Title: ???? Security
1????Security
??? ???? ??CS912 07-3121101 ? 2648-25
itchen_at_kmu.edu.tw
2????
- ??????
- ????
- ????
- ????
- ??????
- ???
3??????
- ????????????????
- ???????????????????????,????????????,?????????????
????????????? - ???????????????(???????)?Hub?????????????????????
????
4????
- ??????????????????????,?????(????,??????)?????????
???????????? - ????????(virus)???(worm)???(Trojan)???(backdoor)
?????(logic bomb) - ??????????????????
- ????
- ????
- IM (MSN, QQ, Skype)
- Word, Excel, Powerpoint, jpg
5??????
- ???????
- ?????????????(MBR?Registry?)????
- ??????????????????
- ????????????????(MACRO)???????
- ??script???????????????
- ??(worm)??????,????????????????2001.7????,
2007.9 Nimda?????? CodeRed - ??(Trojan)??????(??)
- ??(backdoor)
- ????????, ?? Unwanted program ????
6?????
- ??????????????,???????????????????????? ???
- ??,???????????????????????????,????????????????,??
???????? ?????,?????????????????????????????,?????
????????,????????? (????) ?????????????????????? - ?????????????????,????????????? (?????)
????????????????????,?????????????????????????????
,????????????,???????? ??????
7?????
- ????????,?????????(??),???????????????,
????????????????????,?????????????????
????????????????,?????????????????????????????????
?????????????,???????? ???????,?????????????????,?
????????...? - ????,??????????????????????????
??????????????????????????????????????????????????
???????,???????????,?? ???????,?????????
(??????????????)?
8???????
- ????????????????????,?????????,???????
- ?????????,????????????????,??????????????????,????
???????,??????????????????????????????????,???????
???????,???????????, ????????????? - ??????????????????????(????)????
9??????????????
- ????????(?????10 ? 6)
- 100?KMU?????? 17.39
- 100?KMU????7.16
01 ???????????????????(24.8/11.87)02 ?????(13.85/3.83)03 2012 ???? -- ????,?????(26.39/14.12)04 ??????????!(8.05/1.19)05 ?S??????(20.05/10.29)06 ???????????????(9.76/3.03)07 100????????(7.92/0.92)08 ??????????(42.08/19.13)09 ??????(13.19/5.54)10 ?????????(7.78/1.72)
10????
??, ???????,??????????,?????????? ????? ??? ??? ?????? ?????? KMU ???????
?????, ????????????, ????????
http//cissnet.edu.tw/knowledge_05.aspx
11????
??????
12????????
???????????
?????????
13????????
????????
Mail
??
Mail
??
Mail
??
????
????????
??Email address? ????,??????????????
????????
14????????
- ????????????
- ????(????????????????)?????????
- ?????????????(????????,????????)
- ??????????????,??????????
- ????????????????(??????,??????????)??????
15?????????
- ????????(????????,????????????????????)
- ????(?outlook express???????)
- ????????
- ??????
- ???????
- ????USB????????
16????
- ??????
- ???????
- ????????
- ???????????
- C?????
17(No Transcript)
18(No Transcript)
19?????
- ????- ????? ????,????????
- ??????, ??????????????
- ???????
- Autorun.inf
- xxx.exe (????, ???, ??)
- Kavo_Killer.exe ??
- WowUSBProtector ??
- ???????? autorun.inf ????
- ??????
- http//wiki.kmu.edu.tw/index.php/Kavo_??
20(No Transcript)
21Kavo Killer
22Wow USB protector
23?????? XP Professional
- Windows XP Professional
- ?? ? ?? ? ?? gpedit.msc (Windows XP Home Edition
??????)? ?? - ?? "????" ??, ????? ???? ? ?????? ? ??
- ??????? ? ?????? ??????
- ?? "????????" ???, ?? "???"
- ???? "???????" ?????, ?? "????"
- ??,?????????????
