1 / 62

CIS 620 Advanced Operating Systems

CIS 620 Advanced Operating Systems. Lecture 10 – Security Prof. Timothy Arndt BU 331. What do we Need to Protect?. Data Information we keep on computers (product design, financial records, personnel data) Lost time, lost sales, lost confidence Resources

trella
Télécharger la présentation

CIS 620 Advanced Operating Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 620 Advanced Operating Systems Lecture 10 – Security Prof. Timothy Arndt BU 331

  2. What do we Need to Protect? • Data • Information we keep on computers (product design, financial records, personnel data) • Lost time, lost sales, lost confidence • Resources • Unauthorized use of computer time & space • Reputation • Misrepresentation, forgery, negative publicity

  3. Fundamental Security Objectives • Four fundamental objectives of Info Security • Confidentiality - Protection from unauthorized persons • Integrity - consistency of data; no unauthorized creation, alteration or destruction • Availability - ensuring access to legitimate users • Legitimate use - ensuring appropriate use by authorized users

  4. Basic Security Attacks • Intrusion - unauthorized access and use of systems • Denial of service - an attack aimed at preventing use of company computers • email bomb or flooding/Internet worm • disabled, rerouted or replaced services • Information theft - network taps, database access, hacking info sites to give out more info or to wrong parties

  5. Technical Safeguards • Security Services • Authentication (entity, data origin) • Access control (prevent unauthorized access) • Confidentiality (disclosure, encryption) • Data integrity (value of data item) • Non-repudiation (falsely denying a transaction) • Auditing (tracking attempted object access)

  6. Security Models • Host Security - enforced security on each host; progressively difficult to manage as number of hosts increase • Network Security - control network access to hosts and services; firewalls, strong authentication, and encryption

  7. Password Security • How can passwords be stolen? • Login spoofing • Password sniffing • Keystroke logging • Dictionary or brute force attack • Use CAPTCHA or lock out after failed attempts • In order to protect passwords, they are not stored directly on the computer. • Instead we use a cryptographic hash function and store the hash of the password

  8. Cryptographic Hash Functions • Cryptographic hash functions • Used for stored passwords • The functions is one-way – reversing it is not computationally feasible • The function is effectively one-to-one (hard to find two passwords that hash to the same value) • Input is variable length, output is fixed length (a digest)

  9. Hash Functions : MD5 • The structure of MD5 • 4 phases each consisting of 16 rounds • Each round uses a function (F, G, H, I)

  10. Hash Functions : MD5 • The 16 iterations during the first round in a phase in MD5.

  11. Linux Password Security • UNIX passwords (hashed) were traditionally stored in the file /etc/passwd • This file was readable by everyone • In order to increase security, the password file is “shadowed” (password stored in file /etc/shadow which is readable only by root)

  12. Linux Password Security • If someone has access to the hashed passwords and knows the hashing function, they can use brute force or dictionary attacks • Can use precomputation • So force user to use longer passwords • This requires much larger precomputed tables • But users don’t like long, randomish passwords • So “salt” the passwords before hashing

  13. Linux Password Security The use of salt to defeat precomputation of encrypted passwords.

  14. Linux Password Security • The use of precomputation involves a space-time tradeoff (we use a lot of space for the table, but we can look up a hash quickly) • If the hash of the salted password becomes too large, the table required would be much too big • So trade off time versus space using a rainbow file • We will need longer to look up a hash, but the table is smaller

  15. Firewall Solutions • Definition - hardware &/or software components that restrict access between a restricted network & the Internet or between networks • Logically - a separator, restricter, analyzer • Rarely a single object • Restricts people to entering at a controlled point • Prevents attackers from getting close to other defenses (host controls) • Restricts people to leaving at a controlled point

  16. Firewall Capabilities • Focus security decisions - single point to leverage control • Enforce security policy - minimize exceptions • Log Internet activity - analysis • Limit exposure - separate sensitive areas of one network from another or outside world

  17. Firewall Limitations • Can’t protect against • malicious insiders • connections that don’t go through it • new threats • viruses • scans for source & destination addresses & port numbers, not details of data

  18. Types of Firewalls • Simple traffic logging systems • audit log file of files accessed (HTTPD) • site usage/demand hours/links/browsers used • IP Packet Screening Routers (packet filtering gateway) • not only looks at ‘can’ it route, but ‘should’ it • selectively routes or blocks packets based on rules • based on protocols, destination (port 80), known source IP addresses

  19. Types of Firewalls (cont.) • Hardened Firewall Host (hardware) • Halts unauthorized users • Concentrates security, hides internal system names, centralizes & simplifies net management • Proxy Server (software) • Deals with external server requests on behalf of internal clients • May limit certain HTTP methods (CGI or Java applets)

