introduction
TRANSCRIPT
IS 302: Information Security and TrustWeek 1: Introduction to IST, Security, and
Networks
2010
© Yingjiu Li 2005 2
Introduction to IST
© Yingjiu Li 2005 3
Course Objectives• Security challenges and solutions for a company
SEC
– Financial reports, payroll, business secrets, login database
– Alice, Bob, Mallory
– Concepts, models, algorithms, protocols
– Requirements, constraints, tradeoffs, applications
© Yingjiu Li 2005 4
Course Prerequisite
1. Being familiar with at least one programming language (e.g., Java)
2. Basic knowledge about discrete mathematics, networks, and databases
© Yingjiu Li 2005 5
Basic Modules
Background and Basic Concepts (1 week)Background and Basic Concepts (1 week)
Applied Cryptography
(4 weeks)
Applied Cryptography
(4 weeks)
NW Security(3 weeks)
NW Security(3 weeks)
Access Control(1 week)
Access Control(1 week)
Quiz, invited talk, & project present. (3 week)Quiz, invited talk, & project present. (3 week)
Security in Computing: International EditionAuthor: Charles P. Pfleeger
Shari Lawrence Pfleeger
Edition: 4th edition
ISBN: 9780136012962
Information Security & Trust
Available in your school bookshop!
© Yingjiu Li 2005 7
Course Material
• Teaching material is available at
http://www.mysmu.edu/faculty/yjli/
• Communication in SMU emails– Please make sure that your SMU email is open
and not full. – Please check your SMU emails daily
© Yingjiu Li 2005 8
Grading• Individual Assignment (10%)
– Assignment 1(week 3)– Assignment 2 (week 10)
• Group Project (25%)– Draft due in week 9 (Friday)– Presentation in weeks 12 and 13 (10%)– Final report due in week 14 (15%)
• Midterm Quiz (15%; week 7) • Final Exam (40%; week 15)
– SMU final exam policy: Students are not allowed to reschedule their examination or request for special arrangements of the examination from instructors.
• Participation (10%; subjective)
© Yingjiu Li 2005 9
Policies• Honor code
– No plagiarism or cheating (SMU Code of Student Conduct)
• Due time (assignments, project, quiz, exam)– Strictly enforced
– Points (~10%) deducted for late turn-in
• Excuses– No excuse for project, midterm quiz, and final exam
– Must be approved by the lecturer in other cases
© Yingjiu Li 2005 10
Contact Information• Yingjiu Li
– Phone: 6828 0913– Office: 80-04-049– [email protected] – http://www.mysmu.edu/faculty/yjli/
• TA– Mayank Agarwal ([email protected]) for
G5, G6– Zheng Kaiwen ([email protected]) for
G4, G5– Qiang Yan ([email protected]) for G4,
G6
© Yingjiu Li 2005 11
Basic Security Concepts
© Yingjiu Li 2005 12
What is information
security?
© Yingjiu Li 2005 13
Classical Security Objectives
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
© Yingjiu Li 2005 14
Classical Security Objectives
• Confidentiality (secrecy, privacy)– Information is not exposed to unauthorized
parties.
• Integrity– Information is not modified by unauthorized
parties.
• Availability– Information can be accessed by authorized
parties at proper time.
© Yingjiu Li 2005 R. Sandhu 15
The Fourth Objective
INTEGRITYmodification
AVAILABILITYaccess
CONFIDENTIALITYdisclosure
USAGEmisuse
• electronic commerce, electronic business• DRM, client-side controls
© Yingjiu Li 2005 16
Discussions
• Google and Microsoft plans for online personal health records– http://www.computerworld.com/action/article.d
o?command=viewArticleBasic&articleId=9043038
– What are the confidentiality, integrity, availability, and usage concerns in this scenario?
– How about Singapore Government’s EMR?
© Yingjiu Li 2005 17
Threat, Vulnerability and Attacks
• Threat– something bad that could happen
• Vulnerability– weakness in an information system that could
be exploited
• Attack– some action taken by a malicious intruder– Passive Adversary– Active Adversary
© Yingjiu Li 2005 18
Example of ThreatsLogin and identity theft:
– Exposure of 88,000 user logins and passwords at Texas A&M
– Exposure of contact information of 6.3 million Ameritrade customers
– Exposure of credit card numbers for over 94 million shoppers at stores owned by TJX
• http://www.boston.com/business/globe/articles/2007/10/24/court_filing_in_tjx_breach_doubles_toll/
© Yingjiu Li 2005 19
How secure are we
now?
