![Page 1: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/1.jpg)
Security Overview
![Page 2: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/2.jpg)
Security Objectives
Confidentiality: prevent/detect/deter improper disclosure of information
Integrity: prevent/detect/deter improper modification of information
Availability: prevent/detect/deter improper denial of access to services
2Farkas CSCE 824
![Page 3: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/3.jpg)
Distributed applications
Authenticity Non-repudiation
CSCE 824 3Farkas
![Page 4: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/4.jpg)
Sample Questions
What is the trade off between the security objectives?
Give an example of the security objectives in the domain of college education.
Consider the trend about attack sophistication and intruder’s knowledge. Recommend an approach to enhance the security of future computing systems.
4Farkas CSCE 824
![Page 5: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/5.jpg)
Achieving Security
PolicyWhat to protect?
MechanismHow to protect?
AssuranceHow good is the protection?
5Farkas CSCE 824
![Page 6: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/6.jpg)
Security Policy
Organizational Policy
Computerized Information SystemPolicy
6Farkas CSCE 824
![Page 7: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/7.jpg)
Sample Questions Why do we need to fit the security policy into the
organizational policy? Why is it recommended to separate policy from
mechanism? What does “assurance” mean in the context of security? Give an example security policy enforced on your
personal computer/CSE computing system/CEC computing system and recommend security mechanism to implement the policy.
7Farkas CSCE 824
![Page 8: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/8.jpg)
Security Mechanism
Prevention Detection Tolerance/Recovery
8Farkas CSCE 824
![Page 9: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/9.jpg)
Security Tradeoffs
COST
Security Functionality
Ease of Use
9Farkas CSCE 824
![Page 10: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/10.jpg)
Threats, Attacks, Vulnerability, Risk
Types of threats Types of attacks Relation to security objectivesM(ethod), O(pportunity), and M(otive) of
attacksMethods of defense – Security planningRisk Management
10Farkas CSCE 824
![Page 11: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/11.jpg)
Risk Management Framework(Business Context)
Understand BusinessContext
Identify Business and Technical Risks
Synthesize and RankRisks
Define RiskMitigation Strategy
Carry Out Fixesand Validate
Measurement and Reporting
11Farkas CSCE 824
![Page 12: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/12.jpg)
Sample Questions
Give an example of vulnerability, threat, risk, and attack in the domain of …
What does it mean “weakest link” of defense? Recommend a way to increase computing
system’s security by incorporating security trade offs into the security planning.
Why do we need to understand the business context to have effective security?
12Farkas CSCE 824
![Page 13: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/13.jpg)
Cryptography
![Page 14: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/14.jpg)
Insecure communications
Sender
Snooper
Recipient
Insecure channelConfidential
![Page 15: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/15.jpg)
Cryptographic Protocols
Messages should be transmitted to destinationMessages should be transmitted to destination Only the recipient should see itOnly the recipient should see it Only the recipient should get itOnly the recipient should get it Proof of the sender’s identityProof of the sender’s identity Message shouldn’t be corrupted in transitMessage shouldn’t be corrupted in transit Message should be sent/received once onlyMessage should be sent/received once only
![Page 16: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/16.jpg)
Conventional (Secret Key) Cryptosystem
Encryption DecryptionPlaintext PlaintextCiphertext
K
Sender Recipient
C=E(K,M)M=D(K,C)
K needs secure channel
![Page 17: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/17.jpg)
Public Key Cryptosystem
Encryption DecryptionPlaintext PlaintextCiphertext
Sender Recipient
C=E(Kpub,M)M=D(Kpriv,C)
Recipient’s public Key (Kpub)
Recipient’s private Key (Kpriv)
Kpub needs reliable channel
![Page 18: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/18.jpg)
Cryptography Cryptanalyst’s goal:
Break messageBreak keyBreak algorithm
Taxonomy of attacks Breakable vs. unbreakable cryptographic system Properties of good cryptosystem.
![Page 19: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/19.jpg)
Cryptosystem Vulnerabilities
• Passive Attacker (Eavesdropper)• Active Attacker
• Capabilities
![Page 20: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/20.jpg)
Basic Encryption Techniques
Substitution Permutation Combinations and iterations of these Techniques and attacks ADVANTAGES/DISADVANTAGES!
