Security - PowerPoint PPT Presentation

1 / 96

About This Presentation

Title:

Security

Description:

Information we keep on computers (product design, financial ... Fabrication. Adding data or activity normally not exist. Security policy. Examples: Threat ... – PowerPoint PPT presentation

Number of Views:69

Avg rating:3.0/5.0

Slides: 97

Provided by: baobao3

Category:

more less

Transcript and Presenter's Notes

Title: Security

1
Chapter 9

Security

2
Topics

Introduction
Threats, mechanisms, cryptography
Security channel
Authentication, integrity, confidentiality
Access control
Firewall, secure mobile code
Security management
Examples
Kerberos, E-commerce

3
What Do We Need to Protect?

Data
Information we keep on computers (product design,
financial records, personnel data)
Resources
Unauthorized use of computer time space
Reputation
Misrepresentation, forgery, negative publicity

4
Fundamental Security Objectives

Confidentiality - Protection from unauthorized
persons
Integrity - consistency of data no unauthorized
creation, alteration or destruction
Availability - ensuring access to legitimate
users
Access control - ensuring appropriate use by
authorized users

5
Security Threats

Interception
Unauthorized access to a service or data
Eavesdropping
Interruption
Unavailable of service or data
Denial of service attack
Modification
Unauthorized changing of data
Fabrication
Adding data or activity normally not exist.
Security policy

6
Examples Threat
Eavesdropping
Denial of service
7
Example Security Policy

Chinese Wall Model widely used in financial
world
Group datasets into conflict of interest
classes
Subjects are allowed to access to at most one
dataset belonging to each such conflict of
interest class
Subject s can access company cs data only if
a) s has already accessed cs data or
b) s has not yet accessed any of cs competitors
data
s can write to cs data only if s can not read
any other companys sensitive data
Mandatory security policy for UK Stock Exchange.

8
Security Mechanisms

Encryption
Transform data to achieve confidentiality and
integrity
Authentication
Verify the identify of user
Authorization
Check the permission
Auditing
Trace the accesses, used for analysis

9
Cryptography

Intruders and eavesdroppers in communication.

10
Classifications

Symmetric cryptography shared Key
PDK(EK(P))
DES
Asymmetric cryptography a pair of keys
PDKD(EKE(P))
RAS
Hash function one way function, not reversible
hH(m)
MD5

11
Notations
12
DES
64-bit data block

The principle of DES
Outline of one encryption round

13
Key Generation
14
Attacking DES

Cryptanalysis
Relies on nature of the encryption algorithm and
additional knowledge of the general types of
plain texts (frequencies of letters etc.)
Some samples of plain- and cipher texts
Brute-force
Test every possible key on some cipher text until
readable result be done in advance if key is not
changed

15
Brute-force Key Search
Dont get impressed easily DES can now be
cracked in hours!
16
Triple DES
17
Public-Key Cryptosystems
Encryption
Decryption
Plaintext P
C
P
Ciphertext
DK-(.)
E K (.)
Public key K
Private key K-
Encryption
Decryption
P
Plaintext P
Ciphertext
C
DK(.)
E K- (.)
Private key K-
Public key K
18
Idea

Questions
314159265358979 314159265358979?
3912571506419387090594828508241 ??
Idea Use easy algorithm for encryption. Use
difficult algorithm for decryption
A user picks a public key/private key pair
publish the public key
private key not published

19
RSA Rivest, Shamir and Adleman

Foundation no known method that can efficiently
find the prime factors of large numbers.
In RSA, private and public keys are constructed
from very large prime numbers (consisting of
hundreds of decimal digits)
Four steps to construct the keys
Choose two very large prime numbers, p and q
Compute n p x q and z (p 1) x (q 1)
Choose a number d that is relatively prime to z
Compute the number e such that e x d 1 mod z

20
How It Works?

How it works?
Encryption C Pe mod n
Decryption P Cd mod n
K (e, n), K- (d, n)
The intruder needs to factor n into p and q to
crack the code.
Higher cost of computation.
Problems
1) Is the number of primes infinite? Yes!
2) Are they scarce? Yes! 4 of the first 25
billion numbers. And the percentage drops as the
numbers get bigger.
Implication it is tricky to propose a new prime
number. E.g., is 687,532,127 a prime?

21
Example (1)

To find a key pair e, d
1. Choose two large prime numbers, P and Q (each
greater than 10100), and form
n P x Q
Z (P1) x (Q1)
2. For d choose any number that is relatively
prime with Z (that is, such that d has no common
factors with Z).
We illustrate the computations involved using
small integer values for P and Q
P 13, Q 17 gt n 221, Z 192
d 5
3. To find e solve the equation
e x d 1 mod Z
That is, e x d is the smallest element divisible
by d in the series Z1, 2Z1, 3Z1, ... .
e x d 1 mod 192 1, 193, 385, ...
385 is divisible by d
e 385/5 77

22
Example (2)

To encrypt text using the RSA method, the
plaintext is divided into equal blocks of length
k bits where 2k lt n (that is, such that the
numerical value of a block is always less than n
in practical applications, k is usually in the
range 512 to 1024).
k 7, since 27 128
The function for encrypting a single block of
plaintext M is
E'(e, n, M) Me mod n
for a message M, the ciphertext is M77 mod 221
The function for decrypting a block of encrypted
text c to produce the original plaintext block
is
D'(d, n, c) cd mod n
Rivest, Shamir and Adelman proved that E' and D'
are mutual inverses (that is, E'(D'(x))
D'(E'(x)) x) for all values of P in the range 0
P n.

