350 likes | 485 Views
CS 240: Software Project Fall 2003 Sections 1 & 2. Dr. Badrul M. Sarwar San Jose State University Lecture #27. Outline. Advanced Topics: Enterprise Software Development Software Security Student presentation Software Security Testing in XP.
E N D
CS 240: Software ProjectFall 2003Sections 1 & 2 Dr. Badrul M. Sarwar San Jose State University Lecture #27
Outline • Advanced Topics: Enterprise Software Development • Software Security • Student presentation • Software Security • Testing in XP
Outline for the final project report(Individual submission) • ACM SIGCHI MSWord article template • Writing quality • Structure • Title / author affiliation • Abstract • Introduction • motivation • importance • brief overview • organization of the remaining paper • Overview of the project • Project plan • High-level architecture of the program • Detailed Lifecycle of the software • RE • Design • Integration • Coding • Testing • Short PRM/User manual • Critical Analysis of the project • Strengths • Weaknesses (known bugs, limilations) • Conclusion • (5 point bonus– literature survey and provide references)
Security goals and threats The Security EnvironmentThreats
Threats and Attacks • Three major types of threats • Leakage: acquisition of info by unauthorized recipients • Tampering: unauthorized alteration of info • Vandalism: interference with proper operation of a system without gain to the perpetrator • Ways a communication channel can be misused • Eavesdropping • Masquerading • Message tampering: “man-in-the-middle” attack • Replaying • Denial of Service • Well-known attacks: • “The Internet worm” • Coordinated DoS attacks on popular websites
Intruders Common Categories • Casual prying by nontechnical users • Snooping by insiders • Determined attempt to make money • Commercial or military espionage
Cryptography Encryption of messages Private key (symmetric) Public key (asymmetric) Uses Security and integrity Authentication Digital signatures Certificates Access control Credentials Firewalls Security Techniques Long history in military needs for cipher/decipher secret messages. Recently algorithms have been available for public research, and as a result, we have stronger algorithms and more refined protocols
Basics of Cryptography Relationship between the plaintext and the ciphertext
Secret-Key Cryptography • Monoalphabetic substitution • each letter replaced by different letter • Given the encryption key, • easy to find decryption key • Secret-key crypto called symmetric-key crypto
One-Way Functions • Function such that given formula for f(x) • easy to evaluate y = f(x) • But given y • computationally infeasible to find x
Cryptographic algorithms • Symmetric algorithms • Encryption Functions • Define a function F, such as FK([M]) = E(K,M), a property of encryption functions if that FK([M]) is relatively easy to compute, but FK-1([M]) is so hard to compute that it is not feasible. ==> one-way-function • Brute-force-attack: run through all possible values of the key k. For an N-bit key this means trying all 2N iterations. • Ex. DES, TEA • Asymmetric algorithms • Diffie-Hellman algorithm: public-key. A pair of keys used. Ex. RSA • Block ciphers • Fragment the plaintext into blocks • Problem with repeated blocks • An attacker can infer relationships with the plaintext
Public-Key Cryptography • All users pick a public key/private key pair • publish the public key • private key not published • Public key is the encryption key • private key is the decryption key
Public-Key Cryptosystems: RSA • Main problem with private key: • Key distribution • Asymmetric algorithm: a private and a public key are used • First proposed by Diffie and Hellman • Basis: Trap-door functions • Are special type of one-way-functions that has a secret exit, it is easy to compute it in one-way but it is infeasible to compute the inverse if the secret is unknown • Two keys, Ke and Kd D(Kd, E(Ke, M)) = M • RSA (Rivest, Shamir, and Adelman) Algorithm
RSA Algorithm • Generating the private and public key requires four steps: • Choose two very large prime numbers, p and q • Compute n = p x q and z = (p – 1) x (q – 1) • Choose a number d that is relatively prime to z • Compute the number e such that e x d = 1 mod z
Secure digest functions • h = H(M) is a secure digest function that has the following properties: • Given M, it is easy to compute h. • Given h, it is hard to compute M. • Given M, it is hard to find another message M’, such that H(M) = H(M’) One-way hash functions • Example: • MD5 by Rivest • Uses 4 rounds each applying one of four non-linear functions to each of 16 32-bit segments of a 512 bit block of source. The result is a 128-bit digest.
