650 likes | 939 Views
Computer Security: Friend, Foe or Failure? Dr. Ishbel Duncan School of Computer Science March 13 th 2009. Some recent figures. The American FBI Internet Crime Complaint Center received 207,000 complaints in 2007 relating to $240M of e-crimes.
E N D
Computer Security: Friend, Foe or Failure?Dr. Ishbel DuncanSchool of Computer ScienceMarch 13th 2009
Some recent figures • The American FBI Internet Crime Complaint Center received 207,000 complaints in 2007 relating to $240M of e-crimes. • Japanese cybercrime is at record levels tripling between 2004 and 2008. Threats and illegal access increased by 90% and 20% between 2007 and 2008 but fraud has decreased slightly. • 33% increase in card fraud forecast for 2009 • 40% of UK children don’t know the people they are chatting to online. Half admitted to downloading music illegally using P2P software and 20% said their systems were infected by viruses after downloading. Half share their home systems with other members of the family.
UK bank cards UK consumers lost £302M to card fraud in the first half of • In 2007 it was £535M. Spending on credit cards was £124Bn in 2007 and £126Bn in • Debit card spending rose from £224Bn to £245Bn. Debit cards accounted for 75% of all transactions and the number of debit cards in circulation overtook credit cards in 2008. There are 75M debit cards in circulation and 71M credit cards. Online banking fraud rose 185% in the first half of 2008 mainly because of phishing attacks. 1 in 8 UK online firms lose more than 5% of income to fraud.
Military Hacker Gary McKinnon of London allegedly hacked into NASA, the Pentagon and 12 other military networks between February 2001 and March 2002. In one attack on an army computer at Fort Myer, Virginia he obtained administrator privileges which allowed him to delete 1300 user accounts and copy files containing usernames and encrypted passwords. He managed to shut down the Internet on 2000 military computers for three days. The US Government said it spent $1M cleaning up their systems. McKinnon was indicted in November 2002 but is contesting extradition and the hearing is in July 2009 in London. His bail agreement prevents him from using any computer equipment.
Online Theft Online theft is currently estimated to cost $1Trillion a year. and rising….. But… card fraud identikits have fallen in price from $15 to $2. More than half the world’s GDP is estimated to flow through the internet every day through the SWIFT network. At the World Economics Forum in Davos in January, it was stated that “the internet was vulnerable but as it was now part of society’s central nervous system, attacks could threaten the whole economy.” A virtual group had redirected the details of 25M credit cards to the Ukraine.
Infections The safest country for computer virus infections is Australia. Only 1 in 574 emails contain a virus there compared to 1 in 213 here in the UK 1 in 415 for the USA 1 in 451 for Japan. India is the most virus ridden with 1 in 197. Spam emails this year spiked on Valentine’s Day, with 9% of all email. Phishing this year has taken advantage of the economic crisis with 1 in 190 emails a phish attack in February (up from 396). France is the most spammed country with 75% of all emails being spam. The UK get spam in 67% of all email.
Cyber Warfare Cybercrime is one thing, cyber warfare is another. Estonia came under a denial of service attack from Russia in 2007 and 2008 which disabled banking and utilities. Cyber Warfare is now a real threat to all countries but do we want governments to regulate the internet to prevent misuse? Legal problems: • where an attack takes place is usually different from the country of the perpetrator. • many satellites or servers may be used to target a victim bringing in more “victims” or “accomplices”
A Short Security History Herodotus chronicles how Demaratus of Greece sent tablets covered in wax to the Spartans to warn of a Persian invasion and, separately, of Histaiaeus who shaved the head of a servant. The Chinese wrote on fine silk and wrapped it in a small ball of wax. Al-Kindi wrote on deciphering cryptographic messages in the 9th Century by noting letter frequencies. Chaucer encrypted plaintext (normal language) with symbols. By the 15th Century, encryption was common among diplomats.
The Spartan Scytale The Spartans used a scytale in the 5th Century BC – a rod of wood with a strip of text wound around it.
The Caesar Cipher Replace letters with another at a distance of N apart
Character Manipulation • The most basic character manipulation is a substitution cipher. Here letters are exchanged in the alphabet. • The most famous substitution cipher is the Caesar cipher where letters were replaced with one further down, or up, the alphabet. • e.g. HAL = IBM with a shift of 1. • Often letters were/ are arranged in groups of 5 to avoid noting word lengths. kujdg nfpoe co
Mary of Scotland The Babington Plot: The code was a substitution cipher plus some symbols representing words such as bearer, my and pray.
