980 likes | 1.24k Views
Security. 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from outside the system 9.6 Protection mechanisms 9.7 Trusted systems . Chapter 9. Security Environment.
E N D
Security 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from outside the system 9.6 Protection mechanisms 9.7 Trusted systems Chapter 9
Security Environment • Security refers to the overall security problem. • Protection mechanisms refers to the specific operating system mechanisms used to safeguard information in the computer. • Threats to computer systems: • Data confidentiality is concerned with having secret data remain secret. • Data integrity means that unauthorized users should not be able to modify any data without the owner’s permission. • System availability means that nobody can disturb the system to have it unusable.
The Security EnvironmentThreats • From a security perspective, computer systems have three general goals. Security goals and threats
Intruders Common Categories • Casual prying by nontechnical users • Snooping by insiders • Determined attempt to make money • Commercial or military espionage
Accidental Data Loss • Valuable data can be lost by accident. Common Causes: • Acts of God • fires, floods, wars • Hardware or software errors • CPU malfunction, bad disk, program bugs • Human errors • data entry, wrong tape mounted
Basics of Cryptography • The purpose of cryptography is to take a message or a file, called the plaintext, and encrypt it into the ciphertext in such a way that only authorized people know how to convert it back to the plaintext. • The secrecy depends on parameters to the algorithms called keys.
Basics of Cryptography Relationship between the plaintext and the ciphertext
Secret-Key Cryptography • Substitute Cipher: each letter or group of letter is replaced by another letter or group of letters • Caesar cipher: rotate the letter (a D, b E, c F, z C). • Example: attack DWWDFN • Monoalphabetic substitution • Each letter replaced by different letter Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM • Disadvantage: It does not smooth out frequencies in the cipher text. • Polyalphabatic cipher – use multiple cipher alphabets.
Secret-Key Cryptography • Transposition cipher: reorder the letters, but don't disguise them. • select a key MEGABUCK 7 4 5 1 2 8 3 6 p l e a s e t r a n s f e r o n e h u n d r e d afnsedtoelnhesurndpaeerr Plain text cipher text
Transposition Ciphers • A transposition cipher.
Secret-Key Cryptography • Given the encryption key, • easy to find decryption key • Secret-key cryptography is called symmetric-key cryptography because they used the same key for encryption and decryption. • The data encryption standard (DES): • block cipher adopted by the US Government in Jan. 1977. • encryption based on 56-bit key. • The Advanced Encryption Standard (AES) • In November 2001, Rijndael become US Government Standard.
Public-Key Cryptography • Public-key cryptography has the property: • Distinct keys are used for encryption and decryption. • Given a well-chosen encryption key, it is virtually impossible to discover the corresponding decryption key. • The encryption key can be made public and only the private decryption key kept secret.
Public-Key Cryptography • Public-key cryptography uses an encryption algorithm E and a decryption algorithm D such that deriving D is effectively impossible even with a complete description of E. You can encrypt without knowing how to decrypt. • Requirements: • D (E(P)) = P • It is extremely difficult to deduce the decryption key from the encryption key. • E cannot be broken by a plaintext attack.
Public-Key Cryptography • All users pick a public key/private key pair • publish the public key • private key not published • Public key is the encryption key • private key is the decryption key
Public-Key Cryptosystems: RSA • RSA, named after its inventors Rivest, Shamir, and Adlemean, a public-key cryptographic algorithm. • The security of RSA comes from the fact that no methods are known to efficiently find the prime factors to large numbers. • For example, 2100 can be written as 2100 = 2 x 2 x 3 x 5 x 5 x 7 making 2, 3, 5, and 7 the prime factors in 2100. • In RSA, the private and public keys are constructed from very large prime numbers. It turns out breaking RSA is equivalent to finding those two prime numbers.
Public-Key Cryptography • RSA (Rivest, Shamir, Adleman) Algorithm: • choose 2 large primes, p and q > 10^100. • compute n=pq and z=(p-1)(q-1). • choose a number relatively prime to z (that is, such that d has no common factors with z ) and call it d. • find e such that e x d mod z = 1. • Group P into blocks such that C=Pe (mod n) and P=Cd(mod n) where 0 <= P < n
Public-Key Cryptography • Example: p=13 q=17 n = 13 x 17 = 221 z = (13 – 1) x (17 – 1) = 192. let d=5 (prime to z) e x d = 1 mod 192 = 1, 193, 385, ... 385 is divisible by d e = 385/5 = 77 • Example: p=3 q=11 n = 3 x 11 = 33 z = (3 – 1) x (11 – 1) = 20. let d=7 (prime to z) 7 x e mod 20 = 1 e=3 C = P3 (mod 33), P = C7 (mod 33)
RSA • An example of the RSA algorithm.
Pretty Good Privacy (PGP) • Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. • It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route. • Available both as freeware and in a low-cost commercial version, • PGP is the most widely used privacy-ensuring program by individuals and is also used by many corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail security. • PGP can also be used to encrypt files being stored so that they are unreadable by other users or intruders. .
One-Way Functions • Function such that given formula for f(x) • easy to evaluate y = f(x) • But given y • computationally infeasible to find x • Example: Those functions used in public-key cryptography.
Digital Signatures • Digital signatures make it possible to sign email messages and other digital documents in such a way that they cannot be repudiated by the sender later. • Steps to use digital signatures: • The sender runs the document through a one-way hashing algorithm • The sender applies his private key to the hash to get D(hash). This is called the signature block. • The receiver computes the hash of the document using MD5 or SHA and then applies the sender’s public key to the signature block to get E(D(hash)). Compare these two.
