980 likes | 1.17k Vues
Security Overview. Security Objectives. Confidentiality : prevent/detect/deter improper disclosure of information Integrity : prevent/detect/deter improper modification of information Availability : prevent/detect/deter improper denial of access to services. Distributed applications.
E N D
Security Objectives • Confidentiality: prevent/detect/deter improper disclosure of information • Integrity: prevent/detect/deter improper modification of information • Availability: prevent/detect/deter improper denial of access to services CSCE 824
Distributed applications Authenticity Non-repudiation CSCE 824
Sample Questions What is the trade off between the security objectives? Give an example of the security objectives in the domain of college education. Consider the trend about attack sophistication and intruder’s knowledge. Recommend an approach to enhance the security of future computing systems. CSCE 824
Achieving Security • Policy • What to protect? • Mechanism • How to protect? • Assurance • How good is the protection? CSCE 824
Security Policy Organizational Policy Computerized Information System Policy CSCE 824
Sample Questions Why do we need to fit the security policy into the organizational policy? Why is it recommended to separate policy from mechanism? What does “assurance” mean in the context of security? Give an example security policy enforced on your personal computer/CSE computing system/CEC computing system and recommend security mechanism to implement the policy. CSCE 824
Security Mechanism • Prevention • Detection • Tolerance/Recovery CSCE 824
Security Tradeoffs Security Functionality COST Ease of Use CSCE 824
Threats, Attacks, Vulnerability, Risk • Types of threats • Types of attacks • Relation to security objectives • M(ethod), O(pportunity), and M(otive) of attacks • Methods of defense – Security planning • Risk Management CSCE 824
Carry Out Fixes and Validate Identify Business and Technical Risks Define Risk Mitigation Strategy Synthesize and Rank Risks Measurement and Reporting Risk Management Framework (Business Context) Understand Business Context CSCE 824
Sample Questions Give an example of vulnerability, threat, risk, and attack in the domain of … What does it mean “weakest link” of defense? Recommend a way to increase computing system’s security by incorporating security trade offs into the security planning. Why do we need to understand the business context to have effective security? CSCE 824
Snooper Insecure channel Recipient Sender Insecure communications Confidential
Cryptographic Protocols • Messages should be transmitted to destination • Only the recipient should see it • Only the recipient should get it • Proof of the sender’s identity • Message shouldn’t be corrupted in transit • Message should be sent/received once only
Conventional (Secret Key) Cryptosystem Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel
Public Key Cryptosystem Recipient’s public Key (Kpub) Recipient’s private Key (Kpriv) Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient C=E(Kpub,M) M=D(Kpriv,C) Kpubneeds reliable channel
Cryptography • Cryptanalyst’s goal: • Break message • Break key • Break algorithm • Taxonomy of attacks • Breakable vs. unbreakable cryptographic system • Properties of good cryptosystem.
Cryptosystem Vulnerabilities • Passive Attacker (Eavesdropper) • Active Attacker • Capabilities
Basic Encryption Techniques • Substitution • Permutation • Combinations and iterations of these • Techniques and attacks • ADVANTAGES/DISADVANTAGES!
Inherent Weaknesses of Symmetric Cryptography • Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) • Need a key for each pair of users • n users need n*(n-1)/2 keys • If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages
Product Ciphers One encryption applied to the result of the other En(En-1(…(E1(M)))), e.g., • Double transposition • Substitution followed by permutation, followed by substitution, followed by permutation… • Broken for • Chosen plaintext CSCE 824
Trustworthy Encryption Systems Based on sound mathematics Has been analyzed by experts Has stood the test of time Examples: Data Encryption Standard (DES), Advanced Encryption Standard (AES), River-Shamir-Adelman (RSA)
Public Key Encryption CSCE 824
Public-Key Encryption • Two keys – one is private one is public • Solves the key distribution problem (but need reliable channel) • Provides electronic signatures • Slower than secret-key encryption CSCE 522 - Farkas CSCE 824 25
Public-Key Encryption • Needed for security: • One of the keys must be kept secret • Impossible (at least impractical) to decipher message if no other information is available • Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key Lecture 6 CSCE 522 - Farkas CSCE 824 26