Pattern Analysis There are characteristic letter patterns in any language. We know the most common letters in English are ASINTOER. A 8.0% S 6.0% E 13.0% T 9.0% I 6.5% N 7.0% O 8.0% R 6.5% The least frequent is?
Digrams and Trigrams Just as there are common letters so also are there common pairs or triples of letters (digrams and trigrams). Transpositions leave the plaintext letters intact so if the letter frequencies are similar to “normal” frequencies then we infer that transposition has taken place. Some of the most common are: er th en ed an or in gh ent ion and ing ive for tio one
Charles Babbage Babbage broke the Vigenere cipher which uses a keyword to determine a different cipher alphabet.
Vigenère Tableau Example Using the key phrase: I am I exist, that is certain To send the message Machines cannot think i am i exist that is certain m ac h inesc anno tt hink • Row M, column I is u • Row A column A is a • Row M column C is o …………uaopm kmkvt unhbl jmed
The Underground Railroad Escaping Slaves in the American States would allegedly follow signals in quilts laid out to air.
World War 2: The Enigma machine Scherbius’s machine was patented in 1918. It had 3 scramblers to encipher the plaintext plus a plugboard that swapped 6 letters. Rejewski of Poland spent 8 years deciphering Enigma and his work was passed on to Bletchley Park where it was deciphered.
A story: Key Exchange In pre-revolutionary Ruritania, the postal service was not to be trusted. Boxes would be opened and contents removed. Only those that could not be opened were delivered. Stout boxes and padlocks were available but each padlock had a single unique key that could open the lock. How can Prince Rupert send a priceless necklace to his beloved Princess Irena if there is no other way of transporting his gift other than via the postal service? In other words, how can we send a secret message that only the sender and receiver can read.
Rupert sends his gift inside a padlocked box. Irena returns the box with her padlock on the box. Rupert removes his padlock and sends back the box to Irena with only her padlock attached.
History remembers those who publish first One major stumbling block of any cryptographic system is the exchange of keys. Any public way of interchange may be overheard. Whitfield Diffie, Martin Hellman and Ralph Merkle of Stanford are remembered as the fathers of public key cryptography, publishing and patenting their idea in 1976. There system allows two people to agree keys which allow them to communicate an encrypted message without them having the same key. However, James Ellis of GCHQ had the same idea 10 years earlier and Clifford Cocks and Malcolm Williamson discovered the key exchange algorithm by 1975. However, their work was classified and GCHQ did not contest the American patent.
Crypto Basics Encryption and Decryption.
Meet Alice and Bob Alice and Bob wish to converse secretly. Alice has message M which she encrypts with a function E. C = E(M) She sends this to Bob who decrypts the message with function D. D(C) = D( E(M)) = M However, Eve wishes to listen in and can deduce the form of the functions E and D or the message M. Bob and Alice now have to use a more robust mechanism to pass their messages.
Symmetric Encryption Symmetric algorithms use one key, a secret key encryption. A and B share the key and as long as it is private it offers authentication. But A and B have to agree on the key in advance. What happens if C is invited to share a secret with A and B. We may need two more keys for A-C and B-C communication. For an N-user system we would require n(n-1)/2 keys for each pair of users.
Cryptosystem • A cryptosystem is one in which rules are applied to encrypt and decrypt text. These algorithms often use a key, denoted by K, as a mechanism to adapt the plaintext. • The ciphertext is the plain text adapted by the algorithm and using the key value. C = E(K,P) • E is the Encryption Algorithm, or more precisely the set of Algorithms, and K is the Key which selects precisely one algorithm. • (Think of Yale keys – there are many but only one fits your door lock)
Alice and Bob again • Alice and Bob could know each other’s key (or share a key). • Eve would then be able to mount a ciphertext only attack as she knows C but not P. If she had previous knowledge of plaintext she may still be able to deduce the messages, or she may use probabilities and distribution characteristics of the language.
Asymmetric Encryption In public key or asymmetric encryption, each user has two keys: a public and a private key. The public key is published freely because it is only one half of an inverse pair. Using keys for decryption and encryption we have: P = D(KD, E(KE,P)) Now we haveP = D(Kprivate, E(Kpublic,P)) The public key encryption is decrypted via the private key. P = D(Kpublic, E(Kprivate,P)) The private key encryption is decrypted via the public key. Multiple users can send messages privately to each other using public keys.
