introduction to computer security - cse at...
Post on 10-Mar-2018
228 Views
Preview:
TRANSCRIPT
Introduction to Computer Security
Instructor: Mahadevan Gomathisankaran
mgomathi@unt.edu
CSCE 4550/5550, Fall 2009 Recap I 1
Syllabus
• What do we learn in this course ?– common security terminology, threats,
vulnerabilities, and security design principles.– basic cryptography concepts, and specific
commonly used algorithms and protocols.– basic network security issues and controls.
CSCE 4550/5550, Fall 2009 Recap I 2
Syllabus
• What do we learn in this course ?– common program vulnerabilities, and secure
programming techniques.– security models, including Bell-La Padula
(MLS), Biba, and Chinese Wall security.
– administrative issues in security, such as planning, security policies, and risk analysis.
CSCE 4550/5550, Fall 2009 Recap I 3
Syllabus
• What do we learn in this course ?– hands-on experience in using common security
tools, such as firewalls, intrusion detection systems and scanning.
CSCE 4550/5550, Fall 2009 Recap I 4
Basic Goals• Confidentiality
– Concealment of Information or Resources– Information only available to authorized parties
• Integrity– Information is precise, accurate, – Modified
• In acceptable ways• By acceptable People• Using appropriate process
– Internally Consistent – Meaningful, and usable– Data integrity and Origin Integrity
• Availability– Services provide timely response, fair allocation of resources,
quality of service
CSCE 4550/5550, Fall 2009 Recap I 5
Extended Goals
• Information Assurance– Authentication
• Establishing the validity of a transmission, message, or originator (including verifying the identity of a participant)
– Non-repudiation • Messages or actions are accompanied by proof which
cannot be denied
CSCE 4550/5550, Fall 2009 Recap I 6
Terminology
• Threat– A set of circumstances that has the potential to
cause loss or harm (Textbook)• Interception, Interruption, Modification and
Fabrication
– Potential violation of security (Matt Bishop)• Disclosure, Disruption, Usurpation and Deception
– Examples:• Snooping -> interception• Spoofing -> deception and usurpation
CSCE 4550/5550, Fall 2009 Recap I 7
Terminology• System Susceptibility
– The capacity of a system to be affected by a threat• Access to the flaw
– The ability of a threat to gain access to a system, either physically or logically (e.g. over the network)
• Capability to exploit the flaw– The ability of the threat to employ the knowledge and
tools necessary to exploit the system to achieve the desired goal
• Vulnerability– intersection of a system susceptibility or flaw, access to
the flaw, and the capability to exploit the flaw– A weakness in the security system
CSCE 4550/5550, Fall 2009 Recap I 8
Terminology
• Control– A protective measure to reduce or remove
vulnerability– An action, device, procedure or technique
• A threat is blocked by control of a vulnerability
• Attack– An act of violation of the security using the
vulnerabilities
CSCE 4550/5550, Fall 2009 Recap I 9
Terminology
• Trojan Horse– A trojan horse is a part of the program that
otherwise conforms to the security policy
• Trapdoor– A feature built into a program/process such
that the provision of specific input data allows it overcome the security policy
– Read: Reflections on Trusting Trust by Ken Thompsum
CSCE 4550/5550, Fall 2009 Recap I 10
Terminology
• Virus– A virus is a program that when executed
operates entirely within the security policy– Uses trojan horse to attach itself
• Worm– A program that migrates from one Comp. Env.