23
Secret Message
24
Signature
Remark Goal of a signature is to guarantee, that
the receiver is sure that the received message is
from the sender. However, anyone with Gerds
public key of Gerd can also read.
25
Message Digest

Cryptographic checksum
Just as a regular checksum protects the receiver
from accidental changes to the message , a
cryptographic checksum protects the receiver from
malicious changes.
One-way function
Given a cryptographic checksum for a msg, it is
virtually impossible to figure out what msg
produced that checksum it is not computationally
feasible to find two msg that hash to the same
cryptographic checksum.
Relevance
If you are given a checksum for a message you
are able to compute exactly the same checksum for
that message, then it is highly likely this
message produced the checksum you were given.

26
Hash Function MD5

For each round, four functions are applied. And
each function has 16 iterations.

27
MD5 Iterations
28
Requirements
m MD5(m)
Received msg
Compare
MD5(m)
Weak collision resistance given m and h,
difficult to find m such that hH(m) Strong
collision resistance given h, difficult to find
m and m such that H(m)H(m).
29
Tamper Proof
Using K and K-
m K- MD5(m)
Received msg
K K- MD5(m)
Compare
MD5(m)
30
Secure Channels

Main model of DS client-server
Servers may be distributed and replicated
How to secure a DS?
Establish secure communication between
client/server
Authentication of communicating partners
Ensuring message integrity and confidentiality
Establish authorization
How to be sure on the server side, that a client
is allowed to get the requested service?
Access control
Two principles
Set-up phase precedes message exchange
Session keys to ensure message integrity

31
Setup Phase

Suppose Alice and Bob want to communicate with
each other, Alice at machine M1 and Bob at
machine M2
1. Alice is setting up a communication channel,
a) Either by sending a message directly to Bob or
b) by sending a corresponding message to a
trusted third party, helping to set up this
channel
2. Once the channel has been set up, both sides
know for sure, that they can exchange messages

32
Authentication on Shared Key
33
Optimization?
34
Reflection Attack
Consequence use different challenges for
initiator and responder
35
Scalability of Session Keys

Suppose we have N hosts each sharing a secret key
with each of the other N-1 hosts
DS has (N-1)N/2 secret session keys and each
host has manage (N-1) session keys
For large N session keys will be a problem
Instead you can install a trusted key
distribution center KDC on one of the nodes of
the DS

36
Authentication Key Distribution Center
37
Improvement
Ticket

Using a ticket and letting Alice set up a
connection to Bob.

38
Needham-Schroeder Authentication Protocol

In early distributed systems (1974-84) it was
difficult to protect the servers
E.g. against masquerading attacks on a file
server because there was no mechanism for
authenticating the origins of requests
public-key cryptography was not yet available or
practical
computers too slow for trap-door calculations
RSA algorithm not available until 1978
Needham and Schroeder therefore developed an
authentication and key-distribution protocol for
use in a local network
An early example of the care required to design a
safe security protocol
Introduced several design ideas including the use
of nonces.

39
Illustration
nonce
Nonce a random number used only once. The
purpose is to uniquely relate two messages to
each other.
Q1 Why include B in message 2?
Q2 How about if a chuck knows an old key KA,B?
40
Enhancement

Protection against malicious reuse of a
previously generated session key in the
Needham-Schroeder protocol.

41
Authentication Using Public-Key Cryptography

Mutual authentication in a public-key
cryptosystem.

Q how to exchange public keys?
42

Message Integrity Confidentiality

43
Digital Signature

Goals
To authenticate stored document files as well as
messages
To protect against forgery
To prevent the signer from repudiating a signed
document (denying their responsibility)
Encryption of a document in a secret key
constitutes a signature
impossible for others to perform without
knowledge of the key
strong authentication of document
strong protection against forgery
weak against repudiation (signer could claim key
was compromised)

44
Illustration

Digital signing a message using public-key
cryptography.

45
Digital Signature (2)

Digitally signing a message using a message
digest.

46
Certificate Authority (CA)

Verify the owner of a public key
Maintain the (owner, public_key) by a certificate
authority
CA are organized in a hierarchy.
For each merchant, it issues a certificate.
The names of CA are widely known, e.g. Verisign.
Chain of trust
Certified by a higher-level CA the central
authority IPRA

47
CA Hierarchy
IPRA Internet Policy Registration
Authority (root)
PCA policy certification authority
CA certification authority
48
Certificate Authorities in X.509
49
X.509 Certificate Format
50
SSL Handshake
(PK_alg, encr_alg, MD)
Optional
K-C R
51
SSL Record Protocol
Message digest
52
Confidential Group Communication

Goal secure channels between each pair of nodes
Share one key?
Share a key between each pair of nodes?
Each node has its own private key but all the
nodes share a public key.