Diffie-Hellman (1976) Diffie and Hellman published the first paper on public key cryptography. There are three conditions: • It must be computationally easy to encode/ decode with the a key. • It must be computationally infeasible to derive the private key from the public key. • It must be computationally infeasible to determine the private key from a plaintext attack. Mathematically we require to find k such that n = gk mod p Where p is prime and g <> 0,1, or p-1
Asymmetric Encryption Example Alice and Bob have chosen p = 53 g = 17 p is the prime modulus, g is the mantissa. Their private keys are kalice = 5 kbob = 7 Their public keys are kalice = 175 mod 53 = 40 kbob = 177 mod 53 = 6 Bob sends Alice a message by computing a shared key: S Bob, Alice = K Alice kBob mod p = 407 mod 53 = 38 Alice decrypts using her private key: S Alice, Bob = K Bon kAlice mod p = 65 mod 53 = 38
RSA The Rivest-Shamar-Adelman (1978) cryptosystem is a public key system and has been a de facto standard for many years. n =pq, where p and q are prime numbers. The totient Φ(n) is the number of numbers < n with no factors in common with n. Example: p = 7, q = 11, n = 77, Φ(n) = 60. e, the encryption key, is relatively prime to (p-1)(q-1) d, the decryption key, is e-1 mod ((p-1)(q-1)) Encrypt as c = me mod n Decrypt as m = cd mod n
RSA Example Alice chooses public key as 17, private as 53. Bob sends “Hello World” which is encoded as 07 04 11 11 14 26 22 14 17 11 03 Bob’s ciphertext is 0717 mod 77 = 28 0417 mod 77 = 16 etc => 28 16 44 44 42 38 22 42 19 44 75
Nonrepudiation The use of a public key system provides non repudiation of the the source of the message and the message itself as only the private and public key pair can encode and decode the system. The security of RSA depends on the factoring problem and is an obvious means of attack; knowledge of one pair of exponents or use of a common modulus will allow attacks. Messages should be padded with random values when low encryption exponents are used.
General Users: passwords • Consider what is at risk if you password is compromised. • Consider how much you trust the systems that see your passwords. • Which is better – write down a few important passwords or reuse passwords or make them “weak”? • Use a phrase or a song rather than single word. • If the password is 6 characters, 99.95% of variants will be non words – use one of them!
Passwords Feb 2009: 28,000 log in details stolen from a well known website were posted online. It was noted that • 14% of users used sequential passwords such as 123456 or QWERTY • 16% used their first name as a password • 5% used the names of popular celebrities. • 4% used “password” • 3% chose “idontcare”, “whatever”, “yes” and “no” Are these users naïve?
Biometrics • Voice recognizers, handprint detectors, thumbprint analysis, retinal scanners are coming into more use for other than military security or government systems. • Biometrics are biological authenticators based on physical characteristics. These cannot be lost, but may be stolen! • Authentication is not always easy – fingerprints may be damaged by scarring, voice recognition systems must be trained to the user’s voice/ accent. • Current biometric systems are expensive, bulky and slow. Users are still unsure about the privacy issues and some consider the systems intrusive.
Biometric Systems • Fingerprint recognition Voice recognition • Iris Scanners Face Recognition • Keystrokes Signatures • Combination systems use two or more of the above. Most systems are used in supervised areas, e.g. airports. • Systems use sampling and thresholds for pattern matching. This requires training the systems and a lot of statistical data. • Performance: False acceptance rate (fraud rate), False rejection rate (insult rate) are major issues.
Today’s problems Computers have come a long way in 25 years from being research instruments to everyday tools for schools, libraries, telephones, transport etc. Most people have over 6 computers in their home: mobiles, tv, video, CD players/ recorders, microwave, cookers, a Wii plus the computer itself. Walking in the street we may have cameras watching us and all our movements recorded and analysed by computer. We assume that computers are safe and reliable. But… they can also be our enemy.