24(No Transcript)
25?????? XP Home
- Windows XP Home (??? Windiws 2000)
- ?? ?? ? ?? ? ?? regedit
- ???????? HKEY_CURRENT_USER\SOFTWARE\Microsoft\Wind
ows\CurrentVersion\Policies\Explorer\NoDriveTypeAu
toRun - ???? ????? 255,??? 255 (????????? autorun , ???
95 ??) - ???
26?????? XP Home
27Win 7??????
????/??????/Windows??/??????,???????????????????
28Win 7??????
29???
- ??? Spybot, Spyware Doctor, EFix
30????
31?????
32(No Transcript)
33TCP View
34Process Explorer
35Autoruns
36Gmer????? Rootkit
37Command mode
- Dir /od(order??) /tc(?Create time) /a
(??attribute) - ?????????
- dir c/tc /a /s findstr2012/11/09
- ???????????????
- ??,???????????,??????
38Sigcheck
- sigcheck u a .exe ???????
- sigcheck u a r c\ ??? c
39VirusTotal
40????
- Debug??
- Windbg
- Ollydbg
- Immunity debugger
- Gdb(UNIX)
- IDA pro
- Dumpbin
- ????? Vmware or VirtualBox ??
- ???????
41???? C\WINDOWS
42????C\DocumentsandSettings\user\LocalSettings\Te
mp
43???? C\Documents and Settings\user\Local
Settings\Temporary Internet Files
44????
45???????
- ??????????????,????????????,?????????????,???????
?
46?????????
- ??????,????, ???, ???
- ??BIOS???????????
- ???????????
- ??????????Firefox?????Thunderbird
- ??????????????,?????????(?jpg?png?gif?bmp?zip)
- ?????????(???Windows Update)
- ??????????,?????????
47???? TopTenREVIEWS ??
http//www.toptenreviews.com
48Top Ten REVIEWS
- ???ESET NOD32 Antivirus
- ???Avira AntiVir Premium Avria AntiVir ???
- ???BullGuard Antivirus
- ???G Data Antivirus
- ???Avast! Pro Antivirus Avast! ???
- ???AVG Anti-Virus AVG 2012 ???
- ???F-Secure Anti-Virus
- ???Panda Antivirus Pro
- ???Kaspersky
- ???Bitdefender Antivirus Plus
49???? AV-Comparatives ??
http//www.av-comparatives.org
50AV-Comparatives(Detection rates)
- G Data 99.7
- Avira 99.4
- Kaspersky 99.3
- Sophos 98.9
- Panda,Bitdefender, BullGuard,McAfee,F-Secure
98.6 - Fortinet,eScan 98.5
- Webroot 98.2
- Avast 98.0
- ESET 97.6
- PC Tools 97.2
- GFI 97.0
- AVG 96.4
- Trend Micro 95.6
- AhnLab 94.0
- Microsoft 93.1
51????
52????(?)
- ????????????????????????????
- ????????????????????,???????
- ???????????????????????(OOP?Land attack???????)?
- ???????????????????(?????)???
53????(?)
54????(?)
- ????????????,???????????????????
- ??????????????,?????????????????
- ???????????????????,????????
- ????CERT(????????)?TWCERT(????????????
http//www.cert.org.tw)???,??????? - ??????TCPwarp ????????,????????
55????(?)
- ????????(?)
- ??????(????????),?????????IMAPS?POP3S(??????SSL??)
,Telnet?ftp??????SSH? - ??????????????????
- ???????(????????????????)????????,??????,?????????
????????(_at_?)? - ??????
56????????
- ??????????,?14??????
- 75???????????
- 43????????????
- 20?????????????
57??????(?)
- ???????,?????????????????,???????,??????????????
- ?????????????USB??????????
- ?????????????DAT?????????
- ?????????????(????)???????(????????)??????????????
???????? - ?????,???????,?????????????????????,????????????
58??????(?)
- ???????,????????,????????????,??????????????
- ??????(????1?10?)
- 1-5??????????????
- 6-8????????????????????
- 9-10??????????????????????
- ????????????????,????????????????????
59Outline
- ?????
- ????????
