400 likes | 596 Views
Security. Definition. Security: protecting the data (disclosure, alteration, destruction) against unauthorized users Aspects of security: Legal, social, ethical (use credit card?) Physical control (locked terminal room?) Policy questions (who is allowed to check what)
E N D
Definition • Security: protecting the data (disclosure, alteration, destruction) against unauthorized users • Aspects of security: • Legal, social, ethical (use credit card?) • Physical control (locked terminal room?) • Policy questions (who is allowed to check what) • Operational issues (how are passwords kept secret, when are they changed) • Hardware controls (storage protection keys) • Operating system support (erase main memory when finished) • Specific database system issues (data ownership)
Policy decisions: • Discretionary control: a given user can have different • access rights (privileges) on different objects; very flexible; • (U1 can see A but not B, U2 can see B and not A) • Mandatory control: each object has a classification, each • user a clearance; the higher the classification, the more • strict the access is; (If U1 can see A but not B, the class of B must be higher then • class of A and so no U2 can see B and not A) • these policy decisions must be made known to the system; • they must be remembered by the system; • it must be possible to check an access request(authorization syst.); • the system must identify the requesting user(userid, password) • (biometric)
Discretionary Access Control Defines authorities AUTHORITY SA3 GRANT RETRIEVE (S#, SNAME, CITY), DELETE ON S TO Jim, Fred, Mary; Four components: name, privilege, relvar, user Retrieve on some attributes, delete AUTHORITY <athority name> GRANT <privilege cammalist> ON <relvar name> TO <userid cammalist>; After GRANTwe can have the following privileges: RETRIEVE [ (<attribute name commalist>) ] INSERT [ (<attribute name commalist>) ] UPDATE [ (<attribute name commalist>) ] DELETE ALL
What if the user is not authorized? • reject attempt • terminate program • lock keyboard • log • DROP AUTHORITY <authority name>; • DROP AUTHORITY SA3; • Examples: • AUTHORITY EX1 • GRANT RETRIEVE (P#, PNAME, WEIGHT) • ON P • TO Jan, Anne, Karel; • AUTHORITY EX2 • GRANT RETRIEVE, UPDATE (SNAME, STATUS), DELETE • ON LS • TO Jan, Karel; • VAR SSPPR VIEW • (S JOIN SP JOIN (P WHERE CITY = ‘Rome’) {P#}) {ALL BUT P#, QTY} • AUTHORITY EX3 • GRANT RETRIEVE • ON SSPPR • TO Jan;
VAR SSQ VIEW SUMMARIZE SP PER S {S#} ADD SUM(QTY) AS SQ; AUTHORITY EX4 GRANT RETRIEVE ON SSQ TO Jan; AUTHORITY EX5 GRANT RETRIEVE, UPDATE(STATUS) ON S WHEN DAY() IN (‘Mon’,’Tue’,’Wed’,’Thu’,’Fri’) AND NOW() > TIME ‘09:00:00’ AND NOW() < TIME ‘17:00:00’ TO Jan; Other built-in operators TODAY() USER() TERMINAL()
Authorities are Ored but… AUTHORITY NEX1 GRANT RETRIEVE (PNAME, WEIGHT) ON P TO Jan; AUTHORITY NEX2 GRANT RETRIEVE (P#, WEIGHT) ON P TO Jan;
Audit trail • A log indicating the request, terminal from which invoked, user who invokes, date+time, relations+tuples+ attributes affected, old values, new values • Some users may be given access to log file
Mandatory AccessControl Interesting in hierarchical structures. 1. User U can retrieve object O iff classification level of O the clearance level of U 2. User U can update object O iff classification level of O = the clearance level of U----(*) Anything written by user U automatically requires a classification level equal to U’s clearance level for insert? Let us consider tuples as objects (Granularity) Level indicates classification level S S# SNAME STATUS CITY Level S1 Smith 20 London 2 S2 Jones 10 Paris 3 S3 Blake 30 Paris 2 S4 Clark 20 London 4 S5 Adams 30 Athens 3
U1 has clearance level 3 (eg. secret), U2 has 2 (eg. confidential). If U1 requests all suppliers he sees 4 tuples, but U2 only 2. U1 is not aware of S4, so the system has to accept his INSERT INSERT INTO S RELATION { TUPLE { S# ‘S4’, SNAME ‘Baker’, STATUS 25, CITY “Rome’}}; otherwise U1 could deduce the existence of S4, but there is a problem since S is key. The system modifies the INSERT to INSERT INTO S RELATION { TUPLE { S# ‘S4’, SNAME ‘Baker’, STATUS 25, CITY ‘Rome’, CLASS CLASS(3) } }; Key is now {S#,CLASS} Polyinstantiation: the same relations seem to be different for each user.