  20. Common Solutions • Screened Host • Host attached to internal network using separate router • Internal host is only internal system that net hosts can connect to • Packet filtering configuration determines if internal hosts may connect to other external hosts Internet Firewall Screening Router Internal Network

  21. Common Solutions (cont.) • Firewall Architectures • Dual-homed host (two network interfaces) • One communicates externally, one internally • No direct communication internal to external hosts Internet Dual-homed Host Proxy Server Real Server Proxy Client/Internal Host

  22. Common Solutions (cont.) • Screened Sub-Net Architecture • Extra layer of security over screened host • Perimeter network further isolates the internal network from the Internet Internet Internal (Bastion Host) (email, FTP, DNS) Perimeter Network External Router (access router) Internal Router/ (choke router) Internal Network

  23. Other Variations • Multiple Bastion Hosts • Performance, redundancy, need to separate data & servers • Usenet, SNMP/DNS, FTP/WWW • Merge Interior & Exterior Routers • Sufficient capability to specify inbound & outbound filters • Usually on the perimeter network • Merge Bastion Host & Exterior Router • Use Multiple Exterior Routers • Multiple connections to Internet or Internet + other sites • Multiple Perimeter Nets • Redundancy, privacy

  24. Further developments • Second-generation Firewalls • Not just packet filtering, they work at the application layer and understand a set of applications (FTP, WWW, DNS) so they can protect against misuse of such applications • Third-generation Firewalls • Stateful firewalls which maintain state information on active connections and thus can reject packets which are not part of such a connection • Underlying Internet protocol undergoing revisions - IPv6

  25. Distributed systems security requirements • For any network transaction: • 1. Privacy 2. Confidentiality 3. Integrity • For reliable, secure communication: 1. Authentication- we are who we say we are 2. Certification - guarantee by 3rd party that ‘wawwswa’ 3. Confirmation - digital receipt of transaction 4. Nonrepudiation - binding agreement, digital proof of transaction 5. Encryption - for all of the above, encoded passage of information over open networks

  26. Cryptographic Techniques • Secret writing or cryptic symbolization • Technique - encryption algorithm or cryptosystem • defines a pair of data transformations • encryption and decryption • encryption = plaintext to ciphertext • both use ‘keys’ - seemingly random string • key length (number of bits) dependent upon cryptosystem

  27. Encrypt Decrypt Plaintext Plaintext Ciphertext Encryption Cryptosystems • Symmetric - private key systems (same key) • DES - Data Encryption Standard / 56-bit key • Vulnerable to exhaustive key search (2 56 possibilities) • New standard in process

  28. Symmetric Cryptosystems: DES • The principle of DES • Outline of one encryption round

  29. Symmetric Cryptosystems: DES • Details of per-round key generation in DES.

  30. Encryption Systems (cont.) • Asymmetric - public key systems (key pair) • 1976 - Stanford development • encryption mode: public key to private key • authentication mode: private key to public key • cryptosystems operating both ways called reversible • 1978 - RSA - reversible cryptosystem • based upon multiplication of two prime numbers • possible to crack via large computer resource • 1994 - 429-bit code cracked by scientific collaboration after 17 years • requires continual updating of modulus to protect • Jaws Tech, Inc. 4,096-bit (100 years)

  31. Public-Key Cryptosystems: RSA • Generating the private and public key requires four steps: • Choose two very large prime numbers, p and q • Compute n = p x q and z = (p – 1) x (q – 1) • Choose a number d that is relatively prime to z • Compute the number e such that e x d = 1 mod z

  32. Plaintext Plaintext Plaintext Signature Sign Verify Verifies? Sender’s Public key Digital Signature Standards • Accompanies a digitally encoded message • verifies originator of message • assures message not modified • satisfies non-repudiation requirement Sender’s Private key

  33. Digital Key Management • Life cycle management (cryptoperiod) • Generation & registration (random numbers) • Distribution & Availability • Key backup/recovery/key escrow • Replacement or update • Protection against disclosure • Termination or archival (confidentially archived information must be accessible after key retirement)

  34. Other Security Methods • Authentication Protocols built into communications protocol • transformed password (one-way function) • challenge-response (random value rec’d/sent) • time-stamp (synchronized clocks) • one-time password (different variant each login) • zero-knowledge technique (interactive proof) • Address-based Authentication (network address) • Personal Tokens (hardware & pw/ smart cards) • Biometrics (fingerprint, voiceprint, handwriting)