© Yingjiu Li 2005 20
Hardware and Software Grow
• Moore’s law– Processing power doubles every 18 months
• Gates’ law – Software grows to use all available memory
and processing power• Multics 1970: ~55k lines of code
• Windows 2000: ~55M lines of code
© Yingjiu Li 2005 21
Number of Vulnerabilities
• Neumann’s law– Number of bugs increases as square of code
size– Number of vulnerabilities is approximately
linear in the number of program bugs
© Yingjiu Li 2005 22
Security Risk
• Metcalfe’s law– Value of a network is square of number of users– Internet 1970: ~10K users– Internet 2005: ~1B users
• Evan’s Law– Security risk is the product of the number of
vulnerabilities and the value of network
© Yingjiu Li 2005 23
Attack Easy, Defense Hard
– An intruder only needs to find one vulnerability
– Defender needs to control all possible vulnerabilities
Principle of Easiest Penetration
An Intruder can exploit any vulnerability to launch a penetration or attack
© Yingjiu Li 2005 24
What can we do
about security?
© Yingjiu Li 2005 25
How to Achieve Security (Control)
• Policy– What we are trying to protect
• Mechanism– How to enforce the security
policy
• Assurance– How well the security
mechanism enforces the policy
Policy
Mechanism
Assurance
Security
© Yingjiu Li 2005 26
Security Tradeoffs
• Security is not free
Security
Functionality Ease of use
Cost
© Yingjiu Li 2005 27
Discussion
• Good-Enough Security– http://www.list.gmu.edu/journals/ic/03-sandhu-
good.pdf– Why good enough always beat perfect?– What is really hard?– How to achieve good enough security?– How frequent should SMU password be
updated?
© Yingjiu Li 2005 28
Introduction to Networks
© Yingjiu Li 2005 29
Where do you live
and where do you
go?
© Yingjiu Li 2005 30
Address
• IP Address: An Internet identifier for each network interface– Example: 202.161.41.246
• Hostname: An Internet identifier of a host.– Example: www.smu.edu.sg
• Domain name: An identifier of a domain, which is a network of associated hosts.– Example: smu.edu.sg
© Yingjiu Li 2005 31
Network Diagram
© Yingjiu Li 2005 32
Example: Campus Network
© Yingjiu Li 2005 33
Router
• The postman in the Internet– store and forward
• On arrival of an IP packet, it makes a routing decision based on the packet’s destination IP address.
• Routing decision: to choose the next router to forward the packet
© Yingjiu Li 2005 34
Router Architecture Overview
Two key router functions:
• run routing algorithms/protocol (RIP, OSPF, BGP)• forwarding datagrams from incoming to outgoing link
© Yingjiu Li 2005 35
Getting A Datagram from Source to Destination
IP datagram:
Src Addr Des Addr Data
• each host and router has a routing table
• datagram remains unchanged, as it travels from source to destination
© Yingjiu Li 2005 36
Getting a datagram from source to destination
223.1.1.1 223.1.1.3 Data
Starting at A, given IP datagram addressed to B:• look up net address of B• find B is on same net as A• link layer will send datagram directly to B inside link layer frame - A and B are directly connected
© Yingjiu Li 2005 37
Getting a datagram from source to destination
223.1.1.1 223.1.2.2 Data
Starting at A, dest. E• look up net address of E• find E on different network - A and E not directly attached• routing table: next hop router to E is 223.1.1.4 • link layer sends datagram to router 223.1.1.4 inside link layer frame• datagram arrives at 223.1.1.4• continued …
© Yingjiu Li 2005 38
Getting a datagram from source to destination
223.1.1.1 223.1.2.2 Data
Arriving at 2231.1.4, destined for 223.1.2.2• look up net address of E• find E on the same net as router’s interface 223.1.2.9 - router and E directly attached• link layer sends datagram to 223.1.2.2 inside link layer frame through interface 223.1.2.9• datagram arrives at 223.1.2.2!
© Yingjiu Li 2005 39
Domain Name System (DNS)
• A service to translate “Names” to “IP” addresses
your laptop
www.google.com
local DNS serverns01.staff.smu.edu.sg
1
2
authoritative DNS serverdns.google.com
3
4
© Yingjiu Li 2005 40
How do you talk to
each other?
