260 likes | 398 Views
Security I. Quiz 24 due at 5 PM Thursday, 23 October 2014. Introduction to Security. Exploited by a hacker, a single design flaw in your software (or that which you administer) can quickly render it and your career failures.
E N D
Security I Quiz 24 due at 5 PM Thursday, 23 October 2014
Introduction to Security • Exploited by a hacker, a single design flaw in your software (or that which you administer) can quickly render it and your career failures. • Instead of building a countermeasure against every known threat, sound security policies must be created and strictly enforced in all commun-ications and user authorizations. • Enforcement mechanisms (i.e., security manage-ment) include group disciplines, cryptography, certificates and handling keys.
Security Threats, Policies and Mechanisms • Dependable computer systems are available, reliable, safe and maintainable. • Trusted software also has confidentiality and integrity. • Security threats: Security mechanisms: • Interception 1. Encryption • Interruption 2. Authentication • Modification 3. Authorization • Fabrication 4. Auditing
R U O K ? • What is the distributed system designer’s first line of defense against hackers? • Encryption. • Sound security policy. • Security mechanisms. • All of the above. • None of the above.
R U O K ? Match the following terms with their definitions below. 2. Dependable __ 3. Confidentiality __ 4. Integrity __ 5. Interception __ 6. Interruption __ 7. Modification __ 8. Fabrication __ 9. Encryption __ 10. Authentication __ 11. Authorization __ 12. Auditing __ a. Assets altered only in authorized ways. b. Services or data become unavailable. c. Unauthorized party gains access to a service or data. d. Available, reliable, safe and maintainable. e. Unauthorized tampering with a service. f. Information is disclosed only to authorized parties. h. Verifying the identity of a user, client, server or other entity. k. Reviewing recorded history, which may prevent an attack or its recurrence. m. Creating data or an activity that should not exist. n. Transforming data into something that an attacker cannot change without detection. p. Verifying that an entity is entitled to do what it attempts to do.
Globus’ Security Architecture Exemplary security policies in Globus’ worldwide distributed computing grid: • The environment consists of multiple administrative domains. • Local operations are subject to a local domain security policy only. • Global operations require the initiator to be known in each domain where the operation is carried out. • Operations between entities in different domains require mutual authentication. • Global authentication assures local authentication. • Controlling access to resources is subject to local security only. • Users can delegate rights to processes. • A group of processes in the same domain can share credentials.
Designing for Focus of Control • Protect data integrity; e.g., verify format and value of every database entry. • Restrict access to data and resources; e.g., control users and operations uses of every object and method. • Restrict users’ access to each application, according to role; e.g., only bank officers authorize specific database changes.
Designing Layered Security Mechanisms • At the datalink level, a Switched Multi-megabit Data Service (SMDS) provides (technical) security by encrypting Internet-bound packets. • A user, who does not trust SMDS’ administrators, may set up a Secure Sockets Layer (SSL) service at the transport layer, which engenders (emotional) trust by encrypting those same packets under her watchful supervision. • At the middleware level, she may trust a “secure” RPC service, whose security actually depends upon SSL.
Design for Distribution of Security Mechanisms • A Trusted Computing Base (TCB) is the totality of security mechanisms in a distributed computer system that are needed to enforce its security policies. (Smaller TCBs are better.) • If a middleware-based distributed system cannot trust its operating system, it must replace security-essential parts. • A distributed file system may move to a small-TCB isolated server that can be trusted; i.e., the access controlled Reduced Interfaces for Secure Systems (RISSC) approach shown above.
R U O K ? Match the following security policies with those mechanisms in Globus’ architecture that implement them. 13. The environment consists of multiple administrative domains. __ 14. Local operations are subject to a local domain security policy only. __ 15. Global operations require the initiator to be known in each domain where the operation is carried out. __ 16. Operations between entities in different domains require mutual authentication. __ 17. Global authentication assures local authentication. __ 18. Controlling access to resources is subject to local security only. __ 19. Users can delegate rights to processes. __ 20. A group of processes in the same domain can share credentials. __ a. User creates a user proxy. b. User allocates a remote resource. c. Process allocates a remote resource. d. Global-to-local ID mapping makes user known in remote domain.
R U O K ? 21. Which of the following minimize security threats? a. Protections against invalid operations. b. Protections against unauthorized invocations. c. Protections against unauthorized users. d. All of the above. e. None of the above.
R U O K ? 22. Compare “security” with the notion of “trust.” • Security is technically verifiable. • Trust is an emotion-based confidence in a computer system’s security service. • Users who don’t trust a distributed computer system’s security can compromise system performance by taking matters into their own hands. • All of the above. • None of the above.
R U O K ? 23. Which of the following accurately characterize distributed systems’ Trusted Computing Base (TCB)? a. The TCB is the totality of security mechanisms in a distributed computer system that are needed to enforce its security policies. b. Smaller TCBs are better. c. Moving a distributed file system to an isolated server can make it trustworthy. d. All of the above. e. None of the above.
Designing for Simplicity • Well designed systems have fewer, simpler security mechanisms, which are more easily understood and trusted. • But trusting the integrity of a confidential message also requires understanding user-level authentication, including cryptographic keys and certificates. • Inherently complicated applications include multiple party digital payment protocols, whose simply implemented security can engender end users’ trust and discourage hackers.