To another– Good worms: distribute software, propagate
bug fixes, etc.– Bad Worms: carry viruses
CSCE 4550/5550, Fall 2009 Recap I 11
Terminology
• Overt channel– Communication channel that is used in the way
it is intended to use
• Covert Channel– Mechanism for two processes to communicate
in violation of security policy• Storage Channel• Timing Channel
CSCE 4550/5550, Fall 2009 Recap I 12
Cryptosystem
CSCE 4550/5550, Fall 2009 Recap I 13
Alice Bob
ChannelM
Message
MC=E(kA,M)
ciphertext
E(kA,M)
Alice’skey
kA
(plaintext)
EncryptionFunction
D(kB,C)kB
Bob’skeyDecryption
Function
Cryptanalysis
• Analyzing algorithms and encrypted text with the objective of breaking the encryption
• Some goals:– Break a message (“Instance deduction”)– Recognize patterns– Deduce key (break subsequent messages)– Infer meaning from ciphertext traffic (“traffic
analysis”)– Find weakness in implementation– Find weaknesses in algorithm
• All is fair in “cryptanalysis”
CSCE 4550/5550, Fall 2009 Recap I 14
Cryptanalysis
• Ciphertext only attack– Given: E; D; C1, C2, … Cn– Required: K; or P1, P2, … Pn; or Pn+1 from Cn+1
• Known plaintext attack– Given: E; D; Pi,Ci;– Required: K; or Pn+1 from Cn+1
• Chosen plaintext attack– Given: E; D; Pi,Ci;
• Cryptanalyst chooses Pi– Required: K; or Pn+1 from Cn+1
CSCE 4550/5550, Fall 2009 Recap I 15
Cryptanalysis
• Adaptive chosen plaintext– The plaintexts are chosen adaptively based on
the encryption algorithm– Incremental information buildup
• Chosen ciphertext attack– Inverse of chosen plaintext attack– Useful for public key encryptions
• Rubber-hose attack– Non-technical– Social engineering
CSCE 4550/5550, Fall 2009 Recap I 16
Cryptanalysis
• Base attack– Brute Force attack
• Search for every possible key
– All the other cryptanalytic attacks are measured against this attack
CSCE 4550/5550, Fall 2009 Recap I 17
Cryptosystem Principles
• Shanon (Communication Theory of Secrecy Systems, published in 1949)– Confusion: making the relationship between
the key and the ciphertext as complex and involved as possible
– Diffusion: the property that the redundancy in the statistics of the plaintext is "dissipated" in the statistics of the ciphertext
CSCE 4550/5550, Fall 2009 Recap I 18
Encryption Types
CSCE 4550/5550, Fall 2009 Recap I 19
Encryption
Classical Modern
Substitution Transposition Symmetric Asymmetric
Stream Block
Cryptographic Primitives• Cipher
– Goal: Protect confidentiality– Symmetric: Sender and receiver need a shared secret– Asymmetric: Only the receiver needs secret, anyone can send
• Digital Signature– Goal: Validate sender (authentication and non-repudiation)– Asymmetric only: Signer knows secret, anyone can verify
• Cryptographic Hash– Goal: Identify big data with a short digest (“fingerprint” or “digest”)– Anyone can compute – no secrets
• Message Authentication Code (MAC)– Hash function with a secret key– Almost like a symmetric cryptography signature
CSCE 4550/5550, Fall 2009 Recap I 20
Cipher Mode
• Cipher + Feedback + Additional Operations– Security is based on the cipher– Operations should not violate the security
• Objectives– Increase the Message size– Increase the Key size– Improve the Security
CSCE 4550/5550, Fall 2009 Recap I 21
Feistel Cipher
• Principle– Designing stronger ‘pseudo-random permutation’
function from weaker ‘pseudo-random’ function
CSCE 4550/5550, Fall 2009 Recap I 22
F F
Round 1 Round 2
Plai
n te
xt
Cip
her t
ext
Round n (no swap)
K0 K1
Differential Cryptanalysis
• How difference at the Input affects the difference at the output
• Analyze the S-boxes for high probability differential pairs– Chosen plaintext
• Provide high probability differential input to the Cipher
• Partially decrypt the last round to predict the key bits
CSCE 4550/5550, Fall 2009 Recap I 23
Linear Cryptanalysis
• Find high probability linear relationships between P, C and K
– Construct for S-boxes– Construct for the Cipher (Pilling up Lemma)
• Partially decrypt the last round to predict key bits
CSCE 4550/5550, Fall 2009 Recap I 24
Stream Ciphers
• Encrypts the message in a bitwise manner– A seed (K) and a Pseudo Random Number Generator
(PRNG) is used to create a (pseudo) random key stream– Bitwise operations, e.g. shift registers, XOR, etc.