© Yingjiu Li 2005 41
Transport services and protocols• provide logical communication
between app processes running on different hosts
• transport protocols run in end systems
– send side: breaks app messages into segments, passes to network
– rcv side: reassembles segments into messages, passes to applications
• more than one transport protocol available to apps
– Internet: TCP and UDP
application
transportnetworkdata linkphysical
application
transportnetworkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysicalnetwork
data linkphysical
logical end-end transport
© Yingjiu Li 2005 42
Internet transport-layer protocols
• reliable, in-order delivery (TCP)– connection setup
• unreliable, unordered delivery: UDP
• services not available: – delay guarantees
– bandwidth guarantees
application
transportnetworkdata linkphysical
application
transportnetworkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysicalnetwork
data linkphysical
logical end-end transport
© Yingjiu Li 2005 43
Port and TCP• Port: an identity of application• IP address + port number can uniquely identify an
application running in a host in the Internet.• Well-known Port numbers:
– Web: TCP port 80– Email Transportation: TCP port 25– Email Retrieval: TCP port 110– DNS: UDP port 53
• Both the client and the server need to specify their port numbers for data transmission.
© Yingjiu Li 2005 44
Data Transmission Using TCPClient
Server
Seq=42, ACK=79, client data
Seq=79, ACK=43, server data
time
SYN
SYN, ACK
1. connection setup
2. data transmission
3. connection close
FIN
FIN
Listening to a TCP port, e.g. TCP port 80
© Yingjiu Li 2005 45
How do you surf
web?
© Yingjiu Li 2005 46
Web and HTTP• Web page consists of objects• Object can be HTML file, JPEG image, Java
applet, audio file,…• Web page consists of base HTML-file which
includes several referenced objects• Each object is addressable by a URL• Example URL:
www.someschool.edu/someDept/pic.gif
host name path name
© Yingjiu Li 2005 47
HTTP overview
HTTP: hypertext transfer
protocol
• Web’s application layer protocol
• client/server model
– client: browser that requests,
receives, “displays” Web
objects
– server: Web server sends
objects in response to requests
• HTTP 1.0: RFC 1945
• HTTP 1.1: RFC 2068
PC runningExplorer
Server running
Apache Webserver
Mac runningNavigator
HTTP request
HTTP request
HTTP response
HTTP response
Server:• always on• fixed address
HTTP has nothing to do with how a web page is interpretedHTTP has nothing to do with how a web page is interpreted
© Yingjiu Li 2005 48
HTTP overview (continued)Uses TCP:• client initiates TCP
connection to server, port 80• server accepts TCP
connection from client• HTTP messages
(application-layer protocol messages) exchanged between browser (HTTP client) and Web server (HTTP server)
• TCP connection closed
HTTP is “stateless”• server maintains no
information about past client requests
© Yingjiu Li 2005 49
User-server state: cookiesMany major Web sites use
cookies
Four components:1) cookie header line of
HTTP response message
2) cookie header line in HTTP request message
3) cookie file kept on user’s host, managed by user’s browser
4) back-end database at Web site
Example:– Susan access Internet
always from same PC
– She visits a specific e-commerce site for first time
– When initial HTTP requests arrives at site, site creates a unique ID and creates an entry in backend database for ID
© Yingjiu Li 2005 50
Cookies: keeping “state” (cont.)
client server
usual http request msgusual http response
+Set-cookie: 1678
usual http request msg
cookie: 1678usual http response
msg
usual http request msg
cookie: 1678usual http response msg
cookie-specificaction
cookie-spectificaction
servercreates ID
1678 for user
entry in backend
database
access
acce
ss
Cookie file
amazon: 1678ebay: 8734
Cookie file
ebay: 8734
Cookie file
amazon: 1678ebay: 8734
one week later:
© Yingjiu Li 2005 51
Cookies (continued)
What cookies can bring:
• authorization
• shopping carts
• recommendations
• user session state (Web e-mail)
Cookies and privacy:• cookies permit sites to
learn a lot about you
• you may supply name and e-mail to sites
aside
How to keep “state”:• Protocol endpoints: maintain
state at sender/receiver over multiple transactions
• cookies: http messages carry state
© Yingjiu Li 2005 52
How do you send
email?
