350 likes | 555 Vues
Overview of Security. Dr. Sriram Chellappan chellaps@mst.edu These slides are available at BlackBoard. Overview. Security Definitions Security threats and attacks Security Services Operational Issues. The Definition.
E N D
Overview of Security Dr. Sriram Chellappanchellaps@mst.edu These slides are available at BlackBoard
Overview • Security Definitions • Security threats and attacks • Security Services • Operational Issues
The Definition • Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable • Security rests on confidentiality, authenticity, integrity, availability, non-repudiation
In OS terms • Operating System Computer security – Addresses the issue of preventing unauthorized access to resources and information maintained by computers – Encompasses the following issues: • Guaranteeing the privacy and integrity of sensitive data • Restricting the use of computer resources • Providing resilience against malicious attempts to incapacitate the system – Employs mechanisms that shield resources such as hardware and operating system services from attack
The Basic Components • Confidentiality is the concealment of information or resources. • Authenticity is the identification and assurance of the origin of information. • Related to privacy • Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes. • Availability refers to the ability to use the information or resource desired. • Non-repudiation means that it can be verified that the sender and the recipient were, in fact, the parties who claimed to send/ receive a particular message, and the message sent/ received were the same
Security Threats and Attacks • A threat is a potential violation of security. • Flaws in design, implementation, and operation. • An attack is any action that violates security. • Active adversary. • A threat is typically a precursor to an attack
Eavesdropping - Message Interception (Attack on Confidentiality) • Unauthorized access to information • Packet sniffers and wiretappers • Illicit copying of files and programs R S Eavesdropper
Techniques to Enforce Confidentiality • Symmetric key distribution • What are the challenges • How to secure transmit the symmetric keys • Key revocation after a certain point in time • Protect the key from being lost • Latest technique to solve this problem • Asymmetric keys
Integrity Attack - Tampering With Messages • Stop the flow of the message • Delay and optionally modify the message • Release the message again R S Perpetrator
Techniques to Enforce Integrity • Message Authentication Codes • Accomplished using hash functions • That are collision resistant and have one-way property
Authenticity Attack - Fabrication • Unauthorized assumption of other’s identity • Generate and distribute objects under this identity R S Masquerader: from S
Techniques to Enforce Authentication • Standard Techniques are passwords • Easy to be captured by adversary • Easy to be guessed by adversary • Evolving techniques • Biometrics • One time password generator • Expand sample space of secret – password mapping • Access control mechanisms • Kerberos – A well known authentication technique
What is Kerberos? • Developed by MIT • Shared secret-based strong 3rd party authentication • Provides single sign-on capability • Passwords never sent across network And now – the players…
XYZ Service Key Distribution Center Ticket Granting Service Think “Kerberos Server” and don’t let yourself get mired in terminology. Authen- Tication Service Susan’s Desktop Computer Susan
XYZ Service Key Distribution Center Ticket Granting Service Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…) Authen- Tication Service Susan’s Desktop Computer Susan
Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service “I’d like to be allowed to get tickets from the Ticket Granting Server, please. Susan’s Desktop Computer Susan
Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service “Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.” Susan’s Desktop Computer Susan
Key Distribution Center Ticket Granting Service TGT Authen- Tication Service XYZ Service Susan’s Desktop Computer myPassword Susan
TGT Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”. The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication. The TGT contains no password information.
Key Distribution Center Ticket Granting Service TGT TGT Authen- Tication Service XYZ Service “Let me prove I am Susan to XYZ Service. Here’s a copy of my TGT!” Susan’s Desktop Computer use XYZ Susan
Key Distribution Center Ticket Granting Service TGT Authen- Tication Service XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS You’re Susan. Here, take this. Susan’s Desktop Computer Susan
Key Distribution Center Ticket Granting Service TGT Authen- Tication Service XYZ Service I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for XYZ. Hey XYZ: Susan is Susan. CONFIRMED: TGS Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan’s Desktop Computer Susan
Key Distribution Center Ticket Granting Service TGT Authen- Tication Service That’s Susan alright. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan’s Desktop Computer Susan
Authorization checks are performed by the XYZ service… Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service.
One remaining note: Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable. Until a ticket’s expiration, it may be used repeatedly.
Key Distribution Center Ticket Granting Service TGT Authen- Tication Service XYZ Service ME AGAIN! I’ll prove it. Here’s another copy of my legit service ticket for XYZ. Hey XYZ: Susan is Susan. CONFIRMED: TGS Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan’s Desktop Computer use XYZ Susan
Key Distribution Center Ticket Granting Service TGT Authen- Tication Service That’s Susan… again. Let me determine if she is authorized to use me. XYZ Service Hey XYZ: Susan is Susan. CONFIRMED: TGS Hey XYZ: Susan is Susan. CONFIRMED: TGS Susan’s Desktop Computer Susan
R S Attack on Availability • Destroy hardware (cutting fiber) or software • Corrupt packets in transit • Blatant denial of service (DoS): • Crashing the server • Overwhelm the server (use up its resource)
Techniques to Enforce Availability • Think of an example • Standard technique is almost always redundancy – Also called over-provisioning • Can be counter-productive sometimes • Think how
Impact of Attacks • Economic impacts • Societal impacts • Military impacts All attacks can be related and are dangerous!
Some trade-offs w.r.t. security • Availability vs. Privacy • Confidentiality vs. Power management • Privacy vs. Delay • Bandwidth vs. Privacy
Security Policy and Mechanism • Policy: a statement of what is, and is not allowed. • Mechanism: a procedure, tool, or method of enforcing a policy. • Security mechanisms implement functions that help prevent, detect, and respond to recovery from security attacks. • Security functions are typically made available to users as a set of security servicesthrough APIs or integrated interfaces. • Cryptography underlies many security mechanisms.
Operational Issues • Cost-Benefit Analysis • Risk Analysis • Laws and Customs Human Issues • Organizational Problems • People Problems
Proprietary and Open-Source Security • Advantages of open-source security applications • Interoperability • Open-source applications tend to implement standards and protocols that many developers include in their products. • An application’s source code is available for extensive testing and debugging by the community at large • Weaknesses of proprietary security • Nondisclosure • The number of collaborative users that can search for security flaws and contribute to the overall security of the application is limited • Proprietary systems, however, can be equally as secure as open-source systems