680 likes | 702 Views
This course covers the fundamental concepts of security, including encryption, major functions of a security system, and understanding common exploits. Students will learn how to design secure systems and analyze security risks.
E N D
Comp 655 - Security • Commercial for Comp 676 • Security basics • Encryption • Major functions of a security system Distributed Systems - Comp 655
Commercial: Comp 676 • Explain the basic concepts • Develop a beginning threat model for analyzing security risks. • Basic principles of cryptography and how cryptography is used • Understand common exploits • Understand the basic principles for designing secure systems. • Look at every program or piece of code encountered after completing this course with a certain level of suspicion and paranoia. ;-) Distributed Systems - Comp 655
More about 676 Prerequisites • COMP 655 - Operating and Distributed Systems is strongly recommended. • Familiarity with C or C++ is essential (Perl or Java would be helpful) • Students should be comfortable reading small code fragments in many languages • Being slightly paranoid is helpful! Distributed Systems - Comp 655
Ethics and 676 In order to protect both Franklin University and the instructor from potential third party lawsuits, students will be required to sign an agreement that they will not use the knowledge gained within this class to practice unlawful or unethical behavior. This statement must signed and turned into the instructor before the second class, otherwise students will not be admitted into the second and subsequent classes. Distributed Systems - Comp 655
Comp 655 - Security • Commercial for Comp 676 • Security basics • Encryption • Major functions of a security system Distributed Systems - Comp 655
Types of security • Confidentiality • Information disclosed only to authorized parties • Integrity • Information can be created, changed, or deleted only in authorized ways Distributed Systems - Comp 655
Types of threats • Interception (confidentiality) • Interruption (integrity) • Modification (integrity) • Fabrication (integrity) Distributed Systems - Comp 655
Major functions of a security system • Authentication • Authorization • Administration • Journaling • Intrusion detection Distributed Systems - Comp 655
Security basics General advice when dealing with security: • Always stay in touch with the basic question: what is the problem you are trying to solve? • Compare the cost of security to the cost of loss These should be covered in a security policy Distributed Systems - Comp 655
Security policy basics • A security policy defines the security requirements for a system • A security policy identifies • Types of entities in the system For example, “instructor”, “student”, “gradebook application” • Types of actions supported by the system For example, “view grades”, “assign grades” • Which types of entities are allowed to perform which types of actions Distributed Systems - Comp 655
More about security policy Examples of security policy statements: • An instructor is allowed to assign and view grades for all students in sections taught by the instructor • An instructor is not allowed to assign or view grades for any section that he or she did not teach • A student is allowed to view all of his or her grades • A student is not allowed to assign grades Distributed Systems - Comp 655
Yet more security policy • Policy deals with roles, not individuals. For example, some Franklin students are also instructors • Policy must be specific to a system • “users may perform only authorized actions” is NOT useful policy • “instructors and administrators may assign grades” is much more useful • Writing a good policy is usually hard • Can any administrator assign a grade? • Or only department chairs and deans with responsibility for the course? • Can the college president assign a grade? Distributed Systems - Comp 655
Activity: DiNo Security policy • Imagine that DiNo needs to support confidential notebooks • Discuss the security aspects of DiNo • What types of entities and operations are important? • What should the security priorities be? • List at least five policies about who’s allowed to do what • NOTE: “all users must be authenticated” does NOT belong in a security policy – it’s about implementation, not requirements Distributed Systems - Comp 655
Terms • Vulnerability • Attack • Exploit • Cracker • White/gray/black hat • Script kiddie Distributed Systems - Comp 655
Kevin Mitnick’s work today • The simple fact is this: People are, and always have been, the most vulnerable aspect of any organization's security infrastructure … http://www.mitnicksecurity.com/ Interview on 60 Minutes Distributed Systems - Comp 655
Security – human aspects • “Human engineering” is the most effective way to gain unauthorized access to systems • Helpfulness can be abused • Garbage can be sifted • Etc • Basically, it’s a never-ending dialog between builders and crackers If you remember nothing else from tonight … Distributed Systems - Comp 655
Tools for the security provider • Encryption • Explicit, well-considered policy • QA for code • Security education for developers (for example, see http://www.sans.org/top25errors) • Security education for others with access to sensitive information • Firewalls • Audits • Monitoring Distributed Systems - Comp 655
More security tools • Research • Former crackers with changed motives • Good system administration, including keeping up with patches • Virus checkers (pattern, heuristic) Distributed Systems - Comp 655
Resources • CERT: www.cert.org/ • CSRC (NIST): csrc.nist.gov/ • Steve Gibson: grc.com/default.htm • Counterpane: www.counterpane.com/crypto-gram.html • And 400,000,000 others … Distributed Systems - Comp 655
Activity – implementing your policy • For each of the five statements in your security policy exercise, identify one or more techniques that could be used to enforce it. Distributed Systems - Comp 655