CSCE 4550/5550, Fall 2009 Recap I 25
Key StreamGenerator
Seed (Key)
Plaintext Ciphertext
Stream Ciphers
• Synchronous – FB does not involve Plaintext or Ciphertext
• Self Synchronizing– FB uses ‘previous N ciphertext bits’– Example: CFB
CSCE 4550/5550, Fall 2009 Recap I 26
Asymmetric Ciphers• Idea due to Diffie and Hellman in 1976
– Maybe not the first! British declassified documents showing they were using this in the early 1970’s!
• Different encryption and decryption keys– Decryption key difficult to compute from encryption key– Relationship between keys depends on secret knowledge
(“trapdoor”) known only to key generator– Public key can be widely published
• Security based on some explicitly-stated mathematical problem which is assumed hard (NP-Complete)– Note: Like all crypto, based on assumptions!
CSCE 4550/5550, Fall 2009 Recap I 27
Network Protocols
• A network protocol provides syntactic and semantic rules for communication.– Often defined in terms of state machines– Standards allow service-based interoperability
• Internet RFCs (TCP/IP, DNS, …)• IEEE standards (Ethernet, etc.)
• Protocols can be in hardware or software– Ethernet access protocol often in hardware– HTTP and other high-level usually in software
CSCE 4550/5550, Fall 2009 Recap I 28
Network Layers
CSCE 4550/5550, Fall 2009 Recap I 29
• Layered Model:– Each layer uses only the layer directly below it– Benefit: Different issues to address at different levels of abstraction
OSI Model
Data Unit Layer Function Example (Internet)
Host Layers
Data
7. Application Network process to application HTTP, FTP, SMTP (E-mail)…
6. Presentation Data representation and encryption
5. Session Interhost communication
Segment 4. Transport End-to-end connections and reliability
TCP, UDP
Media Layers
Packet 3. Network Path determination and logical addressing
IP (Internet Protocol)
Frame 2. Data Link Physical addressing Transmission media (ethernet, token ring, …)Bit 1. Physical Media, signal and binary
transmission
IPv4 Packet
CSCE 4550/5550, Fall 2009 Recap I 31
0 3 4 7 8 15 16 31
Vers: 4 IHL ToS Total LengthID (for fragmentation) Flags Fragment Offset
TTL Protocol Header ChecksumIP Source Address
IP Destination Address
Options (usually empty)
Data
Network Topology• Overlay Networks
– built on top of another network– Examples:
• Peer-to-peer networking (Distributed Hash Tables)• Tor – Anonymity Network
• Point to Point Protocol (PPP)– Link Layer Protocol– Standard used for dial-up connections– One host on each side of a link– For sending network packets over serial connections– Really a family of protocols:
• LCP (Link Control Protocol) for negotiating link parameters• NCP (Network Control Protocol) parameters for network layer• HDLP (High-level Data Link Control): link layer protocol
CSCE 4550/5550, Fall 2009 Recap I 32
Network Layer Attacks
• Attack type 1: Field Tampering– Put invalid data in fields– Example 1: Ping of Death
• “Too large” ping packet crashes machine
– Example 2: LAND Attack• Specially crafted packet with both source and destination
set to victim address, with fields that make machine lock up
– Example 3: Jolt Attack (and Teardrop)• Invalid fragmentation of packets that destination can’t
reassemble, so machine freezes waiting for more
CSCE 4550/5550, Fall 2009 Recap I 33
Network Layer Attacks
• Type 2: Spoof the fields– Smurf Attack
CSCE 4550/5550, Fall 2009 Recap I 34
Attacker24.3.29.123
Intermediary123.45.67.89
Victim209.12.17.35
Fake ping packetwith src 209.12.17.35and dest 123.45.67.89 Ping response to
Victim
Network Layer Attacks
• Smurf (DoS Amplification)
CSCE 4550/5550, Fall 2009 Recap I 35
Attacker24.3.29.123
Intermediaries123.45.67.1123.45.67.2123.45.67.3…
Victim209.12.17.35
Fake ping packetwith src 209.12.17.35and dest 123.45.67.255 Many (up to 254) ping
responses to Victim
IP Spoofing
• Counter Measures– Ingress Filtering
• blocking of packets from outside the network with a source address inside the network
• Doesn’t work if intermediary inside border!