- ?????
- ?????(Substitution, Transposition, DES)
- ??????(Advanced Encryption Standard, AES)
- ??????(RSA)
- MAC
- ????
60????????????
pw????
pw????
Sniffer,WireShark
pw????
eavesdropper
61????????
- Sniffer http//www.netscout.com
- Wireshark http//www.wireshark.org
- http//zh.wikipedia.org/zh-tw/Wireshark
62WireShark
http//www.wireshark.org/download.html
63????
- ?????????
- ????
- 318-1 ???????????????????????????,????????????????
???? - 318-2 ???????????????????????????,?????????
- 339-3 ??????????????,?????????????????
????????,?????????????,????????,??????????
??????????????????????,?? - 352 ???????????????,????????????,???
????????????????? - ?????? ?????
64?? -???????
- 358 ????????????????????????????????
,???????????????,??????????????? ????????? - 359 ?????????????????????????,??????
?????,????????????????????????? - 360 ??????????????????????????,?????
??????,???????????????????????? - 361 ??????????????????????,?????????
65?? -???????
- 362 ??????????????,????????????,????
???????,???????????????????????? ? - 363 ????????????????,??????
66??????
- Eavesdropping
- OS??
- Password???
- Spoofing
- Session Hijacking
- ??????virus?trapdoor
- DOS, DDOS
67???????
pw????
pw????
??
??
_at_
_at_
_at_
Sniffer, WireShark
eavesdropper
68? ? ? ? ?
69??,???????
- ????(Symmetric Key)??
- KeKd
- ?????(Asymmetric Key)??
- Ke?Kd
70? ?
- ?????,????????,?????,???????????????,??????????
?,???????,????.?????????,?????????,??????,?????,??
??????,???????,???????,???????????,?????????,?????
???????.???????,????,?????????,?????????,????.????
?,????????,????,????.??,??????????,?????????....??
????...
71???
- Substitution
- Transposition
72Substitution Ciphers(?????)
- ????????????
- ??apple???????bqqmf?
- I love you ??j mpwf zpv
- ????????, ????????
- ???? Key ??
73Transposition Ciphers
- ???????????????,???????????????????????????????
???????????????,,???,????????????????????????????
?,??,??????????????
74?????
- Caesar Cipher
- Momoalphabetic Cipher
- Hill Cipher
- Playfair Cipher
- Vegenere Cipher (Polyalphabetic cipher)
- Permutation Cipher
- One-Time Pad
75DES(Data Encryption Standard)
- Plaintext M(64 bits)
- Ciphertext C(64 bits)
- Key K(56 bits or 64 bits)
- Round Function F(X, Y)
- X(32 bits) and Y(48 bits)
- Rounds 16
75
76DES(Cont.)
- IP initial permutation IP(M) (L, R)
- FP final permutation IP.FP FP.IP
- (Ln, Rn) (Rn-1, Ln-1 ? F(Rn-1, K))
- F(X, Y) Perm(S_box( Ext(X) ? Y))
- C FP(R, L)
77DES(Fig.)
77
78DES(One round)
78
79Triple DES
79
80AES(Advanced Encryption Standard)
- Joan Daemen, Vincent Rijmen in Belgium
- 128/192/256 bit keys, 128 bit data
- ?? 4 ??? , 10/12/14 round
- AddRoundKey
- SubBytes
- ShiftRows
- MixColumns
http//zh.wikipedia.org/zh-tw/??????
81AES - AddRoundKey
82AES - SubBytes
83AES - ShiftRows
84AES - MixColumns
85RSA????(?????)
- ?????????
- ??????????p, q?(????2512)
- ??? n p q ? ?(n)(p-1)(q-1)
- ?????? ?(n) ????? e?
- (?? gcd (e, ?(n))1)
- ??????????? d such that
- d ??e d 1 mod ?(n)?
- ?(e, n)? Public key,d? Private key?
85
86RSA (??)
