Introduction to Computer Security - CSE at...

Introduction to Computer Security

Instructor: Mahadevan Gomathisankaran

[email protected]

CSCE 4550/5550, Fall 2009 Recap I 1

mailto:[email protected]�

Syllabus

• What do we learn in this course ?– common security terminology, threats,

vulnerabilities, and security design principles.– basic cryptography concepts, and specific

commonly used algorithms and protocols.– basic network security issues and controls.


Syllabus

• What do we learn in this course ?– common program vulnerabilities, and secure

programming techniques.– security models, including Bell-La Padula

(MLS), Biba, and Chinese Wall security.

– administrative issues in security, such as planning, security policies, and risk analysis.


Syllabus

• What do we learn in this course ?– hands-on experience in using common security

tools, such as firewalls, intrusion detection systems and scanning.


Basic Goals• Confidentiality

– Concealment of Information or Resources– Information only available to authorized parties

• Integrity– Information is precise, accurate, – Modified

• In acceptable ways• By acceptable People• Using appropriate process

– Internally Consistent – Meaningful, and usable– Data integrity and Origin Integrity

• Availability– Services provide timely response, fair allocation of resources,

quality of service


Extended Goals

• Information Assurance– Authentication

• Establishing the validity of a transmission, message, or originator (including verifying the identity of a participant)

– Non-repudiation • Messages or actions are accompanied by proof which

cannot be denied


Terminology

• Threat– A set of circumstances that has the potential to

cause loss or harm (Textbook)• Interception, Interruption, Modification and

Fabrication

– Potential violation of security (Matt Bishop)• Disclosure, Disruption, Usurpation and Deception

– Examples:• Snooping -> interception• Spoofing -> deception and usurpation


Terminology• System Susceptibility

– The capacity of a system to be affected by a threat• Access to the flaw

– The ability of a threat to gain access to a system, either physically or logically (e.g. over the network)

• Capability to exploit the flaw– The ability of the threat to employ the knowledge and

tools necessary to exploit the system to achieve the desired goal

• Vulnerability– intersection of a system susceptibility or flaw, access to

the flaw, and the capability to exploit the flaw– A weakness in the security system


Terminology

• Control– A protective measure to reduce or remove

vulnerability– An action, device, procedure or technique

• A threat is blocked by control of a vulnerability

• Attack– An act of violation of the security using the

vulnerabilities


Terminology

• Trojan Horse– A trojan horse is a part of the program that

otherwise conforms to the security policy

• Trapdoor– A feature built into a program/process such

that the provision of specific input data allows it overcome the security policy

– Read: Reflections on Trusting Trust by Ken Thompsum

CSCE 4550/5550, Fall 2009 Recap I 10

Terminology

• Virus– A virus is a program that when executed

operates entirely within the security policy– Uses trojan horse to attach itself

• Worm– A program that migrates from one Comp. Env.

To another– Good worms: distribute software, propagate

bug fixes, etc.– Bad Worms: carry viruses

CSCE 4550/5550, Fall 2009 Recap I 11

Terminology

• Overt channel– Communication channel that is used in the way

it is intended to use

• Covert Channel– Mechanism for two processes to communicate

in violation of security policy• Storage Channel• Timing Channel

CSCE 4550/5550, Fall 2009 Recap I 12

Cryptosystem

CSCE 4550/5550, Fall 2009 Recap I 13

Alice Bob

ChannelM

Message

MC=E(kA,M)

ciphertext

E(kA,M)

Alice’skey

kA

(plaintext)

EncryptionFunction

D(kB,C)kB

Bob’skeyDecryption

Function

Cryptanalysis

• Analyzing algorithms and encrypted text with the objective of breaking the encryption

• Some goals:– Break a message (“Instance deduction”)– Recognize patterns– Deduce key (break subsequent messages)– Infer meaning from ciphertext traffic (“traffic

analysis”)– Find weakness in implementation– Find weaknesses in algorithm

• All is fair in “cryptanalysis”

CSCE 4550/5550, Fall 2009 Recap I 14

Cryptanalysis

• Ciphertext only attack– Given: E; D; C1, C2, … Cn– Required: K; or P1, P2, … Pn; or Pn+1 from Cn+1

• Known plaintext attack– Given: E; D; Pi,Ci;– Required: K; or Pn+1 from Cn+1

• Chosen plaintext attack– Given: E; D; Pi,Ci;

• Cryptanalyst chooses Pi– Required: K; or Pn+1 from Cn+1

CSCE 4550/5550, Fall 2009 Recap I 15

Cryptanalysis

• Adaptive chosen plaintext– The plaintexts are chosen adaptively based on

the encryption algorithm– Incremental information buildup

• Chosen ciphertext attack– Inverse of chosen plaintext attack– Useful for public key encryptions