SQL Facilities CREATE VIEW LS AS SELECT S.S#, S.SNAME, S.STATUS, S.CITY FROM S WHERE S.CITY = ‘London’; GRANT SELECT, UPDATE(SNAME,STATUS), DELETE ON LS TO Jan, An, Karel CREATE VIEW SSPPR AS SELECT S.S#, S.SNAME, S.STATUS, S.CITY FROM S WHERE EXISTS (SELECT * FROM SP WHERE EXISTS (SELECT * FROM P WHERE S.S# = SP.S# AND SP.P# = P.P# AND P.CITY = ‘Rome’)); GRANT SELECT ON SSPPR TO Jan; CREATE VIEW SSQ AS SELECT S.S#, (SELECT SUM(SP.QTY) FROM SP WHERE SP.S# = S.S#) AS SQ FROM S; • Only discretionary • View mechanism & authorization subsystem • View as a mean of security
GRANT SELECT ON SSQ TO Jan; CREATE VIEW S_NINE_TO_FIVE AS SELECT S.S#, S.SNAME, S.STATUS, S.CITY FROM S WHERE CURRENT_TIME > TIME ‘09:00:00’ AND CURRENT_TIME < TIME ‘17:00:00’; GRANT SELECT, UPDATE(STATUS) ON S_NINE_TO_FIVE TO Jan; GRANT - General Form GRANT <privilege commalist> ON <object> TO <user ID commalist> [WITH GRANT OPTION] where <privilege commalist> is USAGE, SELECT, INSERT, UPDATE, DELETE, REFERENCES <object> is TABLE, DOMAIN
REVOKE - General Form REVOKE [GRANT OPTION FOR] <privilege commalist> ON <object> FROM <user ID commalist> <option>; where <option> is RESTRICT, CASCADE Let U1 grant p to U2 who grants it to U3 If p would be revoked by U1 from U2, U3 still has p, an abandoned privilege. RESTRICT causes the REVOKE to fail if it would lead to any abandoned privilege. CASCADE causes such privileges to be revoked as well.
REVOKE SELECT ON S FROM Jan RESTRICT; REVOKE SELECT, UPDATE(SNAME,STATUS), DELETE ON LS FROM Jan CASCADE; REVOKE SELECT ON SSPPR FROM Jan RESTRICT; REVOKE SELECT ON SSQ FROM Jan RESTRICT;
Data Encryption Storing and transmitting sensitive data in encrypted form. Plaintext Encryption algorithm Ciphertext Encryption key public secret Ciphertext is transmitted or put in the db. Almost impossible to transform the Ciphertext to the Plaintext without knowing the Encryption key.
Plaintext: AS KINGFISHERS CATCH FIRE Encryption key ELIOT Divide plaintext in blocks of length of key AS+KI NGFIS HERS+ CATCH +FIRE Replace + by 00, A by 01, …, Z by 26 0119001109 1407060919 0905181900 0301200308 0006091805 Replace in key + by 00, A by 01, …, Z by 26 0512091520 Take sume per character modulo 27 0119001109 1407060919 0905181900 0301200308 0006091805 0512091520 0512091520 0512091520 0512091520 0512091520 0604092602 1919152412 1417000720 0813021801 0518180625 Replace 00 by +, 01 by A, …, 26 by Z FDIZB SSOXL NQ+GT HMBRA ERRFY
Frequent use of Substitution Permutation How difficult is it to find the key, given plaintexts with corresponding ciphertexts? (algorithm is known!!!)
Major Algorithms • Secret key algorithms • DES – Data Encryption Standard • AES – Advanced Encryption Standard • Public key algorithm • RSA – Rivest-Shamir-Adelman
Plaintext M Ciphertext C Plaintext M Encryption Decryption Sender Recipient Secret Key Encryption K K Secure channel • R knows that: • Message was • sent by S • Message hasn’t • been altered Key source
Secret-Key Encryption • Needed for security: • Secret key must be kept confidential • Impossible (at least impractical) to decipher a message if no other information is available • Knowledge of algorithm and samples of ciphertext must be insufficient to determine the key
DES Overview • DES is a product cipher • 56 bit key size • 64 bit block size for plaintext and cipher text • Developed by IBM and adopted by NIST with NSA approval • Adopted as US Standard November 1976
DES Foundations • Mathematics to design strong product ciphers is classified • Breakable by exhaustive search on 56-bit key size for known plaintext, chosen plaintext and chosen ciphertext attacks • Security: computational complexity of computing the key under the above scenarios (22 hours)
Triple DES P EK1(P) DK2[EK1(P)] EK1[DK2[EK1(P)]] E E D K1 K2 K1 If K1=K2: single encryption Effective key size: 112 bits Major improvement!!!
