1 / 16

CS162 Discussion

CS162 Discussion. Section 11. Administrivia. Project 4 Initial Design Due next Tuesday, April 29 at 11:59 pm Midterm 2 April 28 th 4-5:30 pm in 245 LKS and 100 GPB Lectures 13-24 Closed books and notes, no calculators One double-sided cheat sheet allowed

bernie
Télécharger la présentation

CS162 Discussion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS162 Discussion Section 11

  2. Administrivia • Project 4 Initial Design • Due next Tuesday, April 29 at 11:59 pm • Midterm 2 • April 28th 4-5:30 pm in 245 LKS and 100 GPB • Lectures 13-24 • Closed books and notes, no calculators • One double-sided cheat sheet allowed • Review Session: Friday April 25th 4-6pm in LKS • Project 4 • Code still due Thursday, May 8th at 11:59 pm

  3. Quiz!

  4. Quiz True/False 1. AES (Advanced Encryption Standard) is an example of public key encryption. False 2. Asymmetric key encryption is the same speed as symmetric key encryption. False 3. A digital certificate ensures that the private key has a trusted authority confirming it. False 4. Two-Factor Authentication is used with passwords to ensure you are who you say you are. True 5. A worm replicates itself using a buffer overflow attack. True 6. A system is protected from a buffer overflow attack if they have a non-executable stack and heap. False 7. After the worm starts to spread, the function of infected hosts can be best represented in linear time. False Short Answer • What protocol does https use to ensure CIA? (SSL / TLS) • What is the security device whose goal is to prevent computers from outside your network gaining access to what is inside your network? Firewall

  5. Security Requirements • Authentication • Ensures that a user is who is claiming to be • Data integrity • Ensure that data is not changed from source to destination or after being written on a storage device • Confidentiality • Ensures that data is read only by authorized users • Non-repudiation • Sender/client can’t later claim didn’t send/write data • Receiver/server can’t claim didn’t receive/write data

  6. Securing Communication: Cryptography • Cryptography: communication in the presence of adversaries • Studied for thousands of years • See the Simon Singh’s The Code Book for an excellent, highly readable history • Central goal: confidentiality • How to encode information so that an adversary can’t extract it, but a friend can • General premise: there is a key, possession of which allows decoding, but without which decoding is infeasible • Thus, key must be kept secret and not guessable

  7. Integrity: Cryptographic Hashes • Basic building block for integrity: cryptographic hashing • Associate hash with byte-stream, receiver verifies match • Assures data hasn’t been modified, either accidentally – or maliciously • Approach: • Sender computes a secure digest of message m using H(x) • H(x) is a publicly known hash function • Digest d = HMAC (K, m) = H (K | H (K | m)) • HMAC(K, m) is a hash-based message authentication function • Send digest d and message m to receiver • Upon receiving m and d, receiver uses shared secret key, K, to recompute HMAC(K, m) and see whether result agrees with d

  8. Asymmetric Encryption (Public Key) • Idea: use two different keys, one to encrypt (e) and one to decrypt (d) • A key pair • Crucial property: knowing e does not give away d • Therefore e can be public: everyone knows it! • If Alice wants to send to Bob, she fetches Bob’s public key (say from Bob’s home page) and encrypts with it • Alice can’t decrypt what she’s sending to Bob … • … but then, neither can anyone else (except Bob)

  9. Non-Repudiation: RSA Crypto & Signatures • Suppose Alice has published public key KE • If she wishes to prove who she is, she can send a message x encrypted with her private key KD (i.e., she sends E(x, KD)) • Anyone knowing Alice’s public key KE can recover x, verify that Alice must have sent the message • It provides a signature • Alice can’t deny it  non-repudiation

  10. Authentication: Passwords • Shared secret between two parties • Since only user knows password, someone types correct password  must be user typing it • Very common technique • System must keep copy of secret to check against passwords • What if malicious user gains access to list of passwords? • Need to obscure information somehow • Mechanism: utilize a transformation that is difficult to reverse without the right key (e.g., encryption)

  11. Host Compromise • One of earliest major Internet security incidents • Morris Worm (1988): compromised almost every BSD-derived machine on Internet • Today: estimated that a single worm could compromise 10M hosts in < 5 min using a zero-day exploit • Attacker gains control of a host • Reads data (e.g., passwords, credit card numbers, …) • Compromises another host • Launches denial-of-service attack on another host • Erases data • Encrypts data and demands a ransom • Cryptolocker virus (2013)

  12. Buffer Overflow • Part of the request sent by the attacker too large to fit into buffer program uses to hold it • Spills over into memory beyond the buffer • Allows remote attacker to inject executable code void get_cookie(char *packet) { . . . (200 bytes of local vars) . . . munch(packet); . . . } void munch(char *packet) { int n; char cookie[512]; . . . code here computes offset of cookie in packet, stores it in n strcpy(cookie, &packet[n]); . . . }

  13. Return-oriented Programming • Attacker can’t inject code anymore, but doesn’t need to! • Application and system libraries have all the code an attacker needs, sort of… • Look for useful fragments of code followed by a return instruction – these are called “gadgets” • Instead of injecting code, attacker injects arguments for and addresses of existing code fragments (gadget + args!) • Uses existing return call to runsequence of gadgets

  14. Firewalls: Properties • Easier to deploy firewall than secure all internal hosts • Doesn’t prevent user exploitation/social networking attacks • Tradeoff between availability of services (firewall passes more ports on more machines) and security • If firewall is too restrictive, users will find way around it, thus compromising security • E.g., tunnel all services using port 80

  15. Denial of Service • Huge problem in current Internet • Major sites attacked: Yahoo!, Amazon, eBay, CNN, Microsoft • 12,000 attacks on 2,000 domains in 1 week (2001) • Almost all attacks launched from compromised hosts • CyberBunker.com 300Gb/s DDoS attack against Spamhaus • Spring 2013: more than 600,000 packets/second! • 35 yr old Dutchman “S.K.” arrested in Spain on 4/26 • Was using van with “various antennas” as mobile office • General Form • Prevent legitimate users from gaining service by overloading or crashing a server • E.g., SYN attack

  16. SYN Attack • Attacker: send at max rate TCP SYN with random spoofed source address to victim • Spoofing: use a different source IP address than own • Random spoofing allows one host to pretend to be many • Victim receives many SYN packets • Send SYN+ACK back to spoofed IP addresses • Holds some memory until 3-way handshake completes • Usually never, so victim times out after long period (e.g., 3 minutes)

More Related