500 likes | 622 Views
COMP 150-IDS: Internet Scale Distributed Systems (Fall 2012). Security Fundamentals. Noah Mendelsohn Tufts University Email: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah. Goal.
E N D
COMP 150-IDS: Internet Scale Distributed Systems (Fall 2012) Security Fundamentals Noah Mendelsohn Tufts UniversityEmail: noah@cs.tufts.edu Web: http://www.cs.tufts.edu/~noah
Goal • Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc. Non Goal • This presentation does not attempt to explore broader issues relating to good security architecture including requirements gathering, threat analysis, design for security, penetration testing, etc.
Simple Encryption EncryptionFunction Data Encrypted Data
Decryption DecryptionFunction Data Encrypted Data
Encryption/Decryption are functions over data+key EncryptedData = Fencrypt(key, data) Data = Fdecrypt (key, EncryptedData) Data = Fdecrypt (key, Fencrypt(key, data))
Encryption/Decryption are functions over data+key EncryptedData = Fencrypt(key, data) Data = Fdecrypt (key, EncryptedData) Same key for encryption and decryption
Encryption & Decryption Functions Usually not Secret What’s secret? EncryptionFunction Data Encrypted Data DecryptionFunction Data
Same secret key needed by sender & receiverKey distribution/protection is a big problem What’s secret? EncryptionFunction Data Encrypted Data DecryptionFunction Data
Same secret key for sender and receiver Ordinary Encryption EncryptionFunction Data Encrypted Data DecryptionFunction Data
Key PairsDifferent Keys forEncryption & Decryption Asymmetric Key Crypto EncryptionFunction Data Encrypted Data DecryptionFunction Data Note: the encryption key cannot decrypt…only its pair canEither key can serve to encrypt, then the other decrypts.
Public Key Crypto • Built on asymmetric crypto • Pair: one part public, one part private • Private cannot be derived from public • To send me a message: • Encrypt it with my public key, which everyone knows is mine • Only I have the private key to decrypt • Avoids need to distribute secret keys! • …but, we do need to watch for fraudulent public keys
Digital signatures: non-repudiation • Prove that these bits were from me • Step 1: I hash the content yielding a small number unique to the content • Step 2: I encrypt that hash using my private key, resulting in a digital signature • Step 3: I send you the bits and the signature • Step 4: You decrypt the signature using my public key, and compare to hash you compute on bits you’ve received Signature check: you have confidence it came from meNon-repudiation: I can’t deny it!
Certificates • How do you know the public key is mine? • Certificate: a public key signed by someone you trust! • Their signature asserts: this key is Noah’s public key • Whom do you trust? • The organization you work for (E.g. Tufts University) • Well known signing organizations (Verisign, Thawt, Equifax, etc.) • Yourself (self-signed certs…usually a kludge only for testing) • Trust hierarchies • I am Noah as vouched for by Tufts as vouched for by Equifax • Your browser comes with a trusted set of root certificates • The PKI hierarchy has become fundamental to the integrity of the Web – used to establish identity of https: Web sites!
PKI and identity management • PKI works best in hierarchical organizations of medium size • Nonetheless, it is the most common framework for authenticating the identity of Web sites • Some systems use PKI to authenticate down to the user-level • In practice, most Web sites use ordinary passwords, with sites authenticated using HTTPS (PKI) • There are ongoing problems with the operational integrity (and business motivations of) the some CA providers
HTTPS and TLS Warning: the protocol on the following slide is greatly simplified. Actual TLS has many crypto and PKI options, and uses a much more elaborate and robust setup protocol. This is close enough in spirit to give the general idea.
Transport Level Security (TLS and SSL) Tufts.edu CPU Memory Storage CPU Memory Storage I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Transport Level Security (TLS and SSL) Certificate from Tufts checked against cert hierarchy up to root Tufts.edu Connection setup Certificate from Tufts CPU Memory Storage CPU Memory Storage I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Transport Level Security (TLS and SSL) Problem:Public key encryption much too slow for bulk data transfer. Tufts.edu CPU Memory Storage CPU Memory Storage I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Transport Level Security (TLS and SSL) Solution:TLS/SSL use PKI to authenticate server (and optionally client) and to establish agreement on a private (symmetric) key used to encrypt actual session data. Tufts.edu CPU Memory Storage CPU Memory Storage Result: an authenticated, encrypted, high-performance connection.
