1 / 109

Introduction to Information Security

Introduction to Information Security. Mark Stamp Department of Computer Science San Jose State University stamp@cs.sjsu.edu. The Cast of Characters. Alice and Bob are the good guys. Trudy is the bad guy. Trudy is our generic “intruder”. Alice’s Online Bank.

ata
Télécharger la présentation

Introduction to Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction toInformation Security Mark StampDepartment of Computer ScienceSan Jose State Universitystamp@cs.sjsu.edu Intro to Information Security 1

  2. The Cast of Characters • Alice and Bob are the good guys • Trudy is the bad guy • Trudy is our generic “intruder” Intro to Information Security 2

  3. Alice’s Online Bank • Alice opens Alice’s Online Bank (AOB) • What are Alice’s security concerns? • If Bob is a customer of AOB, what are his security concerns? • How are Alice and Bob concerns similar? How are they different? • How does Trudy view the situation? Intro to Information Security 3

  4. CIA • Confidentiality, Integrity and Availability • AOB must prevent Trudy from learning Bob’s account balance • Confidentiality: prevent unauthorized reading of information Intro to Information Security 4

  5. CIA • Trudy must not be able to change Bob’s account balance • Bob must not be able to improperly change his own account balance • Integrity: prevent unauthorized writing of information Intro to Information Security 5

  6. CIA • AOB’s information must be available when needed • Alice must be able to make transaction • If not, she’ll take her business elsewhere • Availability: Data is available in a timely manner when needed • Availability is a “new” security concern • In response to denial of service (DoS) Intro to Information Security 6

  7. Beyond CIA • How does Bob’s computer know that “Bob” is really Bob and not Trudy? • Bob’s password must be verified • This requires some clever cryptography • What are security concerns of pwds? • Are there alternatives to passwords? Intro to Information Security 7

  8. Beyond CIA • When Bob logs into AOB, how does AOB know that “Bob” is really Bob? • As before, Bob’s password is verified • Unlike standalone computer case, network security issues arise • What are network security concerns? • Protocols are critically important • Crypto also important in protocols Intro to Information Security 8

  9. Beyond CIA • Once Bob is authenticated by AOB, then AOB must restrict actions of Bob • Bob can’t view Charlie’s account info • Bob can’t install new software, etc. • Enforcing these restrictions is known as authorization • Access control includes both authentication and authorization Intro to Information Security 9

  10. Beyond CIA • Cryptography, protocols and access control are implemented in software • What are security issues of software? • Most software is complex and buggy • Software flaws lead to security flaws • How to reduce flaws in software development? Intro to Information Security 10

  11. Beyond CIA • Some software is intentionally evil • Malware: computer viruses, worms, etc. • What can Alice and Bob do to protect themselves from malware? • What can Trudy do to make malware more “effective”? Intro to Information Security 11

  12. Beyond CIA • Operating systems enforce security • For example, authorization • OS: large and complex software • Win XP has 40,000,000 lines of code! • Subject to bugs and flaws like any other software • Many security issues specific to OSs • Can you trust an OS? Intro to Information Security 12

  13. My Book • The text consists of four major parts • Cryptography • Access control • Protocols • Software Intro to Information Security 13

  14. Cryptography • “Secret codes” • The book covers • Classic cryptography • Symmetric ciphers • Public key cryptography • Hash functions • Advanced cryptanalysis Intro to Information Security 14

  15. Access Control • Authentication • Passwords • Biometrics and other • Authorization • Access Control Lists (ACLs) and Capabilities • Multilevel security (MLS), security modeling, covert channel, inference control • Firewalls and Intrusion Detection Systems Intro to Information Security 15

  16. Protocols • Simple authentication protocols • “Butterfly effect” --- small change can have drastic effect on security • Cryptography used in protocols • Real-world security protocols • SSL, IPSec, Kerberos • GSM security Intro to Information Security 16

  17. Software • Software security-critical flaws • Buffer overflow • Other common flaws • Malware • Specific viruses and worms • Prevention and detection • The future of malware Intro to Information Security 17

  18. Software • Software reverse engineering (SRE) • How hackers “dissect” software • Digital rights management • Shows difficulty of security in software • Also raises OS security issues • Limits of testing • Open source vs closed source Intro to Information Security 18