![Page 21: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/21.jpg)
Inherent Weaknesses of Symmetric Cryptography
Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other)
Need a key for each pair of users n users need n*(n-1)/2 keys
If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages
![Page 22: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/22.jpg)
Product CiphersOne encryption applied to the result of the other
En(En-1(…(E1(M)))), e.g.,Double transpositionSubstitution followed by permutation, followed
by substitution, followed by permutation… Broken for
Chosen plaintext
22Farkas CSCE 824
![Page 23: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/23.jpg)
Trustworthy Encryption Systems
Based on sound mathematics Has been analyzed by experts Has stood the test of time
Examples: Data Encryption Standard (DES), Advanced Encryption Standard (AES), River-Shamir-Adelman (RSA)
![Page 24: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/24.jpg)
Public Key Encryption
24Farkas CSCE 824
![Page 25: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/25.jpg)
CSCE 522 - Farkas 25
Public-Key Encryption Two keys – one is private one is public Solves the key distribution problem (but need
reliable channel) Provides electronic signatures Slower than secret-key encryption
25Farkas CSCE 824
![Page 26: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/26.jpg)
CSCE 522 - Farkas 26Lecture 6
Public-Key Encryption
Needed for security:One of the keys must be kept secretImpossible (at least impractical) to decipher
message if no other information is availableKnowledge of algorithm, one of the keys, and
samples of ciphertext must be insufficient to determine the other key
26Farkas CSCE 824
![Page 27: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/27.jpg)
CSCE 522 - Farkas 27Lecture 6
RSA – NotationC = E(KE-B, M)M = D(KD-B,C)
KE-B: public key of BKD-B: private key of BE: encryption alg.D: decryption alg.M: plaintextC: ciphertext
27Farkas CSCE 824
![Page 28: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/28.jpg)
CSCE 522 - Farkas 28Lecture 6
RSA Both sender and receiver know n Sender knows e Only receiver knows d Modulus: Remainder after division, i.e., if a mod n=b then
a=c*n+b Need:
Find values e,d,n such that
Easy to calculate Me, Cd for all M < n Infeasible to determine d give e
Med mod n = M mod n
28Farkas CSCE 824
![Page 29: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/29.jpg)
CSCE 522 - Farkas 29Lecture 6
Signature and Encryption
D E D E
A B
Plaintext Plaintext
SignedPlaintext
SignedPlaintext
Encrypted Signed Plaintext
A’s private key
B’s public keyB’s private key
A’s public key
29Farkas CSCE 824
![Page 30: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/30.jpg)
CSCE 522 - Farkas 30Lecture 6
Non-repudiation Requires notarized signature, involving a third
party
Large system: hierarchies of notarization
30Farkas CSCE 824
![Page 31: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/31.jpg)
Cryptographic Hash Functions
31Farkas CSCE 824
![Page 32: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/32.jpg)
CSCE 522 - Farkas 32Lecture 8-9
Hash Functions
Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression)
Accidental or intentional change to the data will change the hash value
Given h and x, h(x) is easy to compute (ease of computation)
32Farkas CSCE 824
![Page 33: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/33.jpg)
CSCE 522 - Farkas 33Lecture 8-9
Good Hash Function
1. It is easy to compute the hash value for any given message
2. It is infeasible to find a message that has a given hash
3. It is infeasible to modify a message without changing its hash
4. It is infeasible to find two different messages with the same hash
33Farkas CSCE 824
![Page 34: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/34.jpg)
Cryptographic Protocols
34Farkas CSCE 824
![Page 35: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/35.jpg)
CSCE 522 - Farkas 35Lecture 6
ProtocolsGood protocol characteristics: Established in advance Mutually subscribed Unambiguous Complete
35Farkas CSCE 824
![Page 36: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/36.jpg)
CSCE 522 - Farkas 36Lecture 6
Symmetric-Key Distribution: Symmetric-Key Techniques
Symmetric-Key without Server Symmetric-Key with Server
36Farkas CSCE 824
![Page 37: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/37.jpg)
CSCE 522 - Farkas 37Lecture 6
Symmetric-Key Distribution: Public-Key Techniques
Simple secret key distribution Secret key distribution with confidentiality
and authentication Diffie-Hellman Key Exchange
37Farkas CSCE 824
![Page 38: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/38.jpg)
CSCE 522 - Farkas 38Lecture 6
Simple secret key distribution
Sender Recipient
1. KE-S ||ID-S
2. E KE-S(Ksession)
Vulnerable to active attack!HOW?
Public key of S
Secret Session key
38Farkas CSCE 824
![Page 39: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/39.jpg)
CSCE 522 - Farkas 39Lecture 6
With confidentiality and authentication
Sender Recipient
1. E KE-R[N1||ID-A]
2. E KE-S[N1||N2]
3. E KE-R[N2]
4. E KE-R E KD-S(Ksession)
Assume: KE-R and KE-S are known in advanceNonce
Question: Why do we need reliable distribution of public keys?
