710 likes | 724 Views
Explore the essential security principles, mechanisms, threats, and methods to protect your systems. Understand the importance of security policies vs. mechanisms, the role of principals, and different types of security threats. Learn about common methods of attack, infiltration, and famous attacks in the realm of digital security.
E N D
Words to Ponder • Even paranoids have enemies • The moral of this story is, anything you don’t understand is dangerous until you do understand it. DOS1 - Security
Security • In most systems security is an important concern • Communications should be secure against eavesdropping and tampering • Servers/clients should be able to verify the identity of their clients/servers • The originator of a message should be verifiable after the message has been delivered DOS1 - Security
Policy vs. Mechanism • Security policies • The set of decisions that, collectively, determines an organization’s posture toward security • Who can access what resource • Defines the appropriate levels of security • What the response to violations should be • Security Mechanisms • Techniques used to implement the security policies DOS1 - Security
Principal • The agents accessing the information or resources • Human beings • Servers • Applications • Principals with the same access rights are often collected together in groups • Each principal has a unique user identifier associated with it DOS1 - Security
Threats • Security threats common to computer systems fall into four broad classes • Leakage • Acquisition of information by unauthorized parties • Tampering • The unauthorized alteration of information • Resource Stealing • Vandalism DOS1 - Security
Methods of Attack • Some common methods of attack include • Eavesdropping • Information in transit • Information in storage • Masquerading • Sending/receiving messages using the identity of another user • Message Tampering • Replaying • Storing messages and sending them at a later date • Denial of Service DOS1 - Security
Famous Attacks • “An Evening with Berferd” • Cheswick • The Case of the Wiley Hacker • Cliff Stoll • The Morris Internet Worm • Pick the “E-mail Virus” of the month DOS1 - Security
Infiltration • Attacker must have access to the system in order to attack • Password cracking • Virus • Attaches itself to an existing program • Worm • Standalone program • Not always nasty!! • Trojan Horse DOS1 - Security
Morris Worm rsh attack Grappling hook finger attack sendmail attack Request for worm Worm Worm Worm sent Target System Target System DOS1 - Security
Security in a Network • In a networked system • The principal threats to security come from the openness of communication channels • Potential violators are not easily identifiable, so we must not assume trust. Assume untrustworthy until proven otherwise • The mechanisms used to implement security must be validated to a high standard DOS1 - Security
Techniques • Security mechanisms are based on three techniques • Cryptography • Used to conceal information • Used in support of authentication • Used to implement digital signatures • Authentication • Validate the identity of the sender • Access Control • Allow resources to access only by authorized individuals DOS1 - Security
Cryptography • Information can be encoded using a key when it is written (or transferred) • encryption • It is then decoded using a key when it is read (or received) • decryption • Very widely used for secure network transmission DOS1 - Security
More on Cryptography encryption plaintext ciphertext decryption DOS1 - Security
More on Cryptography Ke Kd C = EKe(plaintext) Encrypt Decrypt plaintext plaintext Ke == Kd Symmetric Algorithm Ke != Kd Asymmetric Algorithm DOS1 - Security
Cryptanalysis Ke Kd C = EKe(plaintext) Encrypt Decrypt plaintext plaintext Invader Side information plaintext Cryptanalysis DOS1 - Security
Cryptographic Systems Cryptographic Systems Modern Systems Conventional Systems • Ke and Kd are essentially the same Private Key Public Key • Ke and Kd are private • Ke is public • Kd is private DOS1 - Security
Private Key Systems • In private key systems, such as the US Federal Data Encryption Standard (DES), a single key is used for both encryption and decryption • This means that both parties must know the key(s) before communication can take place • write it down ahead of time • have some sort of physical key • exchange key(s) via secure channels DOS1 - Security
Block Ciphers • Many commonly used ciphers are block ciphers. • This means that they take a fixed-size block of data (usually 64 bits) • Transform it to another 64 bit block using a function selected by the key. DOS1 - Security
Simple Block Cipher Plaintext message B3 B2 B1 B0 encrypt B0 B1 B2 B3 DOS1 - Security
Problem • If the same block is encrypted twice with the same key, the resulting ciphertext blocks are the same • It is desirable to make identical plaintext blocks encrypt to different ciphertext blocks. • Two methods are commonly used for this: • CBC mode: a ciphertext block is obtained by first xoring the plaintext block with the previous ciphertext block, and encrypting the resulting value. • CFB mode: a ciphertext block is obtained by encrypting the previous ciphertext block, and xoring the resulting value with the plaintext. DOS1 - Security
CBC XOR Bn+4 Bn+3 Bn+2 Bn+1 encrypt Bn-3 Bn-2 Bn-1 Bn DOS1 - Security
Stream Ciphers • For some applications encryption in blocks will not work • Telephone conversation • Radio Broadcast • … • White noise… DOS1 - Security
Stream Cipher number generator encrypt K3 K2 K1 K0 buffer keystream XOR Plaintext stream Encrypted stream DOS1 - Security
Secret Key Systems • DES • Developed in the 1970s adopted as a standard by the US government • DES is a block cipher with 64-bit block size. It uses 56-bit keys. • This makes it fairly easy to break with modern computers or • A variant of DES, Triple-DES or 3DES is based on using DES three times (normally in an encrypt-decrypt-encrypt sequence with three different, unrelated keys). DOS1 - Security