  19. Software • Operating systems • Basic OS security issues • “Trusted” OS requirements • NGSCB: Microsoft’s trusted OS for PC • Software is a big security topic • Lots of material to cover • Lots of security problems to consider Intro to Information Security 19

  20. Think Like Trudy • In the past, no respectable sources talked about “hacking” in detail • It was argued that such info would help hackers • Very recently, this has changed • Books on network hacking, how to write evil software, how to hack software, etc. Intro to Information Security 20

  21. Think Like Trudy • Good guys must think like bad guys! • A police detective • Must study and understand criminals • In information security • We want to understand Trudy’s motives • We must know Trudy’s methods • We’ll often pretend to be Trudy Intro to Information Security 21

  22. Think Like Trudy • Is all of this security information a good idea? • “It’s about time somebody wrote a book to teach the good guys what the bad guys already know.” --- Bruce Schneier Intro to Information Security 22

  23. Think Like Trudy • We must try to think like Trudy • We must study Trudy’s methods • We can admire Trudy’s cleverness • Often, we can’t help but laugh at Alice and Bob’s stupidity • But, we cannot act like Trudy Intro to Information Security 23

  24. Security Books Intro to Information Security 24

  25. Security Books • Security Engineering: A Guide to Building Dependable Distributed Systems, Anderson, John Wiley & Sons, Inc., 2001 • Plusses • Highly readable/entertaining • Case studies • Emphasis on human factors • Minuses • Glosses over technical issue • Not a textbook Intro to Information Security 25

  26. Security Books • Network Security: Private Communication in a Public World, second edition, Kaufman, Perlman, and Speciner, Prentice Hall, 2002 • Plusses • Solid on protocols • Brief but good on crypto • Minuses • No software, access control • Too much RFC detail Intro to Information Security 26

  27. Security Books • Security in Computing, third edition, Pfleeger and Pfleeger, Prentice Hall, 2003 • Plusses • Good on OS topics • OK on software topics • Minuses • Dated • Boring Intro to Information Security 27

  28. Security Books • Applied Cryptography: Protocols, Algorithms and Source Code in C, Second Edition, Schneier, John Wiley & Sons, Inc., 1995 (2nd edition) • Plusses • Encyclopedic • Widely used • Minuses • Crypto only • Sloppy in places Intro to Information Security 28

  29. Security Books • Computer Security, Gollmann, John Wiley & Sons, Inc., 1999 • Plusses • Chapter 8: How things go wrong • Good on security modeling • Minuses • Mostly theoretical • No software/limited topics Intro to Information Security 29

  30. Security Books • Computer Security: Art and Science, Bishop, Addison Wesley, 2003 • Plusses • Security modeling • Theory • Minuses • Theory, theory, and more theory • As much fun to read as a calculus textbook Intro to Information Security 30

  31. Security Books • Fundamentals of Secure Computer Systems, Tjaden, Franklin, Beedle, and Associates, 2003 • Plusses • Intrusion detection systems • Good general approach • Minuses • Weak crypto, software, protocols • Good approach, not well executed Intro to Information Security 31

  32. Security Books • Cryptography and Network Security: Principles and Practice, 3rd edition, Stallings, Prentice Hall, 2002 • Plusses • Some OK protocols material • Minuses • Lots of pointless facts • Not coherent Intro to Information Security 32

  33. “Hacker” Books • Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Skoudis, Prentice Hall, 2001 • Shellcoder’s Handbook: Discovering and Exploiting Security Holes, Koziol et al, Wiley, 2004 • Hacker Disassembling Uncovered, Kaspersky, A-List, 2003 • Reversing: Secrets of Reverse Engineering, Eilam, Wiley, 2005 Intro to Information Security 33

  34. My Book • Information Security: Principles and Practice, Stamp, John Wiley & Sons, Inc., 2005 • Plusses • Too many to list… • Minuses • Can’t think of any… Intro to Information Security 34

  35. Crypto Intro to Information Security 35

  36. Crypto Topics • Crypto Basics • Symmetric ciphers • Stream ciphers, Block ciphers • Public key crypto • Knapsack, RSA, DH, ECC, signatures, etc. • Hash functions • Advanced cryptanalysis Intro to Information Security 36