39Farkas CSCE 824
![Page 40: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/40.jpg)
CSCE 522 - Farkas 40Lecture 6
Intruder in the Middle Attack
John RoseIntruderHi Rose, I’m John.
Hi John, I’m Rose. Hi John, I’m Rose.
Hi Rose, I’m John.
Intruder and John Uses Diffie-HellmanTo agree on key K.
Intruder and RoseUses Diffie-HellmanTo agree on key K’.
Question: the attacker may want to have K and K’ be the same, Why?
40Farkas CSCE 824
![Page 41: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/41.jpg)
CSCE 522 - Farkas 41Lecture 6
Asymmetric-Key Exchange Without server
BroadcastingPublicly available directory
With serverPublic key distribution centerCertificates
41Farkas CSCE 824
![Page 42: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/42.jpg)
CSCE 522 - Farkas 42Lecture 6
Public-key certificates
Certificate Authority
Sender Recipient
KE-S
C-S=EKD-CAuth[Time1,ID-S,KE-S]
1. C-S
2. C-R
KE-R
CR=EKD-CAuth[Time2,ID-R,KE-R]
42Farkas CSCE 824
![Page 43: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/43.jpg)
CSCE 522 - Farkas 43Lecture 6
Certificates
Guarantees the validity of the information Establishing trust Public key and user identity are bound
together, then signed by someone trusted Need: digital signature
43Farkas CSCE 824
![Page 44: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/44.jpg)
CSCE 522 - Farkas 44Lecture 6
Digital Signature Need the same effect as a real signature
Un-forgeableAuthenticNon-alterableNot reusable
44Farkas CSCE 824
![Page 45: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/45.jpg)
CSCE 522 - Farkas 45Lecture 6
Digital signature
Direct digital signature: public-key cryptography based
Arbitrated digital signature:Conventional encryption:
Arbiter sees message Arbiter does not see message
Public-key based Arbiter does not see message
45Farkas CSCE 824
![Page 46: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/46.jpg)
Identification and Authentication
46Farkas CSCE 824
![Page 47: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/47.jpg)
Authentication Allows an entity (a user or a system) to prove
its identity to another entity Typically, the entity whose identity is verified
reveals knowledge of some secret S to the verifier
Strong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier
![Page 48: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/48.jpg)
Authentication Information
Must be securely maintained by the system.
![Page 49: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/49.jpg)
Authentication Requirements Network must ensure
Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages
Network must ensure data source is the one claimed
Authentication generally follows identification Establish validity of claimed identity Provide protection against fraudulent transactions
![Page 50: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/50.jpg)
User Authentication What the user knows
Password, personal information What the user possesses
Physical key, ticket, passport, token, smart card
What the user is (biometrics)Fingerprints, voiceprint, signature dynamics
![Page 51: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/51.jpg)
Passwords Commonly used method For each user, system stores (user name,
F(password)), where F is some transformation (e.g., one-way hash) in a password file F(password) is easy to compute From F(password), password is difficult to compute Password is not stored in the system
When user enters the password, system computes F(password); match provides proof of identity
![Page 52: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/52.jpg)
Vulnerabilities of Passwords Inherent vulnerabilities
Easy to guess or snoop No control on sharing
Practical vulnerabilities Visible if unencrypted in distributed and network
environment Susceptible for replay attacks if encrypted naively
Password advantage Easy to modify compromised password.
![Page 53: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/53.jpg)
Attacks on Password Guessing attack/dictionary attack Social Engineering Sniffing Trojan login Van Eck sniffing
![Page 54: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/54.jpg)
One-time Password
Use the password exactly once!
![Page 55: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/55.jpg)
Lamport’s scheme Doesn’t require any special hardware System computes F(x),F2(x),…, F100(x) (this allows
100 logins before password change) System stores user’s name and F100(x) User supplies F99(x) the first time If the login is correct, system replaces F100(x) with
F99(x) Next login: user supplies F98(x) … and so on User calculates Fn(x) using a hand-held calculator,
a workstation, or other devices
![Page 56: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/56.jpg)
Time Synchronized
Secret key
Time
One Time Password
DES
56Farkas CSCE 824
![Page 57: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/57.jpg)
Challenge Response
Work station Host
Network
• Non-repeating challenges from the host is used• The device requires a keypad
User IDChallengeResponse
57Farkas CSCE 824
![Page 58: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/58.jpg)
Access Control
58Farkas CSCE 824
![Page 59: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/59.jpg)
Access Control Protection objects: system resources for which
protection is desirable Memory, file, directory, hardware resource, software
resources, etc. Subjects: active entities requesting accesses to
resources User, owner, program, etc.