RSA – Notation C = E(KE-B, M) M = D(KD-B,C) KE-B: public key of B KD-B: private key of B E: encryption alg. D: decryption alg. M: plaintext C: ciphertext Lecture 6 CSCE 522 - Farkas CSCE 824 27
RSA • Both sender and receiver know n • Sender knows e • Only receiver knows d • Modulus: Remainder after division, i.e., if a mod n=b then a=c*n+b • Need: • Find values e,d,n such that • Easy to calculate Me, Cd for all M < n • Infeasible to determine d give e Med mod n = M mod n Lecture 6 CSCE 522 - Farkas CSCE 824 28
Signature and Encryption B Encrypted Signed Plaintext A Signed Plaintext Signed Plaintext Plaintext Plaintext D E D E B’s public key A’s public key B’s private key A’s private key Lecture 6 CSCE 522 - Farkas CSCE 824 29
Non-repudiation • Requires notarized signature, involving a third party • Large system: hierarchies of notarization Lecture 6 CSCE 522 - Farkas CSCE 824 30
Cryptographic Hash Functions CSCE 824
Hash Functions • Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression) • Accidental or intentional change to the data will change the hash value • Given h and x, h(x) is easy to compute (ease of computation) Lecture 8-9 CSCE 522 - Farkas CSCE 824 32
Good Hash Function It is easy to compute the hash value for any given message It is infeasible to find a message that has a given hash It is infeasible to modify a message without changing its hash It is infeasible to find two different messages with the same hash Lecture 8-9 CSCE 522 - Farkas CSCE 824 33
Cryptographic Protocols CSCE 824
Protocols • Good protocol characteristics: • Established in advance • Mutually subscribed • Unambiguous • Complete Lecture 6 CSCE 522 - Farkas CSCE 824 35
Symmetric-Key Distribution: Symmetric-Key Techniques • Symmetric-Key without Server • Symmetric-Key with Server Lecture 6 CSCE 522 - Farkas CSCE 824 36
Symmetric-Key Distribution: Public-Key Techniques • Simple secret key distribution • Secret key distribution with confidentiality and authentication • Diffie-Hellman Key Exchange Lecture 6 CSCE 522 - Farkas CSCE 824 37
Public key of S Secret Session key Simple secret key distribution KE-S ||ID-S 2. E KE-S(Ksession) Sender Recipient Vulnerable to active attack! HOW? Lecture 6 CSCE 522 - Farkas CSCE 824 38
Nonce With confidentiality and authentication Assume: KE-R and KE-S are known in advance E KE-R[N1||ID-A] 2. E KE-S[N1||N2] 3. E KE-R[N2] 4. E KE-R E KD-S(Ksession) Sender Recipient Question: Why do we need reliable distribution of public keys? Lecture 6 CSCE 522 - Farkas CSCE 824 39
Intruder in the Middle Attack Intruder John Rose Hi Rose, I’m John. Hi Rose, I’m John. Hi John, I’m Rose. Hi John, I’m Rose. Intruder and John Uses Diffie-Hellman To agree on key K. Intruder and Rose Uses Diffie-Hellman To agree on key K’. Question: the attacker may want to have K and K’ be the same, Why? Lecture 6 CSCE 522 - Farkas CSCE 824 40
Asymmetric-Key Exchange • Without server • Broadcasting • Publicly available directory • With server • Public key distribution center • Certificates Lecture 6 CSCE 522 - Farkas CSCE 824 41
Public-key certificates Certificate Authority KE-R KE-S C-S=EKD-CAuth[Time1,ID-S,KE-S] CR=EKD-CAuth[Time2,ID-R,KE-R] 1. C-S Sender Recipient 2. C-R Lecture 6 CSCE 522 - Farkas CSCE 824 42
Certificates • Guarantees the validity of the information • Establishing trust • Public key and user identity are bound together, then signed by someone trusted • Need: digital signature Lecture 6 CSCE 522 - Farkas CSCE 824 43
Digital Signature • Need the same effect as a real signature • Un-forgeable • Authentic • Non-alterable • Not reusable Lecture 6 CSCE 522 - Farkas CSCE 824 44
Digital signature • Direct digital signature: public-key cryptography based • Arbitrated digital signature: • Conventional encryption: • Arbiter sees message • Arbiter does not see message • Public-key based • Arbiter does not see message Lecture 6 CSCE 522 - Farkas CSCE 824 45
Identification and Authentication CSCE 824
Authentication • Allows an entity (a user or a system) to prove its identity to another entity • Typically, the entity whose identity is verified reveals knowledge of some secret S to the verifier • Strong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier
Authentication Information Must be securely maintained by the system.
Authentication Requirements • Network must ensure • Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages • Network must ensure data source is the one claimed • Authentication generally follows identification • Establish validity of claimed identity • Provide protection against fraudulent transactions
User Authentication • What the user knows • Password, personal information • What the user possesses • Physical key, ticket, passport, token, smart card • What the user is (biometrics) • Fingerprints, voiceprint, signature dynamics