610 likes | 630 Vues
Information Security & Privacy. James Joshi Associate Professor, SIS. Topics overview . Security/Privacy basics Secure design principles Overview of Cryptography and Network security. What is Information Security?. Overview of Computer Security. Information Systems Security. Deals with
E N D
Information Security & Privacy James Joshi Associate Professor, SIS
Topics overview • Security/Privacy basics • Secure design principles • Overview of Cryptography and Network security
What is Information Security? Overview of Computer Security
Information Systems Security • Deals with • Security of (end) systems • Examples ? • Security of information in transit over a network • Examples ? Is it enough to have strong security for either one of these?
Basic Components of Security • Confidentiality • What do you mean? • Prevention or detection? • Examples? • Integrity • What do you mean? • Data integrity vs Origin integrity • Prevention or detection? • Examples? • Availability • What do you mean? CIA
CIA-based Model NSTISSC 4011 Security Model (CNSS 4011)
Basic Components of Security • Additional from NIST (National Institute of Standards and Technology • Accountability • Assurance • Non-repudiation:
Interdependencies confidentiality integrity Integrity confidentiality availability accountability Integrity confidentiality Integrity confidentiality
Terminology Security Architecture Requirements Policies Requirements Policies Security Features or Services Resources Assets Information Attackers/Intruders/ Malfeasors Security Models/ Mechanisms
Attack Vs Threat • A threat is a “potential” violation of security • The violation need not actually occur • The fact that the violation might occur makes it a threat • The actual violation of security is called an attack
Common security threats/attacks • Interruption, delay, denial of service • Interception or snooping • Modification or alteration • Fabrication, masquerade, or spoofing • Repudiation of origin
Classes of Threats (Shirley) • Disclosure: • Unauthorized access to information • Deception: • Acceptance of false data • Disruption: • Interruption/prevention of correct operation • Usurpation: • Unauthorized control of a system component
Goals of Security • Prevention • To prevent someone from violating a security policy • Detection • To detect activities in violation of a security policy • Verify the efficacy of the prevention mechanism • (Response &) Recovery • Stop policy violations (attacks) • Assess and repair damage • Ensure availability in presence of an ongoing attack • Fix vulnerabilities for preventing future attack
Information Assurance • What is information assurance? “Assurance is the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes” (NIST) • Assurance is to indicate “how much” to trust a system and is achieved by ensuring that • The required functionality is present and correctly implemented • There is sufficient protection against unintentional errors • There is sufficient resistance to intentional penetration or by-pass Specification – design - implementation
Operational Issues • Cost-Benefit Analysis • Risk Analysis • Laws and Customs • Operational problems • People problem
Design Principles for Security • Principles • Least Privilege • Fail-Safe Defaults • Economy of Mechanism • Complete Mediation • Open Design • Separation of Privilege • Least Common Mechanism • Psychological Acceptability • Simplicity • Restriction
Least Privilege • A subject should be given only those privileges necessary to complete its task • Assignment of privileges based on • Function, Identity-based, … ? • Based on “Need to know”; “Relevance to situation” … • Examples?
Fail-Safe Defaults • What should be the default action? • If action fails, how can we keep the system safe/secure? • When a file is created, what privileges are assigned to it?
Economy of Mechanism • Design and implementation of security mechanism • KISS Principle (Keep It Simple, Silly!) • Careful design of Interfaces and Interactions
Complete Mediation • No caching of information • Mediate all accesses • Why? • Any disadvantage of this principle?
Open Design • Security should not depend on secrecy of design or implementation • Source code should be public? • “Security through obscurity” ?
Separation of Privilege • Restrictive access • Use multiple conditions to grant privilege • Equivalent to Separation of duty • Example?
Least Common Mechanism • Mechanisms should not be shared • What is the problem with shared resource? • Covert channels? • Isolation techniques • Virtual machine
Psychological Acceptability • Security mechanisms should not add to difficulty of accessing resource • Hide complexity introduced by security mechanisms • Ease of installation, configuration, use • Human factors critical here • (e.g., Proper messages)
Reference Validation Mechanism • Trusted Computing Base • Hardware and software for enforcing security rules • Reference monitor • Part of TCB • All system calls go through reference monitor for security checking • Reference validation mechanism – • Tamperproof • Never be bypassed • Small enough to be subject to analysis and testing – the completeness can be assured User space User process Kernel space OS kernel TCB Reference monitor Which principle(s)?