Access mode: type of access Read, write, execute
![Page 60: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/60.jpg)
Access Control Requirement Cannot be bypassed Enforce least-privilege and need-to-know
restrictions Enforce organizational policy
![Page 61: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/61.jpg)
Access ControlAccess Control
Access control: ensures that all direct accesses to object are authorized
Protects against accidental and malicious threats by regulating the reading, writing and execution of data and programs
Need:– Proper user identification and authentication– Information specifying the access rights is protected form
modification
61Farkas CSCE 824
![Page 62: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/62.jpg)
Access ControlAccess Control
Access control components:– Access control policy: specifies the authorized accesses of a
system– Access control mechanism: implements and enforces the policy
Separation of components allows to:– Define access requirements independently from implementation– Compare different policies– Implement mechanisms that can enforce a wide range of policies
62Farkas CSCE 824
![Page 63: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/63.jpg)
Closed vs. Open SystemsClosed vs. Open SystemsClosed system Open System
Access requ. Access requ.
Exists Rule? Exists Rule?
Access permitted
Access denied
Access denied
Access permitted
Allowed accesses
Disallowed accesses
yes no yesno
(minimum privilege) (maximum privilege)
63Farkas CSCE 824
![Page 64: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/64.jpg)
Access Control ModelsAll accesses
Discretionary AC
Mandatory AC Role-Based AC
64Farkas CSCE 824
![Page 65: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/65.jpg)
Discretionary Access Control Access control is based on
User’s identity and Access control rules
Most common administration: owner basedUsers can protect what they ownOwner may grant access to othersOwner may define the type of access given to
others
![Page 66: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/66.jpg)
Access Matrix Model
ReadWriteOwn
Read
ReadWriteOwn
OBJECTS AND SUBJECTS
SUBJECTS
Joe
Sam
File 1 File 2
66Farkas CSCE 824
![Page 67: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/67.jpg)
Grant and RevokeGRANT <privilege> ON <relation>To <user>[WITH GRANT OPTION]------------------------------------------------------------------------------------------------------------------------------------
GRANT SELECT * ON Student TO Matthews GRANT SELECT *, UPDATE(GRADE) ON Student TO
FARKAS GRANT SELECT(NAME) ON Student TO Brown
GRANT command applies to base relations as well as views
![Page 68: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/68.jpg)
Grant and RevokeREVOKE <privileges> [ON <relation>]FROM <user>-------------------------------------------------------------------------------------------------------------------------
REVOKE SELECT* ON Student FROM Blue REVOKE UPDATE ON Student FROM Black REVOKE SELECT(NAME) ON Student FROM Brown
![Page 69: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/69.jpg)
Non-cascading Revoke
A
B
C
D
E
F
A
B
C
A revokes D’s privileges
E
F
69Farkas CSCE 824
![Page 70: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/70.jpg)
Cascading Revoke
A
B
C
D
E
F
A
B
C
A revokes D’s privileges
70Farkas CSCE 824
![Page 71: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/71.jpg)
Positive and Negative Authorization
Problem:Contradictory authorizations• GRANT <privilege> ON X TO <user>• DENY <privilege> ON X TO <user>
A
B
C
E
D
+
-
+
-
71Farkas CSCE 824
![Page 72: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/72.jpg)
Negative Authorization
A
B
C
E
D
+
-
+
-
-
Positive authorization granted By A to D becomes blocked but NOT deleted.
72Farkas CSCE 824
![Page 73: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/73.jpg)
DAC and Trojan Horse
Employee
Black’s Employee
Brown: read, write
Black, Brown: read, writeBrown
Black
Read Employee
REJECTED!Black is not allowed To access Employee
73Farkas CSCE 824
![Page 74: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/74.jpg)
DAC and Trojan Horse
Employee
Black’s Employee
Brown: read, write
Black, Brown: read, writeBrown
Black
Word Processor
THInserts Trojan HorseInto shared program
Uses shared program Reads Employee
CopiesEmployeeTo Black’sEmployee
74Farkas CSCE 824
![Page 75: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/75.jpg)
DAC Overview Advantages:
IntuitiveEasy to implement
Disadvantages: Inherent vulnerability (look TH example)Maintenance of ACL or Capability listsMaintenance of Grant/RevokeLimited power of negative authorization
![Page 76: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/76.jpg)
Mandatory Access Control
Objects: security classification e.g., grades=(confidential, {student-info})Subjects: security clearancese.g., Joe=(confidential, {student-info})Access rules: defined by comparing the security classification of the requested objects with the security clearance of the subject e.g., subject can read object only if label(subject) dominates label(object)
76Farkas CSCE 824
![Page 77: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/77.jpg)
Mandatory Access Control
If access control rules are satisfied, access is permittede.g., Joe wants to read grades.label(Joe)=(confidential,{student-info})label(grades)=(confidential,{student-info})Joe is permitted to read grades
Granularity of access rights!