  37. Crypto • Cryptology  The art and science of making and breaking “secret codes” • Cryptography making “secret codes” • Cryptanalysis breaking “secret codes” • Crypto all of the above (and more) Intro to Information Security 37

  38. How to Speak Crypto • A cipher or cryptosystem is used to encrypt the plaintext • The result of encryption is ciphertext • We decrypt ciphertext to recover plaintext • A keyis used to configure a cryptosystem • A symmetric key cryptosystem uses the same key to encrypt as to decrypt • A public key cryptosystem uses a public key to encrypt and a private key to decrypt (sign) Intro to Information Security 38

  39. Crypto • Basis assumption • The system is completely known to the attacker • Only the key is secret • Also known as Kerckhoffs Principle • Crypto algorithms are not secret • Why do we make this assumption? • Experience has shown that secret algorithms are weak when exposed • Secret algorithms never remain secret • Better to find weaknesses beforehand Intro to Information Security 39

  40. Crypto as Black Box key key encrypt plaintext plaintext decrypt ciphertext Intro to Information Security 40

  41. Taxonomy of Cryptography • Symmetric Key • Same key for encryption as for decryption • Stream ciphers • Block ciphers • Public Key • Two keys, one for encryption (public), and one for decryption (private) • Digital signatures --- nothing comparable in symmetric key crypto • Hash algorithms Intro to Information Security 41

  42. Taxonomy of Cryptanalysis • Ciphertext only • Known plaintext • Chosen plaintext • “Lunchtime attack” • Protocols might encrypt chosen text • Adaptively chosen plaintext • Related key • Forward search (public key crypto only) • Etc., etc. Intro to Information Security 42

  43. Symmetric Key Crypto • Stream cipher --- like a one-time pad • Key is relatively short • Key is stretched into a long keystream • Keystream is then used like a one-time pad • Block cipher --- based on codebook concept • Block cipher key determines a codebook • Each key yields a different codebook • Employ both “confusion” and “diffusion” Intro to Information Security 43

  44. Block Cipher Notation • P = plaintext block • C = ciphertext block • Encrypt P with key K to get ciphertext C • C = E(P, K) • Decrypt C with key K to get plaintext P • P = D(C, K) Intro to Information Security 44

  45. Block Cipher Modes • Many modes of operation • We discuss two • Electronic Codebook (ECB) mode • Obvious thing to do • Encrypt each block independently • There is a serious weakness • Cipher Block Chaining (CBC) mode • Chain the blocks together • More secure than ECB, virtually no extra work Intro to Information Security 45

  46. ECB Mode • Notation: C=E(P,K) • Given plaintext P0,P1,…,Pm,… • Obvious way to use a block cipher is EncryptDecrypt C0=E(P0,K), P0=D(C0,K), C1=E(P1,K), P1=D(C1,K), C2=E(P2,K),… P2=D(C2,K),… • For a fixed key K, this is an electronic version of a codebook cipher • A new codebook for each key Intro to Information Security 46

  47. ECB Weaknesses • Suppose Pi=Pj • Then Ci=Cj and Trudy knows Pi=Pj • This gives Trudy some information, even if she does not know Pi or Pj • Trudy might know Pi • A “cut and paste” attack also possible Intro to Information Security 47

  48. Alice Hates ECB Mode • Alice’s uncompressed image, Alice ECB encrypted (TEA) • Why does this happen? • Same plaintext block  same ciphertext! Intro to Information Security 48

  49. CBC Mode • Blocks are “chained” together • A random initialization vector, or IV, is required to initialize CBC mode • IV is random, but need not be secret EncryptionDecryption C0 = E(IVP0,K), P0 = IVD(C0,K), C1 = E(C0P1,K), P1 = C0D(C1,K), C2 = E(C1P2,K),… P2 = C1D(C2,K),… Intro to Information Security 49

  50. CBC Mode • Identical plaintext blocks yield different ciphertext blocks • Cut and paste is still possible, but more complex (and will cause garbles) • If C1 is garbled to, say, G then P1  C0D(G,K), P2  GD(C2,K) • But, P3 = C2D(C3,K), P4 = C3D(C4,K), … • Automatically recovers from errors! Intro to Information Security 50

More Related