1 / 61

Information Security & Privacy

Information Security & Privacy. James Joshi Associate Professor, SIS. Topics overview . Security/Privacy basics Secure design principles Overview of Cryptography and Network security. What is Information Security?. Overview of Computer Security. Information Systems Security. Deals with

bvetter
Télécharger la présentation

Information Security & Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security & Privacy James Joshi Associate Professor, SIS

  2. Topics overview • Security/Privacy basics • Secure design principles • Overview of Cryptography and Network security

  3. What is Information Security? Overview of Computer Security

  4. Information Systems Security • Deals with • Security of (end) systems • Examples ? • Security of information in transit over a network • Examples ? Is it enough to have strong security for either one of these?

  5. Basic Components of Security • Confidentiality • What do you mean? • Prevention or detection? • Examples? • Integrity • What do you mean? • Data integrity vs Origin integrity • Prevention or detection? • Examples? • Availability • What do you mean? CIA

  6. CIA-based Model NSTISSC 4011 Security Model (CNSS 4011)

  7. Basic Components of Security • Additional from NIST (National Institute of Standards and Technology • Accountability • Assurance • Non-repudiation:

  8. Interdependencies confidentiality integrity Integrity confidentiality availability accountability Integrity confidentiality Integrity confidentiality

  9. Terminology Security Architecture Requirements Policies Requirements Policies Security Features or Services Resources Assets Information Attackers/Intruders/ Malfeasors Security Models/ Mechanisms

  10. Attack Vs Threat • A threat is a “potential” violation of security • The violation need not actually occur • The fact that the violation might occur makes it a threat • The actual violation of security is called an attack

  11. Common security threats/attacks • Interruption, delay, denial of service • Interception or snooping • Modification or alteration • Fabrication, masquerade, or spoofing • Repudiation of origin

  12. Classes of Threats (Shirley) • Disclosure: • Unauthorized access to information • Deception: • Acceptance of false data • Disruption: • Interruption/prevention of correct operation • Usurpation: • Unauthorized control of a system component

  13. Goals of Security • Prevention • To prevent someone from violating a security policy • Detection • To detect activities in violation of a security policy • Verify the efficacy of the prevention mechanism • (Response &) Recovery • Stop policy violations (attacks) • Assess and repair damage • Ensure availability in presence of an ongoing attack • Fix vulnerabilities for preventing future attack

  14. Information Assurance • What is information assurance? “Assurance is the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes” (NIST) • Assurance is to indicate “how much” to trust a system and is achieved by ensuring that • The required functionality is present and correctly implemented • There is sufficient protection against unintentional errors • There is sufficient resistance to intentional penetration or by-pass Specification – design - implementation

  15. Operational Issues • Cost-Benefit Analysis • Risk Analysis • Laws and Customs • Operational problems • People problem

  16. Secure Design Principles

  17. Design Principles for Security • Principles • Least Privilege • Fail-Safe Defaults • Economy of Mechanism • Complete Mediation • Open Design • Separation of Privilege • Least Common Mechanism • Psychological Acceptability • Simplicity • Restriction

  18. Least Privilege • A subject should be given only those privileges necessary to complete its task • Assignment of privileges based on • Function, Identity-based, … ? • Based on “Need to know”; “Relevance to situation” … • Examples?

  19. Fail-Safe Defaults • What should be the default action? • If action fails, how can we keep the system safe/secure? • When a file is created, what privileges are assigned to it?

  20. Economy of Mechanism • Design and implementation of security mechanism • KISS Principle (Keep It Simple, Silly!) • Careful design of Interfaces and Interactions

  21. Complete Mediation • No caching of information • Mediate all accesses • Why? • Any disadvantage of this principle?

  22. Open Design • Security should not depend on secrecy of design or implementation • Source code should be public? • “Security through obscurity” ?

  23. Separation of Privilege • Restrictive access • Use multiple conditions to grant privilege • Equivalent to Separation of duty • Example?

  24. Least Common Mechanism • Mechanisms should not be shared • What is the problem with shared resource? • Covert channels? • Isolation techniques • Virtual machine

  25. Psychological Acceptability • Security mechanisms should not add to difficulty of accessing resource • Hide complexity introduced by security mechanisms • Ease of installation, configuration, use • Human factors critical here • (e.g., Proper messages)

  26. Reference Validation Mechanism • Trusted Computing Base • Hardware and software for enforcing security rules • Reference monitor • Part of TCB • All system calls go through reference monitor for security checking • Reference validation mechanism – • Tamperproof • Never be bypassed • Small enough to be subject to analysis and testing – the completeness can be assured User space User process Kernel space OS kernel TCB Reference monitor Which principle(s)?

