1.36k likes | 1.52k Views
ECE579S Computer & Network Security 2: Identification and Authentication; Access Control. Prof. Richard A. Stanley. Overview of Tonight’s Class. Review of last class Identification and authentication Design principles. Last time. Block ciphers are widely used
E N D
ECE579S Computer & Network Security 2: Identification and Authentication; Access Control Prof. Richard A. Stanley
Overview of Tonight’s Class • Review of last class • Identification and authentication • Design principles
Last time... • Block ciphers are widely used • Most commonly used block cipher today is TDEA, operating in one of 4 modes • TDEA is limited by 64-bit block and key size, provides poor software implementation • AES chosen to replace TDEA • Should be several years of coexistence
More of last time... • Both symmetric and asymmetric crypto have their uses in communications • Symmetric keys can be purely random, but asymmetric keys are mathematically related • Symmetric crypto is much faster than asymmetric, which leads to combining the types in practical applications
Symmetric key Same key both ends Key management a problem; requires secure side channel Fast Message length < key length Asymmetric key Two keys Public key, known to all Private key, known to owner alone Key management less of a problem Computationally intensive, so it is slow Cryptosystems Compared
Hashing: the Final Tool • Encryption seeks to obscure plaintext with a key, so that the plaintext can be recovered • Hash functions produce fixed-length output given variable-length input, such that the hash output will change substantially if even a single bit of the input is changed • Similar to checksum or CRC for data integrity • Depends on hash function being one-way
Hash Function Uses / Benefits • Verify the integrity of a block of data • e.g. a message • Faster to compute than encrypted version of input • Always produces an output of known and fixed length • Useful in many applications
Hash Function Requirements • Hash value h = H(x), where H is the hash function of some input x • Inputx can be of any length • OutputH(x) has fixed length • H(x) relatively easy to compute for any x • H(x) is one-way • H(x) is collision-free
Hashing Terms • One way • H(x) is one way if it is computationally infeasible to find x such that H(x) = h • i.e. H(x) is hard to invert • Collisions • weakly collision-free: given x, computationally infeasible to find yx such that H(x) = H(y) • strongly collision-free: computationally infeasible to find any two messages x and y such that H(x) = H(y)
Hash Function Example Source: RSA Laboratories, Inc.
Types of Hash • “Standard” • Message is input to the hash function • Hash calculated according to the standard • Same message always produces same hash • Keyed, or secure, hash • Message is one input to the hash function • Secret key is another input • Output depends on both key and message
Broken Hashes • CRYPTO 2004 conference announced collisions in MD5 and other hash functions • Impact is that two messages can be found that produce the same hash, although the hash cannot be chosen in advance • If hash collision on two different messages known, could generate signature for first message but later claim second message was the one signed. This is a repudiation attack. • If hash collision known on two different messages victim could sign one message. Signature also be valid for second message, which victim did not intend to sign. This is a chosen-message forgery.
Impact? • Broken hashes should be used with great caution in signatures • MD4 & MD5 are the most commonly used hashes for which collisions have been found to date • Further progress in finding collisions could lead to serious problems in the digital signature area
So What? • Hash functions can be used to provide • Fast integrity check on data • Asymmetric key cryptography can provide • Session key negotiation • User authentication (with some help) • We now have all the cryptographic tools needed to provide confidentiality, integrity, and authentication
The Good Old Days • Mainframecomputers • Physically isolated from casual access by unauthorized personnel • Programs, data passed to/from computer by trusted staff • No authorization, no job • So, no problem, right? IBM 360 mainframe
The Good New Days • Computers are everywhere • Access can often be achieved by walking up to the keyboard/display and beginning to work • What’s an authorization number? • So, big problem, right?
Access Control • Determines and monitors who can do what with what in the computer • Is much more than establishing a physical perimeter around the computer • Can’t happen without identification and authentication (about which, more later) • Needs to be instantiated in a policy
Subjects and Objects • Remember your English grammar • Subjects act • Objects are acted upon • These roles are not graven in stone • If you hit the ball, you are the subject • If the ball hits you, you are the object • It is just the same in computer science
Access Control Model Reference Monitor Subject Request Object Any of these points is a vulnerability. How to protect?
Reference Monitor • Makes access control work • You can tell it • What a subject is allowed to do (privilege) • What may be done with an object (permission) • In order to specify these things, you need to know all the possibilities, or you need to define things narrowly so that what you don't know doesn’t become allowed
Access Operations (Example) • Observe • Read • Write • Alter • Write • Append • How do you execute a program?
