330 likes | 516 Views
Week 12 - Wednesday. CS363. Last time. What did we talk about last time? Making a business case for security Quantifying security. Questions?. Project 3. Security alert: Heartbleed.
E N D
Week 12 - Wednesday CS363
Last time • What did we talk about last time? • Making a business case for security • Quantifying security
Security alert: Heartbleed • Recall that SSL (well, TLS) is the protocol that uses public key cryptography to negotiate symmetric keys for secure web traffic • Typically shown with a small padlock icon • https sites always use SSL while http sites sometimes use it • A vulnerability was found in OpenSSL getting random snapshots of memory from the web servers running it • The bug (called CVE-2014-0160) targets the heartbeat part of SSL, which keeps the session going without traffic
Security alert continued • Researchers working at Codenomicon and Google revealed the bug on April 7 • Lastpass (a password manager) and Tumblr have told their users to change their passwords • Particularly troubling is that the bug can be exploited without leaving any traces • Follow the story here: • http://bits.blogs.nytimes.com/2014/04/08/flaw-found-in-key-method-for-protecting-data-on-the-internet/?_php=true&_type=blogs&hp&_r=0
Widespread impact • Who is affected? • Oh, everyone • Compromised versions of OpenSSL have been available since December 31, 2011, with widespread adoption on March 14, 2012 • OpenSSL is used on Apache and nginx webservers • Combined they account for 2/3 of all websites in the world • SSL is also used for e-mail authentication and lots of other stuff • Bruce Schneier called the bug "catastrophic" and said, "On the scale of 1 to 10, this is an 11." • Essentially everyone should change all passwords for everything
Consequences • Any password on any site that uses OpenSSL has potentially been revealed to the world • The passwords protecting the servers themselves have potentially been exposed • Intelligence agencies could very easily have stolen everyone's passwords and secret information • It's possible that private keys signing SSL certificates have been stolen • Lots of certificates will need to be reissued
Security alert: What can you do? • The authoritative site for information is: • http://heartbleed.com/ • Test sites you're worried about: • http://filippo.io/Heartbleed/ • This site has some good tips: • http://blog.agilebits.com/2014/04/08/imagine-no-ssl-encryption-its-scary-if-you-try/ • Ironically, you might want to wait to change your passwords • If you change them before the servers are patched, you're increasing your exposure • Now's a great time to start using two-factor security
Economic questions • Key questions a business needs to answer to make security decisions are: • How much should be invested in security to protect assets with a given value? • What is the likely impact of a security breach? • What are the costs and benefits of sharing information? • Economics is the science of general decision making, and we can look to that field for models
A dizzying array of models • Some research shows that it doesn't make sense to increase security investment as the vulnerability of an asset increases • Past some point, it's too expensive to protect really vulnerable assets • A security breach can have a devastating impact on stock price • But research shows that the market reaction is small when no confidential information is exposed
Game theory • The subfield of economics that studies strategic decision making is called game theory • Game theory generally assumes rational agents who seek to make a decision that maximizes their utility function (often described in terms of money) • We can try to characterize decisions about cybersecurity in a game theory framework
Game theory example • When the game is simple enough, game theory will look at it as a payoff matrix • A classic example is the Battle of the Sexes game, in which the woman wants to go to the opera, but the man wants to go to the football game • However, both enjoy being together more than going to their preferred events
Prisoner's dilemma • Another example of game theory is the Prisoner's Dilemma • Two criminals are captured by the police • Both can be convicted on a lesser charge • If one rats on the other, they can get them on a bigger charge • Each has the option to rat or stay quiet • From a game theory perspective, it's always better to rat
Game theory in security decisions • Companies are in competition with other companies • Thus, they may make security decisions based on what other companies do • Research indicates that when two companies A and B are competing, a game theory model reveals the following: • If A shares more information about security breaches with B, B shares more and also invests more in security • If A and B have a product that can be substituted for the other's, information sharing and security investment for A and B both increase • Security breach information sharing and security investment increase with firm size and industry size
