1 / 95

Security Overview

Security Overview. Security Objectives. Confidentiality : prevent/detect/deter improper disclosure of information Integrity : prevent/detect/deter improper modification of information Availability : prevent/detect/deter improper denial of access to services. Distributed applications.

Télécharger la présentation

Security Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Overview

  2. Security Objectives • Confidentiality: prevent/detect/deter improper disclosure of information • Integrity: prevent/detect/deter improper modification of information • Availability: prevent/detect/deter improper denial of access to services CSCE 824

  3. Distributed applications Authenticity Non-repudiation CSCE 824

  4. Sample Questions What is the trade off between the security objectives? Give an example of the security objectives in the domain of college education. Consider the trend about attack sophistication and intruder’s knowledge. Recommend an approach to enhance the security of future computing systems. CSCE 824

  5. Achieving Security • Policy • What to protect? • Mechanism • How to protect? • Assurance • How good is the protection? CSCE 824

  6. Security Policy Organizational Policy Computerized Information System Policy CSCE 824

  7. Sample Questions Why do we need to fit the security policy into the organizational policy? Why is it recommended to separate policy from mechanism? What does “assurance” mean in the context of security? Give an example security policy enforced on your personal computer/CSE computing system/CEC computing system and recommend security mechanism to implement the policy. CSCE 824

  8. Security Mechanism • Prevention • Detection • Tolerance/Recovery CSCE 824

  9. Security Tradeoffs Security Functionality COST Ease of Use CSCE 824

  10. Threats, Attacks, Vulnerability, Risk • Types of threats • Types of attacks • Relation to security objectives • M(ethod), O(pportunity), and M(otive) of attacks • Methods of defense – Security planning • Risk Management CSCE 824

  11. Carry Out Fixes and Validate Identify Business and Technical Risks Define Risk Mitigation Strategy Synthesize and Rank Risks Measurement and Reporting Risk Management Framework (Business Context) Understand Business Context CSCE 824

  12. Sample Questions Give an example of vulnerability, threat, risk, and attack in the domain of … What does it mean “weakest link” of defense? Recommend a way to increase computing system’s security by incorporating security trade offs into the security planning. Why do we need to understand the business context to have effective security? CSCE 824

  13. Cryptography

  14. Snooper Insecure channel Recipient Sender Insecure communications Confidential

  15. Cryptographic Protocols • Messages should be transmitted to destination • Only the recipient should see it • Only the recipient should get it • Proof of the sender’s identity • Message shouldn’t be corrupted in transit • Message should be sent/received once only

  16. Conventional (Secret Key) Cryptosystem Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient K C=E(K,M) M=D(K,C) K needs secure channel

  17. Public Key Cryptosystem Recipient’s public Key (Kpub) Recipient’s private Key (Kpriv) Plaintext Ciphertext Plaintext Encryption Decryption Sender Recipient C=E(Kpub,M) M=D(Kpriv,C) Kpubneeds reliable channel

  18. Cryptography • Cryptanalyst’s goal: • Break message • Break key • Break algorithm • Taxonomy of attacks • Breakable vs. unbreakable cryptographic system • Properties of good cryptosystem.

  19. Cryptosystem Vulnerabilities • Passive Attacker (Eavesdropper) • Active Attacker • Capabilities

  20. Basic Encryption Techniques • Substitution • Permutation • Combinations and iterations of these • Techniques and attacks • ADVANTAGES/DISADVANTAGES!

  21. Inherent Weaknesses of Symmetric Cryptography • Key distribution must be done secretly (difficult when parties are geographically distant, or don't know each other) • Need a key for each pair of users • n users need n*(n-1)/2 keys • If the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages

  22. Product Ciphers One encryption applied to the result of the other En(En-1(…(E1(M)))), e.g., • Double transposition • Substitution followed by permutation, followed by substitution, followed by permutation… • Broken for • Chosen plaintext CSCE 824

  23. Trustworthy Encryption Systems Based on sound mathematics Has been analyzed by experts Has stood the test of time Examples: Data Encryption Standard (DES), Advanced Encryption Standard (AES), River-Shamir-Adelman (RSA)

  24. Public Key Encryption CSCE 824

  25. Public-Key Encryption • Two keys – one is private one is public • Solves the key distribution problem (but need reliable channel) • Provides electronic signatures • Slower than secret-key encryption CSCE 522 - Farkas CSCE 824 25

  26. Public-Key Encryption • Needed for security: • One of the keys must be kept secret • Impossible (at least impractical) to decipher message if no other information is available • Knowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key Lecture 6 CSCE 522 - Farkas CSCE 824 26

  27. RSA – Notation C = E(KE-B, M) M = D(KD-B,C) KE-B: public key of B KD-B: private key of B E: encryption alg. D: decryption alg. M: plaintext C: ciphertext Lecture 6 CSCE 522 - Farkas CSCE 824 27