Secret Key Systems • Blowfish • An algorithm developed by Bruce Schneier. • It is a block cipher with 64-bit block size and variable length keys (up to 448 bits). • No attacks are known against it. • IDEA (International Data Encryption Algorithm) • Developed at ETH Zurich in Switzerland. • Uses a 128 bit key, and is considered to be very secure. • No practical attacks on it have been published despite numerous attempts to analyze it. DOS1 - Security
Secret Key Systems • RC4 • The algorithm is very fast. • Its security is unknown, but breaking it does not seem trivial either. • SAFER • Developed by J. L. Massey (a developer of IDEA). • It is claimed to provide secure/fast encryption • Enigma • The cipher used by the Germans in World War II. • This cipher is used by the unix crypt(1) program DOS1 - Security
Public Key Systems • In public key cryptosystems, everyone has two related complementary keys, a publicly revealed key and a secret key • Each key unlocks the code that the other key makes. Knowing the public key does not help you deduce the corresponding secret key • The public key can be published and widely disseminated across a communications network • This protocol provides security without the need to reveal the private key DOS1 - Security
Public Key Systems Public Key Database Kpublic Kprivate C = EKpublic(plaintext) Encrypt Decrypt plaintext plaintext DOS1 - Security
RSA • Rivest, Shamir and Adelman (RSA) • To find a key pair e and d: • Chose two large prime numbers, P and Q (each greater than 10100), and form • N = P x Q • Z = (P-1) x (Q-1) • For d chose any number relatively prime to Z • To find e solve the equation • e x d = 1 modZ DOS1 - Security
Comparison • Secret and public key systems • With suitable keys both are secure enough • Public-key systems are more convenient to implement because they do not require a secure channel to exchange keys • Secret-key systems are faster DOS1 - Security
Establishing a Shared Key • In order for a symmetrical system to work, both parties need to know a shared key • Is it possible for two parties to safely use the network to agree on a shared key? • To put this another way, can two machines agree on a common number such that anyone who listens to that conversation can determine the number? DOS1 - Security
Diffie-Hellman Key Exchange n and g, both are prime, public and special. A picks x in private, B picks y in private A B n, g, gx mod n gy mod n Compute (gx mod n)y mod n = gxy mod n Compute (gy mod n)x mod n = gxy mod n DOS1 - Security
It Works!! • n=47, g=3 • I’ll pick a small x, you pick a small y • I send to you • (47, 3, 9) • You send to me • 3y mod 47 (call it z) • I compute zx mod 47 • You compute 9y mod 47 DOS1 - Security
To Break it • You know • n = 47, g = 3 • You also know • gx mod n = 9 • gy mod n = z • You need to solve the equation • zx mod 47 = 9y mod 47 DOS1 - Security
Bucket Brigade Also known as the person in the middle attack A X B n, g, gx mod n gq mod n n, g, gq mod n gy mod n Session key S Session key R DOS1 - Security
Key Distribution Center • With the previous example, you would need n different keys to talk to n different people • Perhaps the same key could be used for an entire session • An alternative approach is to use a key distribution center (KDC) • The KDC stores a single key for each user • Authentication and session key management goes through the KDC DOS1 - Security
KDC A KDC B A, KA(B,KS) KB(A,KS) KC(A,KS) A, KA(C,KS) KS(message1) C KS(message2) DOS1 - Security
Analysis • Authentication comes for free • The KDC knows the message came from A • B knows the first message came from the KDC • B knows the third message came from A DOS1 - Security
Replay Attack A KDC B A, KA(B,KS) KB(A,KS) KS(message) C KB(A,KS) KS(message) DOS1 - Security
Solutions • Timestamp messages • Obsolete messages are discarded • Clocks cannot be perfectly synchronized • So timestamps are valid for an interval • Unique message numbers (nonce) • Each party remembers all previous nonces • Messages with used nonces are rejected • Nonces have to be remembered forever DOS1 - Security
Needham-Schroeder RA, A, B KDC A B KA(RA, B, KS, KB(A,KS)) Not a replay Who the ticket is for Ticket KB(A,KS), KS(RA2) Challenge B KS(RA2-1), RB Must be B, Challenge A KS(RB-1) Must be A KS(message) DOS1 - Security
Attack Obtains an old session key X B Replays old message (RA2 could be different) KB(A,KS), KS(RA2) Challenge B KS(RA2-1), RB Must be B, Challenge A KS(RB-1) Must be A KS(message) DOS1 - Security
Otway-Rees A B A, B, R, KA(A,B,R,RA) A, KA(A,B,R,RA), B, KB(A,B,R,RB) KDC KB(RB,KS) KA(RA,KS) DOS1 - Security
Kerberos Authentication Server Client Trusted server, repository of keys, protected by a nasty three-headed dog (Kerberos of Greek mytholodgy) Server DOS1 - Security
Kerberos Authentication Server Encrypted for client Encrypted for server Ticket Client Client ID Session Key Session Key After message arrives, user is prompted for password which is used to decrypt the message Server DOS1 - Security
Kerberos Authentication Server Encrypted for client Encrypted for server Client Session Key Ticket Client ID Server Session Key DOS1 - Security
Kerberos Authentication Server Encrypted for client Encrypted for server Client Session Key Ticket Server Client ID Session Key DOS1 - Security
Kerberos Authentication Server Encrypted for client Encrypted for server Client Session Key Server Client ID Session Key DOS1 - Security
Kerberos Authentication Server Encrypted for client Encrypted for server Encrypted for session Client Message Server DOS1 - Security
Authentication • User/process authentication • Is this user/process who it claims to be? • Passwords • More sophisticated mechanisms • Authentication in networks • Is this computer who it claims to be? • File downloading • Obtaining network services DOS1 - Security