  35. Kerberos • Complete authentication system - MIT • DES symmetric cryptography • Online authentication servers • Host server & clients share symmetric keys • Client requests a ‘ticket’ / sends to server • Ticket interpreted only by correct server • Session key is generated by authentication server after successful exchange • Authentication service (AS) / Ticket-granting Service (TGS) / Client/Server (CS) authentication exchange

  36. Example: Kerberos • Authentication in Kerberos.

  37. Example: Kerberos • Setting up a secure channel in Kerberos.

  38. Web Security • Web Risks - server content / communications • Solutions - SSL / S-HTTP / SET • SSL (Secure Sockets Layer and its successor TLS Transport Layer Security) - session protection • Developed by Netscape to add communication protection • New layer protocol operating above TCP protocol • Protects any application protocol normally operating over TCP (HTTP, FTP, TELNET) • HTTPs represents SSL communication handling • Services: server authentication / client authentication / integrity (check values) / confidentiality (encryption)

  39. Web Security (SSL cont.) • SSL has two sub-protocols • SSL Record Protocol - defines basic format • Compression/MAC/encryption/data length • Assumes pre-existing keys • SSL Handshake Protocol - coordination • Negotiates protection algorithms between client and server for authentication, transmission of key certificates, establish session keys for use in integrity check and encryption • Domestic (128-bit) and intern’l (40-bit)

  40. Web Security - S-HTTP • Secure HTTP - security extension • Protects individual transaction request or response messages, similar to e-mail • Services: authentication, integrity, confidentiality + digital signatures (adds non-repudiation) • Flexibility in how messages are protected and key management

  41. Web Security Threats • Executable Programs - no foolproof defense • Java Applets - execution occurs on client system • Trusted execution environment (sandbox) • Should not: inspect or alter client files, run system commands or load system s/w libraries • Should: contact only originating server • Potential for hostile applets to send forged e-mail, crash browsers, kill running applets, consume resources

  42. Digital Signatures & Certificates • Two levels of authentication • signatures - • certificates - • Each requires a registration process

  43. Certificate Authority (CA) • Recognized & trusted party • Confirms identity of private key holder (subscriber) • Digitally signs the collection of information known as a certificate • Includes public key of private key holder • 3rd Party (Open) - fee-based key distribution • Internal to org or group (Closed) - self-contained key distribution & authentication

  44. Public Key Methods • Public key-private key distribution • Public key users have key to a CA • Requests copy of certificate & extracts public key (relying party) • Certificate is self-protecting • CA’s digital signature is inside the certificate • CA’s signature would not verify if tampered with • Certificates distributed over unsecured channels • Downside is multiple CAs (certification path)

  45. Certificate Issues • Validity Period - Restricted lifetimes • Limit cryptanalysis & vulnerability • Scheduled start & expire times • Legal aspect of closed vs. open CAs • Open may provide better evidence • Similar role to that of notary • Utah Digital Signature Law - • Reliability of any digital signature depends upon reliability of a CA association of the key w/a person

  46. Key Management • Key pair generation & transfer • Key-pair holder system • Generated in user system where private key stored • Supports non-repudiation / private key never leaves • Central system • Generated in other system or CA • Greater resource & controls, higher quality, back-up or archive functions • Mixed methods for types of key-pairs • Digital signature at key holder encryption at CA

  47. Key Management (cont.) • Private-key Protection / Access Control • Storage in tamper-resistant device (smart card) • Storage in encrypted file • Password or PIN for personal authentication • Software control / digital wallet • Key-pair Update / policy • Different Types / Different Requirements • RSA can perform encryption & signatures • Digital sig keys - should be created & remain on system (ANSI X9.57); recreated as needed; no archival required • Encryption keys - backup & archival needed

  48. Key Management (cont.) • Other differing requirements • Encryption limits (56-bit) restrict signature strength • Two types may have differing cryptoperiods • Not all algorithms have RSA dual properties • Private encryption keys may have to be provided to government, digital signature keys should never be

  49. Certificate Application Process • Registration with Certificate Authority • Establish relationship & provide subscriber info • Explicitly apply & accept certificate • Authentication • Personal presence, ID documents • Use of intermediaries as local registration authorities • Distribution • Accompanying digital signature • Directory Service (X.500 standards)

  50. Certificate Distribution Protocols • International Telecom Union (ITU) & ISO • 1984-88 - X.509 for public key distribution • Slow acceptance due to competitive issues • Proprietary alternatives • MS Exchange, Notes directory, Novell NDS, Banyan StreetTalk • LDAP (Internet Lightweight Directory Access) access protocol rather than db technology • S/MIME or specialized Web Servers

More Related