77Farkas CSCE 824
![Page 78: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/78.jpg)
Mandatory Access ControlSecurity Classes (labels): (A,C)
A – total order authority level C – set of categories
e.g., A = confidential > public , C = {student-info, dept-info}
(confidential,{ })
(confidential,{dept-info})
(confidential,{student-info,dept-info})
(confidential,{student-info})
(public,{student-info,dept-info})(public,{,dept-info})
(public,{ })
(public,{student-info})
78Farkas CSCE 824
![Page 79: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/79.jpg)
Mandatory Access Control
Dominance (): label l=(A,C) dominates l’=(A’,C’) iff A A’ and C C’
e.g., (confidential,{student-info}) (public,{student-info})BUT
(confidential, {student-info}) (public,{student-info, department-info})
79Farkas CSCE 824
![Page 80: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/80.jpg)
Bell- LaPadula (BLP) Model
Confidentiality protection Lattice-based access control
SubjectsObjectsSecurity labels
Supports decentralized administration
80Farkas CSCE 824
![Page 81: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/81.jpg)
BLP Reference Monitor
All accesses are controlled by the reference monitor
Cannot be bypassed Access is allowed iff the resulting system
state satisfies all security properties Trusted subjects: subjects trusted not to
compromise security
81Farkas CSCE 824
![Page 82: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/82.jpg)
BLP Axioms 1.
Simple-security property: a subject s is allowed to read an object o only if the security label of s dominates the security label of oNo read upApplies to all subjects
82Farkas CSCE 824
![Page 83: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/83.jpg)
*-property: a subject s is allowed to write an object o only if the security label of o dominates the security label of s
No write downApplies to un-trusted subjects only
BLP Axioms 2.
83Farkas CSCE 824
![Page 84: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/84.jpg)
Blind Writes
Improper modification of data Most implementations disallow blind writes
84Farkas CSCE 824
![Page 85: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/85.jpg)
Trojan Horse and BLP
Employee
Black’s Employee
Brown: read, write
Black, Brown: read, writeBrown
Black
Word Processor
TH
Insert Trojan HorseInto shared program
Use shared program ReadEmployee
CopyEmployeeTo Black’sEmployee
Secret
Public
Secret PublicPublic
Secret
Reference Monitor
85Farkas CSCE 824
![Page 86: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/86.jpg)
RBAC Motivation
Multi-user systems Multi-application systems Permissions are associated with roles Role-permission assignments are persistent v.s.
user-permission assignments Intuitive: competency, authority and
responsibility
![Page 87: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/87.jpg)
RBAC
Allows to express security requirements but CANNOT ENFORCE THESE PRINCIPLES
e.g., RBAC can be configured to enforce BLP rules but its correctness depend on the configuration done by the system security officer.
![Page 88: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/88.jpg)
Roles
User group: collection of user with possibly different permissions
Role: mediator between collection of users and collection of permissions
RBAC independent from DAC and MAC (they may coexist)
RBAC is policy neutral: configuration of RBAC determines the policy to be enforced
![Page 89: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/89.jpg)
RBAC
RBAC3 consolidated model
RBAC1
role hierarchy RBAC2
constraints
RBAC0 base model
89Farkas CSCE 824
![Page 90: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/90.jpg)
RBAC0
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
90Farkas CSCE 824
![Page 91: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/91.jpg)
RBAC1
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
Role Hierarchy
91Farkas CSCE 824
![Page 92: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/92.jpg)
RBAC1
Role Hierarchy
Primary-care Physician
Physician
Specialist Physician
Health-care provider
Inheritanceof
privileges
92Farkas CSCE 824
![Page 93: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/93.jpg)
RBAC2
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
Constraints
93Farkas CSCE 824
![Page 94: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/94.jpg)
RBAC3
.
.
UUsers
RRoles
PPermissions
. SSessions
User assignment
Permissionassignment
Constraints
94Farkas CSCE 824
![Page 95: Security Overview. Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper](https://reader033.vdocument.in/reader033/viewer/2022050813/5a4d1b717f8b9ab0599b5450/html5/thumbnails/95.jpg)
Next Class
Information Warfare
Farkas CSCE 824 95