  27. Overview of Cryptography and network security

  28. Message Message Secure Message Secure Message Secure Information Transmission(network security model) Trusted Third Party arbiter, distributer of secret information Sender Receiver Secret Information Secret Information Security related transformation Information channel Opponent

  29. Brief History • All encryption algorithms from BC till 1976 were secret key algorithms • Also called private key algorithms or symmetric key algorithms • Julius Caesar used a substitution cipher • Widespread use in World War II (enigma) • Public key algorithms were introduced in 1976 by Whitfield Diffie and Martin Hellman

  30. Cæsar cipher • Let k = 9, m = “VELVET” (21 4 11 21 4 19) • Ek(m) = (30 13 20 30 13 28) mod 26 =“4 13 20 4 13 2” = “ENUENC” • Dk(m) = (26 + c – k) mod 26 = (21 30 37 21 30 19) mod 26 = “21 4 11 21 4 19” = “VELVET”

  31. Classical Cryptography X’, K’ Ed (Cryptoanalyst) Alice Bob Encrypt (algorithm) Decrypt (algorithm) Ciphertext Y Plaintext X Plaintext X Secure Channel Secret key K Key Source Oscar

  32. Classical Cryptography • Sender, receiver share common key • Keys may be the same, or trivial to derive from one another • Sometimes called symmetric cryptography • Two basic types • Transposition ciphers • Substitution ciphers • Product ciphers • Combinations of the two basic types

  33. Classical Cryptography • y = Ek(x) : Ciphertext  Encryption • x = Dk(y) : Plaintext  Decryption • k = encryption and decryption key • The functions Ek() and Dk() must be inverses of one another • Ek(Dk(y)) = ? • Dk(Ek(x)) = ? • Ek(Dk(x)) = ?

  34. Transposition Cipher • Rearrange letters in plaintext to produce ciphertext • Example (Rail-Fence Cipher) • Plaintext is “HELLO WORLD” • Rearrange as HLOOL ELWRD • Ciphertext is HLOOL ELWRD

  35. Public Key Cryptography • Two keys • Private key known only to individual • Public key available to anyone • Idea • Confidentiality: • encipher using public key, • decipher using private key • Integrity/authentication: • encipher using private key, • decipher using public one

  36. Requirements • Given the appropriate key, it must be computationally easy to encipher or decipher a message • It must be computationally infeasible to derive the private key from the public key • It must be computationally infeasible to determine the private key from a chosen plaintext attack

  37. Confidentiality using Public Key Y X Encryption Message Source X Decryption Message Source Bob Alice ? ? Key Source

  38. Authentication using RSA Y X Encryption Message Source X Decryption Message Source Bob Alice ? ? Key Source

  39. Encryption Y Confidentiality + Authentication Encryption Message Source X Z Decryption Y Decryption X Message Source Bob Alice ? ? ? ? Key Source Key Source

  40. Digital Certificates • Create token (message) containing • Identity of principal (here, Alice) • Corresponding public key • Timestamp (when issued) • Other information (identity of signer) signed by trusted authority (here, Cathy) CA = { eA || Alice || T } dC CA is A’s certificate

  41. Digital Signature • Construct that authenticates origin, contents of message in a manner provable to a disinterested third party (“judge”) • Sender cannot deny having sent message • Limited to technical proofs • Inability to deny one’s cryptographic key was used to sign • One could claim the cryptographic key was stolen or compromised • Legal proofs, etc., probably required;

  42. Signature • Classical: Alice, Bob share key k • Alice sends m || { m }k to Bob • Does this satisfy the requirement for message authentication? How? • Does this satisfy the requirement for a digital signature?

  43. Public Key Digital Signatures(RSA) • Alice’s keys are dAlice, eAlice • Alice sends Bob m || { m }dAlice • In case of dispute, judge computes { { m }dAlice }eAlice • and if it is m, Alice signed message • She’s the only one who knows dAlice!

  44. Message Digest or One way functions • MD2, MD4, MD5 (Ronald Rivest) • SHA, SHA-1 (Secure Hash Algorithm) • SHA-256, SHA-384, SHA-512 • MD5(There is $1500 in the blue bo) = f80b3fde8ecbac1b515960b9058de7a1 • MD5(There is $1500 in the blue box) = a4a5471a0e019a4a502134d38fb64729 • How do you use hash functions to authenticate a message?

  45. Protection Strength • Unconditionally Secure • Unlimited resources + unlimited time • Still the plaintext CANNOT be recovered from the ciphertext • Computationally Secure • Cost of breaking a ciphertext exceeds the value of the hidden information • The time taken to break the ciphertext exceeds the useful lifetime of the information

  46. Average time required for exhaustive key search

  47. What is Authentication? • Authentication: • Binding identity and external entity to subject • How do we do it? • Entity knows something (secret) • Passwords, id numbers • Entity has something • Badge, smart card • Entity is something • Biometrics: fingerprints or retinal characteristics • Entity is in someplace • Source IP, restricted area terminal

  48. Authentication Systems • Password issue • Brute force, dictionary attacks • Password selection and aging • Challenge – response • CAPTCHA • Physically Unclonable Functions • E.g., RFID counterfeit detection

  49. Authentication Systems: Biometrics • Fingerprint (optical scanning) • Camera’s needed (bulky) • Voice • Speaker-verification (identity) or speaker-recognition (info content) • Iris/retina patterns (unique for each person) • Laser beaming is intrusive • Face recognition • Facial features can make this difficult • Keystroke interval/timing/pressure

  50. Intrusion Detection/Response • Systems under attack fail to meet one or more of the following characteristics • Actions of users/processes conform to statistically predictable patterns • Actions of users/processes do not include sequences of commands to subvert security policy • Actions of processes conform to specifications describing allowable actions

More Related