  28. RSA • Both sender and receiver know n • Sender knows e • Only receiver knows d • Modulus: Remainder after division, i.e., if a mod n=b then a=c*n+b • Need: • Find values e,d,n such that • Easy to calculate Me, Cd for all M < n • Infeasible to determine d give e Med mod n = M mod n Lecture 6 CSCE 522 - Farkas CSCE 824 28

  29. Signature and Encryption B Encrypted Signed Plaintext A Signed Plaintext Signed Plaintext Plaintext Plaintext D E D E B’s public key A’s public key B’s private key A’s private key Lecture 6 CSCE 522 - Farkas CSCE 824 29

  30. Non-repudiation • Requires notarized signature, involving a third party • Large system: hierarchies of notarization Lecture 6 CSCE 522 - Farkas CSCE 824 30

  31. Cryptographic Hash Functions CSCE 824

  32. Hash Functions • Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression) • Accidental or intentional change to the data will change the hash value • Given h and x, h(x) is easy to compute (ease of computation) Lecture 8-9 CSCE 522 - Farkas CSCE 824 32

  33. Good Hash Function It is easy to compute the hash value for any given message It is infeasible to find a message that has a given hash It is infeasible to modify a message without changing its hash It is infeasible to find two different messages with the same hash Lecture 8-9 CSCE 522 - Farkas CSCE 824 33

  34. Cryptographic Protocols CSCE 824

  35. Protocols • Good protocol characteristics: • Established in advance • Mutually subscribed • Unambiguous • Complete Lecture 6 CSCE 522 - Farkas CSCE 824 35

  36. Symmetric-Key Distribution: Symmetric-Key Techniques • Symmetric-Key without Server • Symmetric-Key with Server Lecture 6 CSCE 522 - Farkas CSCE 824 36

  37. Symmetric-Key Distribution: Public-Key Techniques • Simple secret key distribution • Secret key distribution with confidentiality and authentication • Diffie-Hellman Key Exchange Lecture 6 CSCE 522 - Farkas CSCE 824 37

  38. Public key of S Secret Session key Simple secret key distribution KE-S ||ID-S 2. E KE-S(Ksession) Sender Recipient Vulnerable to active attack! HOW? Lecture 6 CSCE 522 - Farkas CSCE 824 38

  39. Nonce With confidentiality and authentication Assume: KE-R and KE-S are known in advance E KE-R[N1||ID-A] 2. E KE-S[N1||N2] 3. E KE-R[N2] 4. E KE-R E KD-S(Ksession) Sender Recipient Question: Why do we need reliable distribution of public keys? Lecture 6 CSCE 522 - Farkas CSCE 824 39

  40. Intruder in the Middle Attack Intruder John Rose Hi Rose, I’m John. Hi Rose, I’m John. Hi John, I’m Rose. Hi John, I’m Rose. Intruder and John Uses Diffie-Hellman To agree on key K. Intruder and Rose Uses Diffie-Hellman To agree on key K’. Question: the attacker may want to have K and K’ be the same, Why? Lecture 6 CSCE 522 - Farkas CSCE 824 40

  41. Asymmetric-Key Exchange • Without server • Broadcasting • Publicly available directory • With server • Public key distribution center • Certificates Lecture 6 CSCE 522 - Farkas CSCE 824 41

  42. Public-key certificates Certificate Authority KE-R KE-S C-S=EKD-CAuth[Time1,ID-S,KE-S] CR=EKD-CAuth[Time2,ID-R,KE-R] 1. C-S Sender Recipient 2. C-R Lecture 6 CSCE 522 - Farkas CSCE 824 42

  43. Certificates • Guarantees the validity of the information • Establishing trust • Public key and user identity are bound together, then signed by someone trusted • Need: digital signature Lecture 6 CSCE 522 - Farkas CSCE 824 43

  44. Digital Signature • Need the same effect as a real signature • Un-forgeable • Authentic • Non-alterable • Not reusable Lecture 6 CSCE 522 - Farkas CSCE 824 44

  45. Digital signature • Direct digital signature: public-key cryptography based • Arbitrated digital signature: • Conventional encryption: • Arbiter sees message • Arbiter does not see message • Public-key based • Arbiter does not see message Lecture 6 CSCE 522 - Farkas CSCE 824 45

  46. Identification and Authentication CSCE 824

  47. Authentication • Allows an entity (a user or a system) to prove its identity to another entity • Typically, the entity whose identity is verified reveals knowledge of some secret S to the verifier • Strong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier

  48. Authentication Information Must be securely maintained by the system.

  49. Authentication Requirements • Network must ensure • Data exchange is established with addressed peer entity not with an entity that masquerades or replays previous messages • Network must ensure data source is the one claimed • Authentication generally follows identification • Establish validity of claimed identity • Provide protection against fraudulent transactions

  50. User Authentication • What the user knows • Password, personal information • What the user possesses • Physical key, ticket, passport, token, smart card • What the user is (biometrics) • Fingerprints, voiceprint, signature dynamics

More Related