Digital Signatures • Computing a signature block • What the receiver gets (b)
Digital Signatures • The most popular hashing functions used are: • MD5 (Message Digest) • SHA (Secure Hash Algorithm) • The public key is usually published. To avoid altering, message senders can attach a certificate to the message, which contains: • The user’s name • The public key • Digitally singed by a trusted third party
User Authentication • Basic Principles. Authentication must identify: • Something the user knows • Something the user has • Something the user is • In the computer world, hacker is a term of honor reserved for great programmers. • Crackers are those who try to break into computer systems where they do not belong.
Authentication Using Passwords • The most widely used form of authentication is to require the user to type a login name and a password. • Selecting Good Passwords make it difficult for a cracker to guess. • In the following, which is the better practice?
Authentication Using Passwords (a) A successful login (b) Login rejected after name entered (c) Login rejected after name and password typed
How crackers break in? • Locate machines: • War dialers dial telephone exchange (770-xxxx). • Use ping to test if some computer is up and running. • Guess password • Become superuser. • Install a packet sniffer, software that examines all incoming and outgoing network packets. • Real hackers refer to those who are just running scripts they found on the Internet as script kiddies.
Authentication Using Passwords • How a cracker broke into LBL • a U.S. Dept. of Energy research lab
UNIX Password Security • UNIX Password Security: • The login program asks the user to type his name and password. • The login program then reads the password file until it finds the line containing the user’s login name. If the password matches, the login is permitted. • Improvement: Associate an n-bit random number, called the salt, with each password.
Improving Password Security • The password program might complaint: • Passwords should be a minimum of seven characters. • Passwords should contain both upper and lower case letters. • Passwords should contain at least one digit or special character. • Passwords should not be dictionary words, people’s names, etc. • One-time passwords • Challenge-response authentication
Authentication Using Passwords The use of salt to defeat precomputation of encrypted passwords , , , , Password Salt
Authentication Using a Physical Object • Information-bearing plastic cards come in two varieties: • Magnetic stripe cards • Chip cards • Stored value cards • Smart cards • Smart cards: • Advantages: • They do not need an online connection to a bank. • Secure login authentication. • Disadvantages: • Fixed cryptographic protocol could be broken. • Slower operation
Authentication Using a Physical Object • Magnetic cards • magnetic stripe cards • chip cards: stored value cards, smart cards
Authentication Using Biometrics • Biometrics are physical characteristics of the user that are hard to forge. • A biometrics system has two parts: • Enrollment – Biometrics is stored in a database or a smart card. • Identification – the user shows up and provides a login name.
Authentication Using Biometrics • Examples: • Finger length • Fingerprint • Retinal pattern analysis • Signature analysis • Voice recognition • Urinate sample • DNA analysis
Authentication Using Biometrics A device for measuring finger length.
Countermeasures • Limiting times when someone can log in • Automatic callback at number prespecified • Limited number of login tries • A database of all logins • Simple login name/password as a trap • security personnel notified when attacker bites
Operating System SecurityTrojan Horses • Free program made available to unsuspecting user • Actually contains code to do harm • Place altered version of utility program on victim's computer • trick user into running that program
Login Spoofing (a) Correct login screen (b) Phony login screen
Logic Bombs and Trap Doors • A logic bomb is a piece of code written by company programmer: • potential to do harm • OK as long as he/she enters password daily • If programmer is fired, no password and bomb explodes • A trap door is the code inserted into the system by a system programmer to bypass some normal check. • Solution: code reviews
Trap Doors (a) Normal code. (b) Code with a trapdoor inserted
Buffer Overflow • Most systems are written in C. No C compiler does array bounds checking. • Overflow could point to an invalid address or even an executable code. • It is difficult to fix because there are so many existing C programs around that do not check for buffer overflow.
Buffer Overflow • (a) Situation when main program is running • (b) After program A called • (c) Buffer overflow shown in gray
Generic Security Attacks • To test a system’s security is to hire a group of experts, known as tiger teams or penetration teams, to see if they can break in. • When designing a system, it should withstand typical attacks: • Request memory, disk space, tapes and just read • Try illegal system calls • Start a login and hit DEL, RUBOUT, or BREAK • Try modifying complex OS structures • Try to do specified DO NOTs • Convince a system programmer to add a trap door • Beg administrator’s secretary to help a poor user who forgot password
Famous Security Flaws • UNIX • lpr: remove the password file • Force core dump on the password file • Use some root related command such as mkdir • TENEX for DEC-10 computers • Carefully position a password to cause the page fault for each character input • OS/360 • During the password verification, wind the tape to read the unauthorized file
Famous Security Flaws The TENEX – password problem (a) (b) (c)
Design Principles for Security • System design should be public • Default should be no access • Check for current authority • Give each process least privilege possible • Protection mechanism should be • simple • uniform • in lowest layers of system • Scheme should be psychologically acceptable • Keep the design simple
Network Security • External threat • code transmitted to target machine • code executed there, doing damage • Goals of virus writer • quickly spreading virus • difficult to detect • hard to get rid of • Virus is a program can reproduce itself • By attaching its code to another program • additionally, do harm • Worms are programs which can self replicate without attaching to other program.
Virus Damage Scenarios • Blackmail (encrypt your files and ask for money) • Denial of service as long as virus runs main() {while (1) fork();} • Permanently damage hardware (Overwrite BIOS) • Target a competitor's computer • do harm (reduce product quality) • espionage (steal industrial secret) • Intra-corporate dirty tricks • sabotage another corporate officer's files (then get promoted)
How Viruses Work • Virus written in assembly language • Inserted into another program • use tool called a “dropper” to attach the virus to another program. • Virus dormant until program executed • then infects other programs • eventually executes its “payload” • The payload may do nothing until a certain date has passed.