© Yingjiu Li 2005 53
Electronic MailThree major components: • user agents
• mail servers
• simple mail transfer protocol: SMTP
User Agent• a.k.a. “mail reader”
• composing, editing, reading mail messages
• e.g., Eudora, Outlook, elm, Netscape Messenger
• outgoing, incoming messages stored on server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
© Yingjiu Li 2005 54
Electronic Mail: mail servers
Mail Servers • mailbox contains incoming
messages for user
• message queue of outgoing (to be sent) mail messages
• SMTP protocol between mail servers to send email messages
– client: sending mail server
– “server”: receiving mail server
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
© Yingjiu Li 2005 55
• uses TCP to reliably transfer email message from client to server, port 25
• direct transfer: sending server to receiving server
• three phases of transfer
– handshaking (greeting)
– transfer of messages
– closure
• command/response interaction
– commands: ASCII text http://www.asciitable.com/
– response: status code and phrase
• messages must be in 7-bit ASCII
Electronic Mail: SMTP [RFC 2821]
© Yingjiu Li 2005 56
Scenario: Alice sends message to Bob
1) Alice uses UA to compose message and “to” [email protected]
2) Alice’s UA sends message to her mail server; message placed in message queue
3) Client side of SMTP opens TCP connection with Bob’s mail server
4) SMTP client sends Alice’s message over the TCP connection
5) Bob’s mail server places the message in Bob’s mailbox
6) Bob invokes his user agent to read message
useragent
mailserver
mailserver user
agent
1
2 3 4 56
© Yingjiu Li 2005 57
Demo
• Motivation for email security
© Yingjiu Li 2005 58
Project – Part A• Project (25%) consists of part A (15%) and part B (10%)• Teaming: 10 random teams per class.• References: internet, textbook• • Part A: Open-ended investigation into a security-related topic (each team chooses a
different topic)• Students are given a list of security-related topics such as cell phone security, RFID
system security, and EMR system security• Grading: 5% presentation + 10% project report (5% breadth, 5% depth)• Deliverables: Each team will write a project report on their findings, and deliver an oral
presentation. The report will be within 10~15 pages, using 11pt font, single column and single space format. The oral presentation will be delivered in 20 minutes including Q&A.
• Requirements: In both report and presentation, each team should:• a) Describe the background of the related topic• b) Evaluate major/certain security problem(s) in the field• c) Present solutions to the problem(s)• d) Analyze the possible impact/benefits of deploying the solutions in one or more
business sectors, and provides a simple case study where appropriate
© Yingjiu Li 2005 59
Project – Part B• Part B: prototype simulation and demo of a secure RFID system• Background: Company SEC decides to implement RFID technology to increase the efficiency and
visibility of tracking its products. However, security is a major concern since SEC does not want any of its competitors to be able to collect its RFID information (e.g., its inventory level, where, when, and what products are processed) via the wireless communication channel from a distance. Therefore, it decides to implement a secure RFID communication protocol so that an adversary, without knowing tag secret keys, will not be able to identify or track any tags.
• Setting: there are 1000 RFID tags and one reader. Each of the tags is assigned with a random key of 96 bits, and equipped with a pseudorandom number generator and a hash function (e.g., MD5 or SHA1). The reader maintains a database of the keys for all 1000 tags.
• Protocol: the protocol is run between the reader and any tag. To authenticate or identify the tag, the reader first generates a random number C1 of at least 80 bits, and sends it to the tag. Upon receiving C1, the tag generates another random number C2, computes R=Hash(K,C1,C2), and sends (C2, R) back to the reader, where K is the key of this tag. Upon receiving (C2, R), the reader will search in its database to find out the correct key K which will produce the same R as received from the tag. The reader will output the serial number of this key K in its database as the tag’s ID.
• Requirements: the students are required to simulate the protocol in programming (e.g., Java, or OpenSSL). The input of the protocol is any tag (whose key is taken from the reader’s database). The output should be the correct serial number of the tag’s key in the reader’s database, as well as the exact time that is spent by the reader in identifying the tag in the protocol. Additional requirement (optional) is to simulate the memory of EPC tag in protocol running.
• Deliverables: the students should demo their simulation of the protocol within 10 minutes in their presentations (in week 13). In addition, they need to write a report within 5 pages on their designs, and attach their codes. In the report, the students should analyze why this protocol is secure.
• Grading: 10% based on both demo and report (4% correctness, 3% security, 3% efficiency and quality).
© Yingjiu Li 2005 60
Project – Due Time• The project outline/draft within 5 pages on
both part A and part B (hardcopy) is due before or during the class in week 9.
• The presentations will be in week 12 and demo in week 13.
• The final report is due on Monday in week 14.
© Yingjiu Li 2005 61
Project – Topics • 10 random teams (mod 10); each team chooses a different
topic from the following list1. Single sign-on and/or identity management, 2. RFID system security/privacy, 3. Trusted computing platform module (TPM), 4. Digital rights management (DRM), 5. anti-virus and/or firewall and/or intrusion detection systems6. anti-phishing and/or anti-spam, 7. privacy of personal information in database or data publication 8. risk analysis, 9. Electronic medical record (EMR) system security10. Cell phone security/privacy
© Yingjiu Li 2005 62
Review Questions1. Security objectives include
a) Confidentiality, integrity, and availabilityb) Policy, mechanism, and assurancec) Functionality, ease of use, and cost
2. Assume that a software system increases 10 times in terms of code size and the number of its users doubles during the past fives, how many times the security risk increases?
a) 40 b) 400 c) 2003. Which protocol is designed for the purpose of
web browsing?a) TCP b) HTTP c) SMTP