Access Control

54
General Issues in Access Control

General model of controlling access to objects.

55
Access Control

Access control Matrix
Access Control List
Capabilities.

56
Protection Domains

The hierarchical organization of protection
domains as groups of users.

57
Firewalls
Common implementations of a firewall, e.g. a
packet-filtering router or an application gateway
58
Firewall Solutions

Definition - hardware /or software components
that restrict access between a restricted network
the Internet or between networks
Logically - a separator, restricter, analyzer
Rarely a single object
Restricts people to entering at a controlled
point
Prevents attackers from getting close to other
defenses (host controls)
Restricts people to leaving at a controlled point

59
Firewall Capabilities

Focus security decisions - single point to
leverage control
Enforce security policy -minimize exceptions
Log Internet activity - analysis
Limit exposure - separate sensitive areas of one
network from another or outside world

60
Firewall Limitations

Cant protect against
malicious insiders
connections that dont go through it
new threats
viruses
scans for source destination addresses port
numbers, not details of data

61
Types of Firewalls

Simple traffic logging systems
audit log file of files accessed (HTTPD)
site usage/demand hours/links/browsers used
IP Packet Screening Routers (packet filtering
gateway)
not only looks at can it route, but should it
selectively routes or blocks packets based on
rules
based on protocols, destination (port 80), known
source IP addresses

62
Types of Firewalls (cont.)

Hardened Firewall Host (hardware)
Halts unauthorized users
Concentrates security, hides internal system
names, centralizes simplifies net management
Proxy Server (software)
Deals with external server requests on behalf of
internal clients
May limit certain HTTP methods (CGI or Java
applets)

63
Filtering Router
Check the source and destination address. Make
decisions based on security policies.
64
Filtering Router and Bastion Host

Firewall Architectures
Dual-homed host (two network interfaces)
One communicates externally, one internally
No direct communication internal to external hosts

65
Advantages

All accesses can be logged
Reduce the number of Internet connections by
making it a caching proxy
Does not reveal the names and addresses of actual
clients inside
But slow down page downloading by an order of
magnitude.

66
Other Variations

Multiple Bastion Hosts
Performance, redundancy, need to separate data
servers
Usenet, SMNP/DNS, FTP/WWW
Merge Interior Exterior Routers
Sufficient capability to specify inbound
outbound filters
Usually on the perimeter network
Merge Bastion Host Exterior Router
Use Multiple Exterior Routers
Multiple connections to Internet or Internet
other sites
Multiple Perimeter Nets
Redundancy, privacy

67
Futures

Third-generation Firewalls
combined features of packet filtering proxy
systems
Client server apps with native support for
proxied environments
Dynamic packet filtering
Packet rules modified on the fly in response to
triggers
Underlying Internet protocol undergoing revisions
- IPv6

68
Not Recommended

Merging Bastion Host Interior Router
Breach of host leaves access to internal net
Using Multiple Interior Routers
Routing software could decide fastest way to
another internal system is via the perimeter net
Difficult to keep multiple interior routers
configured correctly
Most important complex set of packet filters
May need to use multiples to resolve performance
bottlenecks or separate internal networks

69
Private Network
70
Virtual Private Network
Internet
Intranet B
Intranet A
Tunneling
Router RA
Router RB
200 Data
RB
Station 200
Station 100
encrypted
71
Tunneling
72

Virus

73
Virus
74
Memory-Resident Virus
Runs whenever certain interrupts occur.
75
Encrypted virus
To conceal signature.
76
Worms Illustration
Low address
Program
UNIX Address Space
Statically allocated data
Stack
High address
77
Procedure Call
E.g., finger aabbcc
aa bb cc

Buffer area allocated by called fingerd (512
bytes)
Return address
PC?
ret
para2
para1
Stack
High address
78
Buffer Overflow
E.g., finger aabbzz
aa bb cc
0100

Malicious program (binary)
Return address
PC?
0100
para2
para1
Stack
79

Security Management

80
Key Establishment

The principle of Diffie-Hellman key exchange.

81
Key Distribution (1)

Secret-key distribution

82
Key Distribution (2)

Public-key distribution Certificate

83
Secure Group Management

Securely admitting a new group member P.

Authorization Management

85
Capabilities

A capability in Amoeba.

86
Capabilities Generation

Generation of a restricted capability from an
owner capability.

87
Delegation

Transfer the access rights on files, resources,
etc.
Suppose Alice wants to delegate rights to Bob
If Alice knows everyone, broadcast the
certificate
Otherwise, construct a certificate saying The
bearer of this certificate has rights R.
Problems?
Using proxy, a token that allows its owner to
operate with the rights granted in the token.