Transport Level Security (TLS and SSL) Tufts.edu Connection setup Certificate from Tufts CPU Memory Storage CPU Memory Storage I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Web Server HTTPS: HTTP over TLS or SSL Browser E.g. Firefox E.g. Apache Many commercial applications work this way
Web Server HTTPS: HTTP over TLS or SSL Your browser keeps a list of root certs (Verisign, etc.)These companies control the verification of secure connections you make on the Web! E.g. Firefox E.g. Apache Many commercial applications work this way
Web Server HTTPS: HTTP over TLS or SSL If someone can get a bogus cert for google.com or microsoft.com, that’s a big deal! E.g. Firefox E.g. Apache Many commercial applications work this way
Web Server HTTPS: HTTP over TLS or SSL Some Cert Authorities (Cas) aren’t nearly careful enough in when issuing certs E.g. Firefox E.g. Apache Many commercial applications work this way
Web Server The Web itself is a 2 or 3 Tier system Browser Proxy Cache E.g. Firefox E.g. Squid E.g. Apache
Web Server The Web itself is a 2 or 3 Tier system Browser HTTP CONNECT header used to make proxy transparent to TLS…benefits of proxy are lost! E.g. Firefox E.g. Squid E.g. Apache
Web Server The Web itself is a 2 or 3 Tier system Browser A malicious proxy with a trusted cert can implement “man-in-the-middle” attacks E.g. Firefox E.g. Squid E.g. Apache
Storage and filesystem for data in the clear at source What must be trusted? EncryptionFunction Data Encrypted Data DecryptionFunction Data
Encryption software and OS on which it runs What must be trusted? EncryptionFunction Data Encrypted Data DecryptionFunction Data
The compiler and linker used to build the OS & encryption(per K. Thompson) What must be trusted? EncryptionFunction Data Encrypted Data DecryptionFunction Data
Key store at source What must be trusted? EncryptionFunction Data Encrypted Data DecryptionFunction Data
The CPU, device HW and microcode used to run the system What must be trusted? EncryptionFunction Data Encrypted Data DecryptionFunction Data
All the equivalent at the receiver What must be trusted? EncryptionFunction Data Encrypted Data DecryptionFunction Data
Trust is a key system design issue • Always consider: what/who is being trusted? • What is the consequence if trust is misplaced? • Can we tell if trust is misplaced • Reflections on Trusting Trust tells us “it’s at best really hard to be sure” • Can we change our minds (revoke trust)? • Watch for: • Any place where information is stored “in the clear” • Any place where “capabilities” are stored or given out • Note that keys are a kind of capability
Some actual attacks that have worked • Freezing (I.e. chilling) RAM chips to retain data after power down • Timing attack: SSH passwored cracking facilitated by keystroke timing • Timing attack: SSL private keys revealed!! • Demonstrated on production Web servers* • Rootkits, bootkits & VM attacks * SSL timing paper: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Sector Operating Systems and Virtual Machines Sector Block Device Driver Raw Device Driver Application TTY Driver Filesystem In-memory BlockCache Unix Kernel
Sector Operating Systems and Virtual Machines Disk virtualization Display Virtualization Unix Kernel Network virtualization Memory virtualization Virtual Machine “Hypervisor”
Sector Operating Systems and Virtual Machines Sector Block Device Driver Raw Device Driver In-memory BlockCache Application TTY Driver Filesystem Unix Kernel Disk virtualization Display Virtualization Virtual Machine “Hypervisor” Network virtualization Memory virtualization
Sector Operating Systems and Virtual Machines Application TTY Driver Filesystem Sector Sector Block Device Driver Block Device Driver Raw Device Driver Raw Device Driver Unix Kernel In-memory BlockCache In-memory BlockCache Application TTY Driver Filesystem Unix Kernel Disk virtualization Display Virtualization Virtual Machine “Hypervisor” Network virtualization Memory virtualization
Sector Operating Systems and Virtual Machines The Virtual Machine “Hypervisor”provides the illusion of a complete CPU + memory +I/O to each virtual machine Application TTY Driver Filesystem Sector Sector Block Device Driver Block Device Driver Raw Device Driver Raw Device Driver Unix Kernel In-memory BlockCache In-memory BlockCache Application TTY Driver Filesystem Unix Kernel Disk virtualization Display Virtualization Virtual Machine “Hypervisor” Network virtualization Memory virtualization
Sector Virtual Machines and Trust The Hypervisor has access to all resources of the VM’s, including RAM, disk, running program images, etc. … Experimental exploits have been implemented as hypervisors Application TTY Driver Filesystem Sector Sector Block Device Driver Block Device Driver Raw Device Driver Raw Device Driver Unix Kernel In-memory BlockCache In-memory BlockCache Application TTY Driver Filesystem Unix Kernel Disk virtualization Display Virtualization Virtual Machine “Hypervisor” Network virtualization Memory virtualization
Sector Operating Systems and Virtual Machines Timing attacks have been attempted across VMs. Application TTY Driver Filesystem Sector Sector Block Device Driver Block Device Driver Raw Device Driver Raw Device Driver Unix Kernel In-memory BlockCache In-memory BlockCache Application TTY Driver Filesystem Unix Kernel Disk virtualization Display Virtualization Virtual Machine “Hypervisor” Network virtualization Memory virtualization
Summary • Typical security mechanisms are build on core technologies like simple encryption & PKI • Those are just building blocks: security must be considered in all aspects of system design • Abstractions leak: (computation can be timed, etc.) • Many vulnerabilities are operational, not technical • There are serious vulernabilities in the Interent infrastructure and the Web – it’s not entirely clear how severe the consequences will be