Key Principles • Principle of Easiest Penetration: An intruder must be expected to attempt any available means of penetration and the one that succeeds may not be the obvious one. • Principle of Adequate Protection: Computer Items must be protected until they lose their value and they must be protected to a degree consistent with their value. • Principle of the Weakest Link: Security is as strong as the weakest link. • Principle of Effectiveness: Controls must be used, be appropriate and be applied properly
Security Failures The vast majority of attacks are done by Bots or Botnets. These are automatic, and to some extent autonomous, small programs which trawl the internet. They can be: • Spam • Viruses & Worms • Rootkits • DDOS attacks • Phishing attacks • Bots Another technique is Social engineering We need to secure networks, operating systems, applications and files.
Botnets Large numbers of computers have been brought under Non-owner control (?) to launch attacks, spam, DoS or some fraudulent activity. The BBC (25 Jan 2007): “Of the 600 million computers currently on the internet, between 100 and 150 million were already part of these botnets.” Yahoo suffered one botnet using up 15% of search capacity.
Whose Failure? Security is not just technical, it also requires educating users. If users fail to follow advice then it is not surprising attacks and failures happen. But, can the user be blamed for not following advice when most computer users are non technical and believe they are safe because they buy protection. Users are led to believe that if they pay for cover they are safe. But measures against security are allegedly directly proportional to the perceived threat. Every breach will make us protect even more. All companies have losses, perhaps we should expect failure in our protection systems?
If you build it, they will come…. You can build a secure system but if you can’t enforce a security policy then you can’t be 100% secure. This is not unknown in history: You can build a fortress but attacks will happen if people can climb the walls or break down the small servants back door. We don’t want to live in isolation so we need to communicate, therefore choices must be made between total security and openness. Companies are the same: they want network and file security as long as it doesn’t cost too much in money and effort.
Lost Discs HMRC sent two discs containing the entire Child Benefit database to the National Audit Office unregistered and unencrypted in 2007. The data contained personal details of 25 Million people and was reckoned to be worth up to £1.5B to criminals. The discs were lost 90,000 staff at HMRC have been given extra training and 20,000 MoD laptops have been encrypted. An ex contractor of the DWP had two discs with benefit claimant details. She forgot to return them but was never asked for them (2007).
More Lost Data It was estimated that sensitive data affecting 4M people was lost in 2007/8: • NI numbers of 17,000 people lost on a disc • theft of a laptop with encrypted details of 17,000 Sats markers • The Ministry of Justice lost information on 45,000 people regarding their criminal histories. • The FO lose data on 190 people in 5 separate cases. • The Dept. of Transport lost 3M records of driving test applicants. • The HSBC lost a disc with data on 370,000 customers. • HMRC sent Standard Life a CD through the post containing data on 15,00 Standard Life customers. It didn’t arrive. • Documents from the DWP were dumped on a roundabout in Devon.
Missing Laptops In 2007, a laptop was stolen from the boot of an HMRC car. It was suggested that the computer contained data on 400 customers holding high value ISAs at five different companies. Also in 2007, a laptop was stolen from a Nationwide employee’s home. It contained 11M customer records. Nationwide were Fined £980,000 by the City watchdog. A Royal Navy officer had his laptop stolen from his car. It contained information on 600,000 people. Hard drives were reported missing from the MoD and the National Offender Management Service.
More Government mishaps… The MoD lost an encrypted laptop with 620,000 personal records including bank account and NI numbers as well as 45,000 people named as referees or next-of-kin for service applicants. An external contractor downloaded information onto a memory stick and then lost it. The data concerned 10,000 offenders and the names, dates of birth and release dates of 84,000 prisoners in England and Wales. The MoD confirmed 121 computer memory sticks had been lost or stolen since 2005 and 658 laptops since 2004. Only 5 memory sticks contained secret data!
Security Mechanisms: Access Control List An Access Control Matrix describes the rights of subjects and objects. ACLs work well with data oriented system where permissions are stored with the data or the owner can set up the ACL. ACLs are less suited to systems with large user populations.
Roles Role based access control (RBAC) is an example of access control that applies at the application layer. Here we have functional groups or user roles. A user could be a system administrator, a general user, a tutor etc. Some roles could be qualified such as a tutor on a module. Each role allows the certain privileges or allows them to execute some tasks (procedures).
Rings of Protection Rings of protection offer different levels of privilege for the users or system programs. (Multics, Unix, Intel 80286 onwards) Ring 0 : kernel, access to disk Ring 1 : process manager Ring 3 : all other programs. Current privilege can only be changed by a process in Ring 0. Outer rings have fewer privileges, I/O forbidden, memory mapping disallowed.