Hash Functions : MD5 (1) • The structure of MD5
E-Commerce Security Issues • When considering security, the first thing you need to evaluate is the importance of what you are protecting • it might be tempting to believe that the highest possible level of security is required for all sites • but protection comes at a cost • before deciding how much effort or expense your security warrants, you need to decide how much your information is worth • The value of information is different for • a hobby user, a business, a bank, and a military organization
Security Threats • Security Threats for an E-commerce site may include • Exposure of confidential data • Loss or destruction of data • Modification of data • Denial of service • Errors in software • Repudiation
Exposure of Confidential data • To reduce the risk of exposure • you need to limit the methods by which information can be accessed and limit the people who can access it • design with • security in mind • configure your server and software properly • programming carefully • testing thoroughly • requiring authentication • To protect confidential data use encryption methods such as SSL • Simple and fairly low-cost way of providing security • Dramatic slow down of throughput
Loss or Destruction of Data • Murphy’s law about data loss • “Data that is lost is usually the most important one, lost long after you last made a backup” • Use RAIDs • Most effective measure is backup • Simple but very effective technique • Most of the time it may seem that backups are useless (hopefully) • But during a critical data loss backed up data can be life saver
Accidental Data Loss Common Causes • Acts of God • fires, floods, wars • Hardware or software errors • CPU malfunction, bad disk, program bugs • Human errors • data entry, wrong tape mounted
Internet Security Protocols: SSL • SSL (Secure Socket Layer) • Developed by Netscape • an extended version of SSL has been adopted as Internet standard, Transport Layer security (TSL) [RFC 2246] • SSL features • negotiable encryption and authentication algorithms • different client can use different protocols • set up during initial connection establishment • Bootstrapped security communication • SSL Layers • SSL record protocol layer • SSL handshake layer
SSL protocol stack SSL SSL Change SSL Alert Handshake HTTP Telnet Cipher Spec Protocol protocol SSL Record Protocol Transport layer (usually TCP) Network layer (usually IP) SSL protocols: Other protocols:
SSL handshake protocol Establish protocol version, session ID, ClientHello cipher suite, compression method, ServerHello exchange random values Certificate O ptionally send server certificate and Certificate Request request client certificate ServerHelloDone S Client Certificate Server end client certificate response if requested Certificate Verify Change Cipher Spec Change cipher suite and finish Finished handshake Change Cipher Spec Finished
SSL handshake configuration options Component Description Example Key exchange the method to be used for RSA with public-key method exchange of a session key certificates Cipher for data the block or stream cipher to be IDEA transfer used for data Message digest for creating message SHA function authentication codes (MACs)
SSL record protocol abcdefghi Application data Fragment/combine abc def ghi Record protocol units Compress Compressed units Hash MAC Encrypt Encrypted Transmit TCP packet
Digital signatures are essential for secure systems Handwritten signatures are: Authentic Unforgeable Non-reproducible DS with public keys Kpub and Kpriv are generated A computes the digest of M, H(M) using a secure hash funct. H and encrypts it to produce the signature S= {H(M)}Kpriv A sends [M]K = M,S to B B decrypts S using Kpub and computes H(M), if they match then the signature is valid Digital signatures with public keys M signed doc {h} H(M) h E(K , h) Kpri Signing pri M 128 bits {h} h' Kpri D(K ,{h}) pub Verifying M h = h'? h H(doc)
Digital Signatures • Computing a signature block • What the receiver gets (b)
Security of Mobile Code • Mobile code and mobile agents are in widespread use nowadays • These are potential sources of security flaws • Java uses a restricted sandbox security model
Mobile Code (1) Sandboxing (a) Memory divided into 1-MB sandboxes (b) One way of checking an instruction for validity
Mobile Code (3) How code signing works
Java Security (1) • A type safe language • compiler rejects attempts to misuse variable • Checks include … • Attempts to forge pointers • Violation of access restrictions on private class members • Misuse of variables by type • Generation of stack over/underflows • Illegal conversion of variables to another type
Java Security (2) Examples of specified protection with JDK 1.2
Intrusion Detection • Strives to detect attempted or successful intrusion into the computer system • ID encompasses a wide variety of techniques that vary on a number of axes • the time that the detection occurs • the types of inputs examined to detect intrusive activity • the range of response capabilities • What constitutes an Intrusion? • Quite difficult to define • IDSs today typically settle for one of two less ambitious approaches • Signature-based detection—system input or network traffic is examined for specific behavior patterns (or signatures) • Anomaly detection—tries to detect anomalous behavior => can be viewed as two sides of the same coin..
Intrusion Detection • Signature-based: attempts to characterize dangerous behaviors and detects when these behaviors occur • Identifies only known attacks • Anomaly detection: attempts to characterize normal behavior and detects when something else occurs • can identify previously unknown methods