Download
12 protection security interface n.
Skip this Video
Loading SlideShow in 5 Seconds..
12. Protection/Security Interface PowerPoint Presentation
Download Presentation
12. Protection/Security Interface

12. Protection/Security Interface

124 Vues Download Presentation
Télécharger la présentation

12. Protection/Security Interface

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. 12. Protection/Security Interface 12.1 Security Threats • Types of Damage • Vulnerable Resources • Types of Attacks 12.2 Functions of a Protection System 12.3 User Authentication • Approaches to Authentication • Passwords 12.4 Secure Communication • Principles of Cryptography • Secret-Key Cryptosystems • Public-Key Cryptosystems

  2. Security Threats • Types of damage • Information Disclosure • theft • Information Destruction • possible without disclosure • Unauthorized Use of services • install SW without license, pirated copies (theft) • use fake ID/password to use online service • Denial of Service • difficult to quantify • Vulnerable resources • Hardware (CPU, memory, communications, devices) • Software (files, processes, VM)

  3. Types of Attacks • Browsing of Information • Unauthorized search for residual information • Unused memory and disk space is generally not deleted • Typically done by a user who is already inside • Information leaking • A trusted service leaks confidential/secret information (Confinement Problem)

  4. Types of Attacks • Attack: trusting user accepts a “present”, e.g. a free program, that causes damage (don’t open email attachments) • Trap door • an undocumented feature • inserted on purpose or as a flaw to enter later • Trojan Horse • Greek mythology—the siege of Troy • wooden horse = “present” by Greeks • soldiers hidden inside • Trojans pulled the horse into the city • soldiers opened the gates for the Greeks, causing the destruction of Troy

  5. Types of Attacks • Viruses • Designed to replicate themselves • removable storage media, email, file transfer • Intended to cause damage • Need a host program • attach to and modify host • execute as part of host • Virus detection • check program length(but virus can hide or compress program) • check for virus “signature”—bit pattern used by virus to mark already infected program (viruses use encryption)

  6. Types of Attacks • Worms • Intended to cause damage • Exploit some system weakness to replicate • No host needed • Example: Robert Morris Internet Worm (Nov 2, 1988) • Excessive replication caused major havoc on the internet (denial of service) • 3 separate attacks: • rsh: Spawn process on remote machine without pw (using a list of “trusted” systems) • sendmail: Exploited an error that allows a message to send itself and start • finger:Buffer overflow not checked – major weakness to take over the system

  7. Types of Attacks • Buffer Overflow: Example: • foo calls finger • Attack hijacks return address by supplying aparameter that islonger than the buffer (overflows) • When finger terminates,control goes to a placeset by the attack andis not returned to foo.

  8. Types of Attacks • Remote execution • Service to upload and start code on remote machine • Mobile agent: may migrate among machines • Like worm but legitimate migration • Must be designed carefully to prevent abuse of privileges of remote host environment • Wire tapping • Insert a device into line or listen to wireless • Passive (listen) or Active (modify) • Waste searching • Look for passwords or sensitive data

  9. Types of Attacks • Masquerading • Impersonate process, user, service • Used from outside: • Use stolen password (impersonate a legitimate user) • Break communication line, assume session • Used from within (spoofing): • Impersonate login shell, steal password • Trial and error • e.g., try to guess password

  10. Types of Attacks -- Classification • From within • direct access as a valid process • indirect Access via agent (attacker not present during attack) • From outside • channels provided for legitimate purposes • illegitimate channels

  11. Functions of a Protection System • External safeguards • guard physical access (locks, badges, cameras) • Verification of user identity (User Authentication)  • Communication safeguards • protect public/vulnerable lines: cryptography • Access control (Ch 13) • can Subject perform function on Resource • Information flow control (Ch 13) • can S get information contained in R (indirectly)

  12. User Authentication • Approaches: • Knowledge of some information • Password, dialog • Possession of some artifact • Machine-readable cards (ATM) • Combine with knowledge (PIN) • Biometrics: Physical characteristics of person • Fingerprint • Hand geometry • Face geometry • Retina or iris scan • Voice print • Signature dynamics