Unix Access Control • Read: read a file • Write: write to a file • Execute: execute a file • Interpreted according to where the access rights are to be granted
Access Control Types • Discretionary: the file owner is in charge • Mandatory: the system policy is in charge • One can exist within the other, especially discretionary within a class of mandatory
Access Control Matrix • A = set of access operations permitted • S = set of subjects • O = set of objects
Access Control Matrix Example How easy is this to implement?
Access Control Lists • Stores the access rights within the object • Convenient, quick • This is the Unix approach • Difficult to modify globally w.r.t. subjects, easy w.r.t. the object • How to find out what a subject is able to do?
Intermediate Controls • Groups • Negative permissions • Protection rings • Abilities • Privileges • Role-based
Security Levels • Linear • Top secret • Secret • Confidential • Unclassified • Lattice • Security level • Compartment
Security Level Examples • Linear • Marking contains the name of the level • Each higher level dominates those below it • Lattice • Marking contains name of level + name of compartment (e.g. TOP SECRET PETUNIA) • Only those “read into” the compartment can read the information in that compartment, and then only at the level of their overall access
Who Can Read What? • In a linear system? • In a lattice system? • What is dominance?
System High/Low • System High is the highest security level in the system. It can be thought of the apex of all lattice levels • System Low is the lowest security level in the system. It can be thought of as that level which all system users can “see” • Question? • In a Unix system, what level should be assigned to the root directory?
Security Models Implement Access Control Policy • Why? • If you can’t describe it, you can’t measure it, and you don’t know what it is • Policy requires a model • Security requires a policy • Q.E.D.
Security Model Types • Formal (high-assurance computing) • Bell-LaPadula • Biba • Chinese Wall • Informal (policy description) • Clark-Wilson
Bell-LaPadula • Describes access policies and permissions in a state machine model of a computer • S is the set of subjects • O is the set of objects • A is the set of access operations = {execute, read, append, write}={e,r,a,w} • L is the set of security levels with partial ordering £
What’s a Partial Ordering? • Partial ordering £ on a set L is a relation where: • for all a L, a£ a holds (reflexive) • for all a,b,c L, if a £ b, b £ c, then a £ c (transitive) • for all a,b L, if a £ b, b £ a, then a = b (antisymmetric) • If two elements a,b L are not comparable, thennotation is a b
Bell-LaPadula Access Rights • e: execute • r: read • a: append • w: write • Don’t assume anything when dealing with security!
State Machines • BLP: security = property of states • State is an instantaneous representation of the system at an instant in time • State transition occurs when the state changes • State transitions may be constrained • With a 2.5 GHz processor, what is the likely rate of state change? • What are the chances that you can capture all the states of even a desktop computer? Why?
Bell-LaPadula • Is a state machine model • Utilizes the machine state to check security • All permissions must be captured • All subjects accessing objects must be captured • These are machine states • Complicated state set results • Defining state set is the major BLP problem
Access Control Model We have seen this before, and we will see it again Reference Monitor Subject Request Object The Reference Monitor validates all requests against permitted state functions
BLP Security Policies • Mandatory security policies • Simple security (ss) policy (no read up) • Star (*) policy (no write down) • How to send messages from high to low? • Trusted subjects can violate policy • Discretionary (ds) policy • If all three properties are satisfied, a state is secure
Basic Security Theorem • A state transition is secure if both the initial and the final states are secure, so • If all state transitions are secure and the initial system state is secure, then every subsequent state will also be secure, regardless of which inputs occur. (Proof)
Tranquility • Security levels and access rights are never changing = tranquility • Operations that do not change access rights are tranquil • Does BLP really capture security? • What are your views of McLean’s criticism?
BLP Advantages • Descriptive capabilities of the model • Policies based on security levels -- easy to introduce other structures in their place • Actual security policies • Specific solution (e.g. Multics)
BLP Disadvantages • Deals only with confidentiality, not integrity • Does not address management of access control • Contains covert channels
Covert Channel • An information flow that is not controlled by a security mechanism • Can occur by allowing low-level subjects to see names, results of comparisons, etc. of high-level objects • Difficult to find, difficult to control, critical to success
Harrison-Ruzzo-Ullman Model • Deals with BLP lack of procedures to change access rights • Uses a structured programming approach to modify the access control matrix • Provides a view of complex systems modeled by complex models • The more complex a security model is, the more difficult it usually is to verify security properties
HRU Command Structure command c(x1,...,xk) ifr1 in Ms,oand : ifrm in Ms,m then op1 : opk end
HRU Create File Example commandcreate_file (s,f) createf entero into Ms,f enterr into Ms,f enterw into Ms,f end
Chinese Wall Model • Rule: there must be no information flow that causes a conflict of interest • Info concerning a single company are O • Company dataset is y: O C • Conflict classes are x: O P(C) • N is a Boolean matrix where • Ns,o' = true, if s ever had access to o • Ns,o' = false, if s never had access to o