Other issues • Game theory is only one approach, and it assumes rational agents • Humans are not rational • When payoff is small, people focus on the risk • When the risk is small, people focus on the payoff • Security decisions are made in groups • Research shows that groups tend to have more extreme views than individuals • Dominant personalities (whether innately dominant or because of positions of power) tend to affect outcomes greatly
Organizational culture • Security decisions are also made in the context of an organization culture • Different organizations value different things • An organization's practices are made up of the following: • Symbols • Jargon, gestures, pictures, objects • Heroes • Role models and accomplished practitioners • Rituals • Anything socially important but not essential to the business • These practices stem from the organization's values
Characterizing organization culture • One way to look at an organizational culture is to see where it falls on various spectrums • These spectrums are not intended to be positive or negative • A company can make either extreme or something in the middle useful
The right approach for the right job • When you make security recommendations, make sure that they are a good fit for your employer • Results-driven businesses might prefer penetrate-and-patch to best-practice training • Professional organizations might certify its security professionals, but parochial ones might reward developers with the fewest flaws • Normative organizations might develop a security methodology that is always used, but pragmatic ones might have a project-by-project strategy • If all your suggestions are bad fits for your job, are you at the wrong place?
Economics wrap-up • Economics and privacy • Differential pricing means that you get better prices if you let companies record your data • Loyalty cards at supermarkets, Amazon, Gilt… • What are the tradeoffs? • Economics and integrity • Disclosing software flaws means that more people can attack • But it also encourages companies to fix flaws faster • Economics and regulation • Can the market fix itself through capitalism? • If not, the government has to regulate security • Some research shows that piracy does not hurt the music industry • An externality is a situation where someone feels an economic impact without being involved in the market or negotiations • Example: You leave the lights in your dorm room on all the time because you don't pay the electric bill
Encryption modes • We never discussed these three main encryption modes when we were discussing cryptography • You shouldn't leave the class without knowing about them • In Project 2, many of you created working implementations of AES • These implementations have a significant security flaw if operated as they were in Project 2
Electronic Codebook Mode • A number of different encryption modes were proposed for DES • Most of these modes can be used by any block cipher • Electronic Codebook Mode (ECB) is the simplest (and least secure) • In ECB, each block (64 bits in DES) is independently encrypted with the same key • ECB is only recommended for sending a single block P1 P2 P3 Encrypt Encrypt Encrypt K K K C1 C2 C3
Problems with ECB • ECB is not considered secure for arbitrary length messages • The problem: • Block A encrypted with key K will always look the same • If the attacker can learn the value of block A through other channels, he or she will be able to recognize it when it is sent later • Even if the value of block A is never known, a repeated block means that part of the message repeats a previous message • When the two following modes are used, the encrypted value of block A is dependent on previous blocks
Cipher Block Chaining Mode • Cipher Block Chaining (CBC) is acceptable for general purpose block transmission and authentication • The input to the encryption is the XOR of the next block of plaintext with the previous block of ciphertext P1 P3 P2 Encrypt Encrypt Encrypt K K K C1 C2 C3
Cipher Feedback Mode • Cipher Feedback (CFB) is also acceptable for general purpose block transmission and authentication • The input to the encryption is the previous block of ciphertext, generating a pseudorandom value, which is XOR'd with the current block of plaintext IV Encrypt Encrypt Encrypt K K K P3 P2 P1 C3 C1 C2
Semantic security • A cryptosystem is semantically secure if (with high probability) no additional information about a message can be gained from its ciphertext in polynomial time • It's like perfect secrecy but with computational complexity built-in • Using CBC or CFB increases semantic security since identical message blocks are usually not encrypted the same way
Next time… • Privacy principles and policies • Exam 2 post mortem
Reminders • Read Chapter 10 • Keep working on Project 3 Phase 1 • Talk on the Shadow programming language • Tonight in E281 at 6pm