  13. Fingerprint Recognition Extremely useful biometrics technology Fingerprints are a primary and accurate identification method

  14. Fingerprint Recognition Finger Image + Minutiae Finger Image Minutiae • Uses the ridge endings and bifurcation's to plot points known as minutiae • The number and locations of the minutiae vary from finger to finger and from person to person

  15. Uses an image or series of images • Principle: analysis of the unique shape, pattern and positioning of facial features • Passive: does not require a person’s cooperation • Highly complex technology Face Recognition Common approach: Face geometry

  16. Voice Recognition Not speechrecognition, it is speaker recognition Low-cost (cheap hardware) Not very accurate (voice varies, noise) Can be stolen (recorded)

  17. Hand geometry • one of the most deployed biometrics world wide Ben GurionAirport (Israel)

  18. Signature Verification • Static/off-line: • match pattern (image) • can easily be reproduced • Dynamic/On-line: • match movement of the pen during signing process (pressure, speed) • Many commercial products

  19. Iris recognition Heathrow Airport (London) • Based on visible features, i.e. rings, furrows, freckles and the corona • Safest, most accurate biometrics technology

  20. Retina recognition Capture the pattern of blood vessels throughout the retina No two retinas are the same, even in identical twins More difficult/less convenient than iris scan

  21. Other techniques • DNA • Unique(except for identical twins) but many imitations: • not fully automated, slow, expensive • privacy issue – DNA contains information about race, paternity, medical conditions • requires a physical sample of tissue • Thermograms • infrared camera to detect the heat patterns

  22. User Authentication • Problem with biometrics:uncertainty in recognition • System generates anumber 0  n  1 • Bimodal distribution • Threshold must be chosen to minimize • false alarms • imposter acceptance

  23. User Authentication • Passwords • Must protect stored password files from access • Must prevent trial and error (guessing) • Protecting password files • Maintain unencrypted; rely on access control • Encrypt using “one-way” function H: • H-1is unknown • knowing H(x) does not yield x • keep only H(pw) with user name • at login, compute H(pw’) and compare with H(pw)

  24. User Authentication • Preventing password guessing • System-generated pw • Random string: difficult to memorize • “Pronounceable” words • System-validated • Accept only passwords that obey specifications (length, mix of letters/digits, upper/lower case) • Employ password-cracking programs toreject easy-to-guess passwords • Time-limited • Expiration date or number of uses

  25. User Authentication • One-time passwords • Smart card (can be lost or stolen) • Use secret function; • System generates a challenge n, user replies with f(n) as password; e.g. f(n)=3*n/2 • Use one-way function to generate series ofone-time passwords from one password pw • … H(H(H(pw))) H(H(pw)) H(pw) pw • Intruder can derive H(H(pw)) from H(pw)but not H(pw) from H(H(pw))because H-1 is unknown

  26. User Authentication • guess any valid password: • repeatedly generate strings s (dictionary, random, …), check if H(s) is in table • System-extended pw • for each pw, generate randomnumber slt (called “salt”) • store: UserName,slt,H(slt,pw) • guessing: must check H(slt,s) for every sltin table • salting does not make it harder to guess the password of a specific user

  27. Functions of a Protection System • External safeguards • Guard physical access (locks, badges, cameras) • Verification of user identity (User Authentication) • Communication safeguards  • Protect public/vulnerable lines: cryptography • Access control • Can Subject perform function on Resource • Information flow control • Can S get information contained in R (indirectly)

  28. Secure Communication • Principles of cryptography: • Cipher text, Plain text, Key(s) • Encrypt: C = E(P,Ke) • Decrypt: D(C,Kd) = P • Goals: • Secrecy = message content not revealed • Integrity = message not modified • Authenticity = establish identity of sender • Nonrepudiability = establish identity of creator (regardless of who sent it) • an actor cannot deny creation of message (signature)

  29. Secure Communication • Secret-key Cryptosystems • Symmetric: • S and Rshare a common secret key K which is used for both encrypting and decrypting