Comp 655 - Security • Commercial for Comp 676 • Security basics • Encryption • Major functions of a security system Distributed Systems - Comp 655
Encryption - general Distributed Systems - Comp 655
More terminology • Symmetric cryptosystem • aka secret-key, shared-key • Asymmetric cryptosystem • aka public-key • Computational infeasibility • Hash function • Block cipher • Stream cipher Distributed Systems - Comp 655
Important encryption algorithms • DES • AES • RSA • MD5 • SHA-1 Distributed Systems - Comp 655
DES Distributed Systems - Comp 655
DES key generation Distributed Systems - Comp 655
Attacks on DES • Analytical • DES has held up pretty well • Brute force • Hardware is now fast enough to allow practical guess-and-check attacks on 56-bit DES • Triple DES “appears to be safe for the moment” Distributed Systems - Comp 655
AES • NIST selection process, 1997-2000, whose goal was a symmetric block cipher to replace DES for protection of sensitive unclassified information. AES is • unclassified • publicly disclosed encryption • available royalty-free, worldwide • supports block sizes of at least 128 bits • supports key sizes of 128, 192, and 256 bits. Distributed Systems - Comp 655
AES Selection criteria • Security was the most important factor, including • resistance to cryptanalysis • soundness of mathematical basis • randomness of the algorithm output • relative security as compared to other candidates. • Cost was a second important area • licensing requirements • speed on various platforms • memory requirements Distributed Systems - Comp 655
AES Selection Criteria continued • Algorithm characteristics • Adaptability to larger key sizes • Adaptability to other applications, including stream cipher, hash • Adaptability to various implementation environments including software, firmware, hardware • Overall simplicity Distributed Systems - Comp 655
AES continued • Winner was Rijndael (“Rhine-doll”) • NIST evaluation tested C and Java implementations of the candidates • Implementations have also appeared in Lisp, Pascal, JavaScript, C++, hardware, etc • See the NIST crypto toolkit web site: http://csrc.nist.gov/CryptoToolkit/ Distributed Systems - Comp 655
RSA • Widely used for public-key cryptosystems • Relies on computational infeasibility of factoring a product of large primes • A key set includes • d (decryption key) • e (encryption key) • n (product of large primes) Distributed Systems - Comp 655
RSA continued • Publish n and one key, keep the other key private • Which key gets published depends on the problem you’re trying to solve • Publish encryption key for data protection • Publish decryption key for authentication • Expensive! (2-3 orders of magnitude slower than DES) Distributed Systems - Comp 655
Cryptographic hash functions • With encryption, they guard against modification • (kind of like a checksum or check digit) • A hash computes a fixed-length summary (or digest) of a string (message) that is hard to reproduce • Given a message m, it’s computationally infeasible to find another message m’ such that H(m’) = H(m). • And it’s even harder to find such an m’ that says what you want … Distributed Systems - Comp 655
Using a cryptographic hash:digital signature Distributed Systems - Comp 655
MD5 ‘<<<‘ is a “circular shift”: 10110001 <<< 3 = 10001101 Distributed Systems - Comp 655
SHA-1 (from Adam Back’s web site) • SHA1 (Secure Hash Algorithm 1) is a cryptographic message digest algorithm. • It is considered to be more secure than MD5 • it has longer hash size • Hans Dobbertin discovered a partial weakness in the MD5 collision function. • There was a SHA0 but it had some security problems which were fixed in SHA1. http://www.cypherspace.org/adam/rsa/sha.html Distributed Systems - Comp 655
Comp 655 - Security • Commercial for Comp 676 • Security basics • Encryption • Major functions of a security system Distributed Systems - Comp 655
Major functions of a security system • Authentication • Authorization • Administration • Journaling • Intrusion detection Distributed Systems - Comp 655
Authentication is … Checking that you are who you say you are Distributed Systems - Comp 655
Implementation – authentication in Kerberos Kerberos • is a network authentication protocol • provides strong authentication for client/server applications by using secret-key cryptography • implementations are available commercially and free from MIT • assumes black-hats are sniffing and spoofing everywhere Distributed Systems - Comp 655
Session key TG Ticket Secret key Service ticket How Kerberos authentication works Distributed Systems - Comp 655
Setting up a secure channel with Kerberos How does Bob know KB,TGS? It’s the session key he got at his login Distributed Systems - Comp 655
Activity - authentication • When you talk to someone on the phone, how do you know who it is? • List at least three ways • For each way, how can it be spoofed? • If you suspect you’re being spoofed, how can you verify the other person’s identity? • Same two questions for instant messaging Distributed Systems - Comp 655
Major functions of a security system • Authentication • Authorization • Administration • Journaling • Intrusion detection Distributed Systems - Comp 655
Authorization is … Granting access to resources so that the ability to create, read, update, or delete things is available only to those who are authorized. Distributed Systems - Comp 655
How will it decide? What data will it use? How will it enforce its decision? Authorization - General Distributed Systems - Comp 655
ACLs vs Capabilities Distributed Systems - Comp 655
Java Security • Top-priority problem: protect hosts from damage or eavesdropping by mobile Java code. • For applets, security is built on a co-ordinated authorization system called a “sandbox”. Distributed Systems - Comp 655
Java Sandbox overview Distributed Systems - Comp 655