- (Cd mod n)
- ((Me mod n)d mod n)
- Med mod n
- M(k (p-1) (q-1)) 1 mod n
- M1 mod nM
- (??e d 1 (mod ((p-1) (q-1)))?)
- Fermats Theorem ??(n) mod n 1
87RSA (??1)
- ????? p101, q53, n101535353
- ??4657
- ?A?????(eA,NA)(7,5353)
- ???????????????dA743,
- Where eA, dA1 mod (10052)
- ????? 4657743 mod 5353 1003
- ????????(eA,NA )??????
- 10037mod 53534657
8811?F(n) ????
11 8
13-2 3-(8-6) 3-86 (11-8)-82(11-8)
3(11-8)-8 3(11)-4(8) ?Public key 11?F(n)
???? ??(11)????3,????key
8 6
3 2
2
1
88
89RSA ??2,B?A
- ????? p3, q5
- n3515
- F(n) (3-1)(5-1)8
- ?? m13
- ????11?As Public key (eA,NA)(11,15)
- ??????????? Private key dA3,
90RSA ??2,B?A(Cont.)
- eAdA1131 mod F(n)
- B?As Public key??????1311 mod 15 7
- A ????Private key ????????
- 73mod 1513
90
91RSA (??3, ??)
- Example(???, p3, q5, n15, e11, d3)
- A???(m13)?A? Private key ??
- 133 mod 157
- B?As Public key ??????
- 711 mod 15 13
- ??????????
92RSA??????
- RSA??exponential algorithm
- RSA?????DES??????
- ???RSA????DES?1000?
- ???RSA?????DES?100?
- ?RSA??????
- digital signature
- protocol??key exchange?
93???? One-way Function
- ????????????? f ?One-way Function
- 1. ??????F??x, ??????f(x)y.
- 2. ????????f ??????y, ?????? ???x ??yf(x)
- Example
- y f(x) xnan-1 xn-1a1xa0 mod p
? f ?
X
Y
94Message Authentication Codes (MAC)
- MAC is an authentication tag (also called a
checksum) derived by appying an authentic-ation
scheme, together with a secret key, to a message. - There are four types of MACs
- (1) unconditionally secure
- (2) hash function-based
- (3) stream cipher-based or
- (4) block cipher-based.
95MAC -2
- Hash function H(m1, m2, , mt)m
- ???Hash function MD5, SHA-1, ...
- MAC is key-dependent one-way hash function
- MAC are computed and verified with the same key
- A B ???? key K
- A send H(K, M) to B
- B can reproduce As result
96???????????
- ?????
- DES, IDEA, AES(MARS, RC6, Rijndael, Serpent, and
Twofish), ... - ??????
- RSA, ElGamal, Elliptic Curve Cryptography
97??(1/6)
Session Key
Session Key
I am Yiter
Asdvh
I am Yiter
DES
DES
98??(2/6)
?????
??? Public key
???Private Key
I am Yiter
I am Yiter
_at_SDFGSASDF
RSA
RSA
99??(3/6)
???Private Key
??? Public key
Session Key
Session Key
(
RSA
RSA
Session Key
Session Key
I am ???
Dthfgbshgzxcv
I am ???
DES
DES
Bdve_at_dgrse
100??(4/6)????
- Example(???, p3, q5, n15, e11, d3)
- ?????(m13)?A???Private key ??????? 133 mod 157
- A ???????(m13, c7)????B
- B ??A? Public key (eA,NA)???????
- m711 mod 15 13
- ?mm ?????
101??(5/6) ??????
? ?
????
Hashing
? ?
? ?
??
????
??
Hashing
????
????
????
????
Secret Key
Public Key
102??(6/6)
???Private Key
??? Public key
Session Key
Session Key
(
RSA
RSA
Session Key
Session Key
Dthfgbshgzxcv
Rijndael
Rijndael
102
103SSL Architecture
104SSL Firefox Example
Https//...
105Firefox - Facebook
Http//...
???
106IE- Facebook
Http//...
107IE-Yahoo
Https//...
108Summery
- ??????
- ????
- ????
- ????
- ??????
- ???