of useEncryption mode make sure a
  right person receives messageAuthentication
  mode make sure message is from a right person
• Solving key distribution problem

63
Public-Key (Asymmetric) Encryption
2. SENDERS USE SITES PUBLIC KEY FOR
ENCRYPTION
3. SITE USES ITS PRIVATE KEY FOR DECRYPTION
4. ONLY WEBSITE CAN DECRYPT THE
CIPHERTEXT. NO ONE ELSE KNOWS HOW
1. USERS WANT TO SEND PLAINTEXT TO
RECIPIENT WEBSITE
SOURCE STEIN, WEB SECURITY
64
(No Transcript)
65
(No Transcript)
66
RSA

• RSA is a public-key cryptosystem for both
  encryption and authentication
• Invented in 1977 by Ron Rivest, Adi Shamir, and
  Leonard Adleman (RSA)
• RSA is the most widely used public-key
  cryptosystem today and has often been called a de
  facto standard.

67
Math ground

• It is easy to multiply two numbers but apparently
  hard to factor a number into a product of two
  others.
• Given p, q, it is easy to compute n p q
• Example p 5453089 q 3918067
• Easy to find n 21365568058963
• Given n, hard to find two numbers p, q with
• p q n
• Now suppose n 7859112349338149 What are p
  and q such that p q n ?
• Multiplication is a one-way function
• RSA exploits this fact in public-key encryption

68
Multiplicative InversesOver Finite Fields

• The inverse e-1 of a number e satisfies e-1 e
  1
• The inverse of 5 is 1/5
• If we only allow numbers from 0 to n-1 (mod n),
  then for special values of n, each e has a unique
  inverse

69
The key pair of RSA

• Take two large primes, p and q, and find their
  product n pq.
• Choose a number, e, less than n and relatively
  prime to (p-1)(q-1), and find its inverse, d, mod
  (p-1)(q-1), which means that ed mod (p-1)(q-1)
  1
• e and d are called the public and private
  exponents, respectively.
• The public key is the pair (n,e) the private key
  is (n,d). The factors p and q must be kept
  secret, or destroyed.
• p29, q37, n1073, (p-1)(q-1)1008
• e 25, d121, (25X121)mod(1008) 1

70
The Encryption and Decryption with RSA

• Message M
• Encryption with public key (n, e)M Me mod n
• Decryption with private key (n, d)
• Md mod n (Me)d mod n M mod n
• It is difficult to find integer x so that
• Ax mod (B) C
• http//www.princeton.edu/matalive/VirtualClassroo
  m/v0.1/html/lab1/lab1_8.html

71
(No Transcript)
72
Digital Signatures

• A digital signature must support non-repudiation

73
(No Transcript)
74
(No Transcript)
75
Hash Functions

• One way hash function f
• hash x to y f(x)
• Infeasible to calculate x f-1(y)
• Infeasible to construct x so that f(x) y
  f(x)
• U.S. Governments Secure Hash Algorithm (SHA-1)
  the best so far
• RSA MD5 has some known weakness

76
Key management

• All cryptographic techniques depend upon keys
• The key management is complex and crucial for
  providing security

77
Key Life Cycle Management

• Key generation and registration
• Key distribution
• Key backup/recovery and/or escrow
• Key replacement or update
• Key revocation
• Key termination (destruction and/or archival)

78
Transferring DES key via RSA
79
Security Protocols - SSL

• Secure Sockets Layer (SSL) uses public key
  encryption and digital certificates for
  information exchange between Web browsers and
  certified Web servers
• The URL for the SSL-secured Web pages begins with
  https// instead of http//
• A randomly generated symmetric Session key (40
  bit or 128 bit) for message encryption

80
Secure Sockets Layer (SSL)
if it has one
SOURCE WEB SECURITY
81
(No Transcript)
82
Diffie Heliman Key Agreement
83
Virtual Private Networks

• Important for B2B application
• A VPN uses the public Internet to carry
  information but remains private by using a
  combination of encryption, authentication and
  access control
• Protocol tunneling data packets are first
  encrypted and then encapsulated into IP packets
  for transmission. They are decrypted at the
  destination by a special host or router. It also
  supports multiprotocol networking.

84
Virtual Private Networks

• Protocol standards
• Point-to-point tunneling (PTP) protocol
• Layer 2 tunneling protocol (L2TP)
• VPN Services (http//www.vpnc.org/)
• ATT (http//www.att.com/emea/vpn/)
• Cable Wireless (http//www.cwusa.net/internet_ip
  vpn.htm)
• MCI WorldCom (http//www.worldcom.com/)
• PSINet (http//www.psinet.com/security/datasheets/
  managedservicessecurity.html)