Cryptography • An encryption key, EK, makes plaintext, P, into cyphertext, C, and a decryption key, DK, changes it back. (Cyphertext is unintelligible to intruders, and if they change it, the result is unintelligible after decryption.) • Symmetric crypto uses just one shared, secret key to encrypt and decrypt. Asymmetric crypto uses a unique pair of keys, one public, K+, and the other private, K-. • A hash function changes a message of any length into fixed-length bit-string; e.g., a file’s cyclic redundancy check (CRC). The message cannot be inferred from the bit-string; i.e., it is a one-way function.
DES, A Symmetric Cyptosystem • Given a 56-bit key, the symmetric Data Encryption Standard (DES) generates 16 more 48-bit keys (right-hand figure above) and applies them in 16 rounds (above left) of encryption or decryption (above center). • Analytical methods can’t break it, but a brute force search for keys can. Applying it three times (encrypt-decrypt-encrypt) makes it safer. • It is being replaced by 128-bit Rijndael encryption. Key sizes double every few years, in the never-ending quest for cryptosystem safety.
R U O K ? 24. How can distributed system designers calm end users’ security concerns? • Hide the necessarily complex details of user-level authentication services from users. • Hide the necessarily complex security service details from hackers. • Make the security design as clear as possible. • All of the above. • None of the above.
R U O K ? Match the following terms with their definitions below. 25. Encrypt __ 26. Decrypt __ 27. Plaintext __ 28. Cphertext __ 29. Intruder __ 30. Symmetric cryptosystem __ 31. Asymmetric cryptosystem __ 32. Public key system __ 33. Hash functions __ 34. One-way function __ 35. Weak collision resistance __ 36. Strong collision resistance __ • An unencrypted message. • To change an encrypted message back into its original form. • An encrypted message. • To change a message into an unintelligible form, which if changed can never become intelligible. f. Any unauthorized person who tries to read or alter a message or insert a false message. g. A cryptosystem that uses a unique pair of different keys. h. A cryptosystem that uses only one shared secret key for both encryption and decryption. k. An asymmetric cryptosystem in which one key is public and the other private. m. A function whose input cannot be inferred from its output. n. A one-way function that converts a message of any length into a fixed-length bit-string. p. Given any one-way function input, another input cannot be found that produces the same output. q. Given any one-way function, two inputs cannot be found that produce the same output.
R U O K ? 37. Which of the following accurately describe DES? • It was widely used for many years. • After being broken by a brute force key search, it was reconfigured as a triple encrypt-decrypt-encrypt engine, and used for many more years. • It is being replaced by simpler algorithms, using keys that get larger every few years. • All of the above. • None of the above.
RSA, The Public Key Cyptosystem Generating private and public keys: • Choose two very large (i.e., 256-bit) prime numbers; e.g., p = 61 and q = 53. • Compute n = p * q = 3233 and z = (p − 1) * (q − 1) = 3120. • Choose an encryption key, e, that is “relatively prime to z” (i.e., prime and not a divisor of z); e.g., e = 17. • Compute the corresponding decryption key, d, such that “e * d = 1 mod z” (i.e., e’s modular multiplicative inverse, d = x / e, for which x mod n = 1); e.g., d = 2753. • Render the plaintext message ‘A’ as a 256b number; e.g., m = 65. • Use BIG MATH to encrypt the plaintext into cyphertext; e.g., c = me mod n = 6517mod 3233. • Use BIG MATH to decrypt the cyphertext into plaintext; e.g., p = cdmod n = c2753mod 3233. [Reference: http://en.wikipedia.org/wiki/RSA_(cryptosystem)#Key_generation]
MD5, A Hash Function • MD5 makes a digest (above left) of every 512-bit block in the (possibly padded) message. • The digest separates each block into sixteen 32-bit sub-blocks, b0..b15 (above right), which are left rotated 7-22 bits. • Constants, C1..C16, and results, p-q-r-s, of the previous round, feed into four rounds of logic operations on each block: • F(x,y,z) = (x AND y) OR ((NOT x) AND z). • G(x,y,z) = (x AND z) OR (y AND (NOT z)). • H(x,y,z) = x XOR y XOR z. • I(x,y,z) = y XOR (x OR (NOT z)).
Secure Channels • Secure communications require integrity and confidentiality (policies) of messages, and authentication (mechanism) of parties. • A secure channel protects against (threats)… • modification by mutual authentication. • fabrication by message integrity. • interception by assuring confidentiality. • but not interruption.
R U O K ? 38. Excel’s biggest integer is between 236and 237. How can a distributed system compute 6517? • Get a big math package that supports 256-bit integers, with planned upgrades to 512 and 1024. • Get a speedier cryptographic coprocessor with big math implemented in its hardware control store. • Consult with a system integrator, who has years of experience in this esoteric area of industrial research. • All of the above. • None of the above.
R U O K ? 39. Which runs fastest: DES, RSA or MD5? • DES. • RSA. • MD5. • They are all about the same.
R U O K ? 40. Why does a secure channel not protect communications from interruptions? • A client cannot be prevented from breaking an Internet connection. • A denial of service attack may make the channel unavailable. • A hacker may delete an essential file. • All of the above. • None of the above.
Welcome Back! • Let’s work a few problems together in class on Monday. • Please browse problems 1-3 on pp.440-1 in your textbook before class. • Thanks, • Bro. Steve