DES Algorithm 64 bit plaintext 56 bit key Initial permutation Permuted choice K1 Iteration 1 Permuted choice 1 Left circular shift K2 Iteration 2 Permuted choice 2 Left circular shift K3 Iteration 16 Permuted choice 16 Left circular shift 32 bit swap Inverse initial permutation 64 bit ciphertext
Public Key Cryptosystem Insecure channel Ciphertext Plaintext Plaintext Encryption Algorithm. Decryption Algorithm. B Recipient A Sender B’s private key B’s public key (need reliable channel)
Public-Key Encryption • One of the keys must be kept secret • Impossible (at least impractical) to decipher message if no other information is available • Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key
Public-Key Encryption • Two keys – one is private one is public • Solves the key distribution problem (but need reliable channel) • Provides electronic signatures • Slower than secret-key encryption
Public Key Examples • Rivest, Shamir, and Adleman (RSA) describe a public key system in 1978 • Many proposals have been broken e.g., Merkle-Hellman proposal broken by Shamir • Serious candidates (public domain) • RSA • Many others
RSA Keys • R. L. Rivest, A. Shamir, L. Adleman, A method for Obtaining Digital Signatures and Public-Key Cryptosystems, CACM, 21, 2, p.120-126, 1978 Public key: (n,e) • Secret key: (n,d) • n is a 200 digit number • C = Me mod n • M = Cd mod n
Notation C = E(KE-B, M) M = D(KD-B,C) KE-B: public key of B KD-B: private key of B E: encryption algorithm D: decryption algorithm M: plaintext C: ciphertext
Who Knows What? • Both sender and receiver know n • Sender knows e • Only receiver knows d • Need: • Find values e, d, n s.t. • Easy to calculate Me, Cd for all M < n • Infeasible to determine d give e
Generating RSA Keys • Choose 2 large (100 digit) numbers p and q • Compute n = p*q • Choose e relatively prime to (n) = (p-1)*(q-1) • Compute d such that e*d = 1 mod (p-1)*(q-1) • Publish (n,e) • Secret (n,d), p, q
RSA Keys Example 1 • Choose 2 “large” numbers p=7, q=17 • Compute n=p*q 7*17=119 • Choose relative prime to (p-1)*(q-1) 6*16=96, e=5 • Compute e*d = 1 mod 96 => d=77 • Publish (5,119) • Keep (77,119), 7, 17
RSA Keys Example 2 • Choose 2 “large” numbers p=47, q=71 • Compute n=p*q 47*71=3337 • Choose relative prime to (p-1)*(q-1) 46*70=3220, e=79 • Compute e*d = 1 mod 3220 => d=1019 • Publish (3337,79) • Keep (3337,1019), 47, 71
Why is RSA Hard to Break? • Compute d such that e*d = 1 mod (p-1)*(q-1) • If factorization of n into p*q is known: Easy • Otherwise: Hard • How hard is it to compute d given (n,e)? • Don’t know BUT not harder than factoring n into p*q Security of RSA is no better than the complexity of the factoring problem
RSA versus DES: Key Size Key size: • RSA: selected by user (usually n is 154 digit (512 bits) so key is 1024 bits) • DES: 64 bits (56 effective)
RSA versus DES: Speed DES is about 100 times faster than RSA Use RSA for exchange of DES keys
RSA-method for public-key encryption: • Based on • there is a fast algorithm to find whether a given number • is prime; • there is no fast algorithm to find the prime factors of a • given number. • 1. Choose p q prime, large, compute r = p * q; • 2. Choose e, prime greather than p and q; (e is encryption key) • 3. Calculate d s.t. d * e = 1 mod((p-1)*(q-1)); (d is decryption key) • (d can be calculated easily) • 4. Make r, e public; (to calculate d from r and e is very hard) • 5. Represent the plaintext by an integer P; • 6. Calculate C = Pe mod r; (C is the ciphertext) • 7. To decrypt, calculate P = Cd mod r.
Example p = 31 q = 11 r = p * q = 341 e = 37 d is such that d * e = 1 mod 300; d = 73 Let P = 201; C = 20137 mod 341 = 240 P = 24073 mod 341 = 201
Message Signature using public key • Suppose two people want to communicate securely • Every party has public key which the other is also aware of, say EnA and EnB • Every party has a decryption key which is private, say DeA and DeB • A wants to send message P to B, it will produce C=EnB (DeA (P) ) • B will Produce P as follows: EnA (DeB(C)) = EnA(DeB(EnB(DeA(P)))) =EnA(DeA(P)) = P • B will know that the message is from A since EnA is applicable