Message Message Secure Message Secure Message Secure Information Transmission(network security model) Trusted Third Party arbiter, distributer of secret information Sender Receiver Secret Information Secret Information Security related transformation Information channel Opponent
Brief History • All encryption algorithms from BC till 1976 were secret key algorithms • Also called private key algorithms or symmetric key algorithms • Julius Caesar used a substitution cipher • Widespread use in World War II (enigma) • Public key algorithms were introduced in 1976 by Whitfield Diffie and Martin Hellman
Cæsar cipher • Let k = 9, m = “VELVET” (21 4 11 21 4 19) • Ek(m) = (30 13 20 30 13 28) mod 26 =“4 13 20 4 13 2” = “ENUENC” • Dk(m) = (26 + c – k) mod 26 = (21 30 37 21 30 19) mod 26 = “21 4 11 21 4 19” = “VELVET”
Classical Cryptography X’, K’ Ed (Cryptoanalyst) Alice Bob Encrypt (algorithm) Decrypt (algorithm) Ciphertext Y Plaintext X Plaintext X Secure Channel Secret key K Key Source Oscar
Classical Cryptography • Sender, receiver share common key • Keys may be the same, or trivial to derive from one another • Sometimes called symmetric cryptography • Two basic types • Transposition ciphers • Substitution ciphers • Product ciphers • Combinations of the two basic types
Classical Cryptography • y = Ek(x) : Ciphertext Encryption • x = Dk(y) : Plaintext Decryption • k = encryption and decryption key • The functions Ek() and Dk() must be inverses of one another • Ek(Dk(y)) = ? • Dk(Ek(x)) = ? • Ek(Dk(x)) = ?
Transposition Cipher • Rearrange letters in plaintext to produce ciphertext • Example (Rail-Fence Cipher) • Plaintext is “HELLO WORLD” • Rearrange as HLOOL ELWRD • Ciphertext is HLOOL ELWRD
Public Key Cryptography • Two keys • Private key known only to individual • Public key available to anyone • Idea • Confidentiality: • encipher using public key, • decipher using private key • Integrity/authentication: • encipher using private key, • decipher using public one
Requirements • Given the appropriate key, it must be computationally easy to encipher or decipher a message • It must be computationally infeasible to derive the private key from the public key • It must be computationally infeasible to determine the private key from a chosen plaintext attack
Confidentiality using Public Key Y X Encryption Message Source X Decryption Message Source Bob Alice ? ? Key Source
Authentication using RSA Y X Encryption Message Source X Decryption Message Source Bob Alice ? ? Key Source
Encryption Y Confidentiality + Authentication Encryption Message Source X Z Decryption Y Decryption X Message Source Bob Alice ? ? ? ? Key Source Key Source
Digital Certificates • Create token (message) containing • Identity of principal (here, Alice) • Corresponding public key • Timestamp (when issued) • Other information (identity of signer) signed by trusted authority (here, Cathy) CA = { eA || Alice || T } dC CA is A’s certificate
Digital Signature • Construct that authenticates origin, contents of message in a manner provable to a disinterested third party (“judge”) • Sender cannot deny having sent message • Limited to technical proofs • Inability to deny one’s cryptographic key was used to sign • One could claim the cryptographic key was stolen or compromised • Legal proofs, etc., probably required;
Signature • Classical: Alice, Bob share key k • Alice sends m || { m }k to Bob • Does this satisfy the requirement for message authentication? How? • Does this satisfy the requirement for a digital signature?
Public Key Digital Signatures(RSA) • Alice’s keys are dAlice, eAlice • Alice sends Bob m || { m }dAlice • In case of dispute, judge computes { { m }dAlice }eAlice • and if it is m, Alice signed message • She’s the only one who knows dAlice!
Message Digest or One way functions • MD2, MD4, MD5 (Ronald Rivest) • SHA, SHA-1 (Secure Hash Algorithm) • SHA-256, SHA-384, SHA-512 • MD5(There is $1500 in the blue bo) = f80b3fde8ecbac1b515960b9058de7a1 • MD5(There is $1500 in the blue box) = a4a5471a0e019a4a502134d38fb64729 • How do you use hash functions to authenticate a message?
Protection Strength • Unconditionally Secure • Unlimited resources + unlimited time • Still the plaintext CANNOT be recovered from the ciphertext • Computationally Secure • Cost of breaking a ciphertext exceeds the value of the hidden information • The time taken to break the ciphertext exceeds the useful lifetime of the information
What is Authentication? • Authentication: • Binding identity and external entity to subject • How do we do it? • Entity knows something (secret) • Passwords, id numbers • Entity has something • Badge, smart card • Entity is something • Biometrics: fingerprints or retinal characteristics • Entity is in someplace • Source IP, restricted area terminal
Authentication Systems • Password issue • Brute force, dictionary attacks • Password selection and aging • Challenge – response • CAPTCHA • Physically Unclonable Functions • E.g., RFID counterfeit detection
Authentication Systems: Biometrics • Fingerprint (optical scanning) • Camera’s needed (bulky) • Voice • Speaker-verification (identity) or speaker-recognition (info content) • Iris/retina patterns (unique for each person) • Laser beaming is intrusive • Face recognition • Facial features can make this difficult • Keystroke interval/timing/pressure
Intrusion Detection/Response • Systems under attack fail to meet one or more of the following characteristics • Actions of users/processes conform to statistically predictable patterns • Actions of users/processes do not include sequences of commands to subvert security policy • Actions of processes conform to specifications describing allowable actions