• Rubber-hose attack– Non-technical– Social engineering

CSCE 4550/5550, Fall 2009 Recap I 16

Cryptanalysis

• Base attack– Brute Force attack

• Search for every possible key

– All the other cryptanalytic attacks are measured against this attack

CSCE 4550/5550, Fall 2009 Recap I 17

Cryptosystem Principles

• Shanon (Communication Theory of Secrecy Systems, published in 1949)– Confusion: making the relationship between

the key and the ciphertext as complex and involved as possible

– Diffusion: the property that the redundancy in the statistics of the plaintext is "dissipated" in the statistics of the ciphertext

CSCE 4550/5550, Fall 2009 Recap I 18

Encryption Types

CSCE 4550/5550, Fall 2009 Recap I 19

Encryption

Classical Modern

Substitution Transposition Symmetric Asymmetric

Stream Block

Cryptographic Primitives• Cipher

– Goal: Protect confidentiality– Symmetric: Sender and receiver need a shared secret– Asymmetric: Only the receiver needs secret, anyone can send

• Digital Signature– Goal: Validate sender (authentication and non-repudiation)– Asymmetric only: Signer knows secret, anyone can verify

• Cryptographic Hash– Goal: Identify big data with a short digest (“fingerprint” or “digest”)– Anyone can compute – no secrets

• Message Authentication Code (MAC)– Hash function with a secret key– Almost like a symmetric cryptography signature

CSCE 4550/5550, Fall 2009 Recap I 20

Cipher Mode

• Cipher + Feedback + Additional Operations– Security is based on the cipher– Operations should not violate the security

• Objectives– Increase the Message size– Increase the Key size– Improve the Security

CSCE 4550/5550, Fall 2009 Recap I 21

Feistel Cipher

• Principle– Designing stronger ‘pseudo-random permutation’

function from weaker ‘pseudo-random’ function

CSCE 4550/5550, Fall 2009 Recap I 22

F F

Round 1 Round 2

Plai

n te

xt

Cip

her t

ext

Round n (no swap)

K0 K1

Differential Cryptanalysis

• How difference at the Input affects the difference at the output

• Analyze the S-boxes for high probability differential pairs– Chosen plaintext

• Provide high probability differential input to the Cipher

• Partially decrypt the last round to predict the key bits

CSCE 4550/5550, Fall 2009 Recap I 23

Linear Cryptanalysis

• Find high probability linear relationships between P, C and K

– Construct for S-boxes– Construct for the Cipher (Pilling up Lemma)

• Partially decrypt the last round to predict key bits

CSCE 4550/5550, Fall 2009 Recap I 24

Stream Ciphers

• Encrypts the message in a bitwise manner– A seed (K) and a Pseudo Random Number Generator

(PRNG) is used to create a (pseudo) random key stream– Bitwise operations, e.g. shift registers, XOR, etc.

CSCE 4550/5550, Fall 2009 Recap I 25

Key StreamGenerator

Seed (Key)

Plaintext Ciphertext

Stream Ciphers

• Synchronous – FB does not involve Plaintext or Ciphertext

• Self Synchronizing– FB uses ‘previous N ciphertext bits’– Example: CFB

CSCE 4550/5550, Fall 2009 Recap I 26

Asymmetric Ciphers• Idea due to Diffie and Hellman in 1976

– Maybe not the first! British declassified documents showing they were using this in the early 1970’s!

• Different encryption and decryption keys– Decryption key difficult to compute from encryption key– Relationship between keys depends on secret knowledge

(“trapdoor”) known only to key generator– Public key can be widely published

• Security based on some explicitly-stated mathematical problem which is assumed hard (NP-Complete)– Note: Like all crypto, based on assumptions!

CSCE 4550/5550, Fall 2009 Recap I 27

Network Protocols

• A network protocol provides syntactic and semantic rules for communication.– Often defined in terms of state machines– Standards allow service-based interoperability

• Internet RFCs (TCP/IP, DNS, …)• IEEE standards (Ethernet, etc.)

• Protocols can be in hardware or software– Ethernet access protocol often in hardware– HTTP and other high-level usually in software

CSCE 4550/5550, Fall 2009 Recap I 28

Network Layers

CSCE 4550/5550, Fall 2009 Recap I 29

• Layered Model:– Each layer uses only the layer directly below it– Benefit: Different issues to address at different levels of abstraction

OSI Model

Data Unit Layer Function Example (Internet)

Host Layers

Data

7. Application Network process to application HTTP, FTP, SMTP (E-mail)…

6. Presentation Data representation and encryption

5. Session Interhost communication

Segment 4. Transport End-to-end connections and reliability

TCP, UDP

Media Layers

Packet 3. Network Path determination and logical addressing

IP (Internet Protocol)