– Egress filtering• blocking of packets from inside the network with a
source address that is not inside• Only let out packets with appropriate source addrs
CSCE 4550/5550, Fall 2009 Recap I 36
Network Layer Attacks• Fragmentation: Breaking up long IP packets to fit in a
particular type of low-level link– Example: Slow PPP might use maximum packet length of ≈500 bytes for
responsiveness vs. typical Ethernet length 1468 bytes
• Security issues:– Using fragmentation to avoid an Intrusion Detection System
• Break up a “signature” into multiple fragments• How are overlapping packets re-assembled?
CSCE 4550/5550, Fall 2009 Recap I 37
Transport Layer
• TCP– TCP adds “sessions” or “connections” to the bare IP protocol
CSCE 4550/5550, Fall 2009 Recap I 38
0 7 8 15 16 23 24 31
Source Port Destination PortSequence Number
Acknowledgment NumberData Offset Flags Window
Checksum Urgent PointerOptions
Data
CWR: Congestion window reduced URG: Urgent ptr valid RST: Reset flag
ECN: Explicit congestion notification ACK: ACK valid SYN: Synchronize seq #s
PSH: Push function FIN: Finish of connection
Flags:
TCP Handshake
• Connection Establishment– To establish connection, client must prove that it received the SYN|ACK packet– SYN|ACK packet routed to system with source address from first SYN packet
• Since based on routing, only secure back to the subnet of the source
CSCE 4550/5550, Fall 2009 Recap I 39
Client Server
(SYN, C-Seq, 0)
(SYN|ACK, S-Seq, C-Seq+1)
(ACK, C-Seq+1, S-Seq+1)
(Flags, Seq#, Ack#)
Transport Layer Security• Originally designed to protect web browser to web server
– Invented by Netscape– Generic TCP protection– Authentication: Supports server and client certificates– Confidentiality: Symmetric encryption after key establishment– Integrity: All packets protected with a MAC
• Later versions (SSL v2.1) referred to as TLS– TLS incorporated within application-layer protocols now in
addition to in a sub-application layer• Example 1: IMAP (mail) can be either a separate SSL protected
service/port (imaps: port 993) or negoatiated after plaintext startup in standard IMAP (port 143)
• Example 2: LDAP with similar options (ldap is port 389, ldaps is port 636)
CSCE 4550/5550, Fall 2009 Recap I 40
Firewall
• Designed to forward some packets and filter (not forward) others. – Packet Filter– Application Gateway– Circuit Gateway
CSCE 4550/5550, Fall 2009 Recap I 41
Internet Internal network(s)
Firewall
Outgoing Incoming
IP Tables
CSCE 4550/5550, Fall 2009 Recap I 42
Chain FORWARD (policy DROP)target prot opt source destination
Chain INPUT (policy DROP)target prot opt in out source destination ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHEDACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHEDACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED tcp spt:20ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)target prot opt source destinationChain
Accept incoming sshconnections.
Special case for ftp
ESTABLISHED connectionsare either initiated locally oraccepted through one of thefollowing rules.
All loopback (local) connectionsand control messages are OK.
“Policy” applies to all packetsnot explicitly handled by a rule(so this is “default deny”).
Chains for different packetsources/destinations.
Intrusion Detection Systems
• Categorization by location:– Host-based Intrusion Detection Systems (HIDS)
• Many just watch system/audit logs for suspicious activity• Some with more sophisticated monitoring (pH: monitors
system calls)
– Network-based Intrusion Detection Systems (NIDS)
• Watches all traffic at a certain point (can use a tap)• If just external access point, can miss insider attacks!• On switched networks: Use a “spanning port”• Difficulties with encrypted traffic
CSCE 4550/5550, Fall 2009 Recap I 43
Intrusion Detection Systems• Categorization by type:
– Signature-based• Monitors traffic for known suspicious patterns• Advantages: Fast, few false positives• Drawbacks: Can’t detect novel attacks, must prioritize warnings• Keeping signatures up-to-date leads to subscription services
– Anomaly-based• Tries to learn “typical activity” and flag anomalies• Anything unusual (including novel attacks) can be caught• Drawbacks: Slow and atypical behavior doesn’t necessarily mean bad
behavior (too many false positives)
– Snort and most commercial IDSs are signature-based (sometimes with simple anomaly-based extensions)
CSCE 4550/5550, Fall 2009 Recap I 44
top related