  30. Secure Communication • Examples • transposition cipher: • rearranges the order of letters • example algorithm: swap 2 letters, skip n • key: n • e.g., n=1: 'hello world' → 'ehlolowrdlnd’ • substitution cipher • replace letters or groups of letters • example: Cesar cypher • algorithm: replace every letter by the letter k positions down in the alphabet • key: k • e.g., k=1: 'fly at once' → 'gmzbupodf‘ • Easy to break using statistical analysis

  31. Secure Communication • Example: DES • US standard (1977) • Blocks of 64 bits • Block is divided into L and R half • F applies Key to R • result is XOR’d with L, becomes new R • old R becomes new L • repeat 16 times • F uses: • permutations • substitutions • XOR with a 56-bit key • Triple-DES • C = DEA(DEA(DEA(P, K3), K2, K1)

  32. Secure Communication • With Secret-key cryptosystems: • Secrecy: only R can decrypt C • Integrity: intruder cannot produce valid message • Nonrepudiation: not possible, S can deny • Authenticity of sender: must prevent replay

  33. Secure Communication • Use nonceN to prevent replay of message: S R (1)  N (2) C=E({P,N},K)  • Capturing either message does not help;both are different every time • Use timestampT to prevent replay S R C=E({P,T},K)  • Limits possible replay to a chosen time interval

  34. Secure Communication • Key distribution and authentication • Both S and R must have the same key K • Trusted server approach: • Each process has its own secret key for communication with trusted Key Distribution Center (KDC) • At runtime, process A asks KDC for a Session Key KABfor communication with process B KDC A B(1)  A,B(2) E({KAB,B,ticket},KA) (3) ticket  ticket = E({KAB,A},KB)

  35. Secure Communication • Public-key cryptosystems (Diffie-Hellman, 1976) • Asymmetric: different keys for encryption and decryption • One cannot be derived from the other • One is Public key, other is Private

  36. Secure Communication • With Public-key cryptosystems • Secrecy: only R can decrypt message using KRpriv • Integrity: intruder cannot produce valid message without KSpriv • Authenticity of creator: same as integrity: only S knows KSpriv • Authenticity of sender: use nonce or timestamp to prevent replay

  37. Secure Communication • How to make a key/function so that the other cannot be derived from it? • RSA (Rivest, Shamir, Adelman) Public KeyC = E(P) = Pemod nP = D(C) = Cdmod n • (e,n): Public encryption key • (d,n): Private/secret decryption key;d cannot be derived from e

  38. Secure Communication • RSA Key Generation • Choose large primes p and q; compute n=p*q • Example: p=5, q=7, n=35 • Choose d to be a (large) prime number having no factors in common with (p1)*(q1) • Example:(51)*(71)=24; d=5 or 7 or 11 (choose 11) • Choose e such that e*d mod (p1)*(q1) = 1 • Example:e*11 mod 24 = 1; e = 11 or 35 or 59 or 83 …C = E(P) = P59 mod 35P = D(C) = C11 mod 35

  39. Secure Communication • Why is RSA encryption secure? • n is derived from p and q; (n=p*q) • d is also derived from p and q; (no common factors) • e is derived from d but also needs p and q; • only d is known/public, p and q have been discarded → e cannot be derived • similarly, d cannot be derived from e without p and q

  40. Secure Communication • Public key distribution and authentication • Making key public is easy, but need to authenticate it: • How does A safely get B’s public key KBpubl ? • Trusted server approach: KDC A(1)  A,B(2) E({B,KBpubl},KKDCpriv)  • KDC provides B’s public key KBpubl • KKDCpriv guarantees authenticity (KDC sent it)

  41. Secure Communication • Digital Signatures: • How can a document be “signed” and transmitted electronically? • Here is my signature • Anyone can copy and attach it to any document • Sign on paper, scan • Any document is digitized and can be modified • Public-key cryptosystems permit unforgeable electronic “signatures”?

  42. Secure Communication • Digital Signature: document M is to be “signed” • Sender generates unique digest:d = H(M) • Sender encrypts E(d,KSpriv),receiver decrypts with KSpubl • Receiver computes d’ = H(M); • d’ is a unique signature of document M • d=d’ means that d is a also a unique signature of M; • Decryption authenticates sender, proving sender sent d i.e., sender signed M