Frame 2. Data Link Physical addressing Transmission media (ethernet, token ring, …)Bit 1. Physical Media, signal and binary

transmission

Networking Layers

CSCE 4550/5550, Fall 2009 Recap I 30

Source: Wikipedia

IPv4 Packet

CSCE 4550/5550, Fall 2009 Recap I 31

0 3 4 7 8 15 16 31

Vers: 4 IHL ToS Total LengthID (for fragmentation) Flags Fragment Offset

TTL Protocol Header ChecksumIP Source Address

IP Destination Address

Options (usually empty)

Data

Network Topology• Overlay Networks

– built on top of another network– Examples:

• Peer-to-peer networking (Distributed Hash Tables)• Tor – Anonymity Network

• Point to Point Protocol (PPP)– Link Layer Protocol– Standard used for dial-up connections– One host on each side of a link– For sending network packets over serial connections– Really a family of protocols:

• LCP (Link Control Protocol) for negotiating link parameters• NCP (Network Control Protocol) parameters for network layer• HDLP (High-level Data Link Control): link layer protocol

CSCE 4550/5550, Fall 2009 Recap I 32

Network Layer Attacks

• Attack type 1: Field Tampering– Put invalid data in fields– Example 1: Ping of Death

• “Too large” ping packet crashes machine

– Example 2: LAND Attack• Specially crafted packet with both source and destination

set to victim address, with fields that make machine lock up

– Example 3: Jolt Attack (and Teardrop)• Invalid fragmentation of packets that destination can’t

reassemble, so machine freezes waiting for more

CSCE 4550/5550, Fall 2009 Recap I 33


• Type 2: Spoof the fields– Smurf Attack

CSCE 4550/5550, Fall 2009 Recap I 34

Attacker24.3.29.123

Intermediary123.45.67.89

Victim209.12.17.35

Fake ping packetwith src 209.12.17.35and dest 123.45.67.89 Ping response to

Victim


• Smurf (DoS Amplification)

CSCE 4550/5550, Fall 2009 Recap I 35

Attacker24.3.29.123

Intermediaries123.45.67.1123.45.67.2123.45.67.3…

Victim209.12.17.35

Fake ping packetwith src 209.12.17.35and dest 123.45.67.255 Many (up to 254) ping

responses to Victim

IP Spoofing

• Counter Measures– Ingress Filtering

• blocking of packets from outside the network with a source address inside the network

• Doesn’t work if intermediary inside border!

– Egress filtering• blocking of packets from inside the network with a

source address that is not inside• Only let out packets with appropriate source addrs

CSCE 4550/5550, Fall 2009 Recap I 36

Network Layer Attacks• Fragmentation: Breaking up long IP packets to fit in a

particular type of low-level link– Example: Slow PPP might use maximum packet length of ≈500 bytes for

responsiveness vs. typical Ethernet length 1468 bytes

• Security issues:– Using fragmentation to avoid an Intrusion Detection System

• Break up a “signature” into multiple fragments• How are overlapping packets re-assembled?

CSCE 4550/5550, Fall 2009 Recap I 37

Transport Layer

• TCP– TCP adds “sessions” or “connections” to the bare IP protocol

CSCE 4550/5550, Fall 2009 Recap I 38

0 7 8 15 16 23 24 31

Source Port Destination PortSequence Number

Acknowledgment NumberData Offset Flags Window

Checksum Urgent PointerOptions

Data

CWR: Congestion window reduced URG: Urgent ptr valid RST: Reset flag

ECN: Explicit congestion notification ACK: ACK valid SYN: Synchronize seq #s

PSH: Push function FIN: Finish of connection

Flags:

TCP Handshake

• Connection Establishment– To establish connection, client must prove that it received the SYN|ACK packet– SYN|ACK packet routed to system with source address from first SYN packet

• Since based on routing, only secure back to the subnet of the source

CSCE 4550/5550, Fall 2009 Recap I 39

Client Server

(SYN, C-Seq, 0)

(SYN|ACK, S-Seq, C-Seq+1)

(ACK, C-Seq+1, S-Seq+1)

(Flags, Seq#, Ack#)

Transport Layer Security• Originally designed to protect web browser to web server

– Invented by Netscape– Generic TCP protection– Authentication: Supports server and client certificates– Confidentiality: Symmetric encryption after key establishment– Integrity: All packets protected with a MAC

• Later versions (SSL v2.1) referred to as TLS– TLS incorporated within application-layer protocols now in

addition to in a sub-application layer• Example 1: IMAP (mail) can be either a separate SSL protected

service/port (imaps: port 993) or negoatiated after plaintext startup in standard IMAP (port 143)

• Example 2: LDAP with similar options (ldap is port 389, ldaps is port 636)

CSCE 4550/5550, Fall 2009 Recap I 40

Firewall

• Designed to forward some packets and filter (not forward) others. – Packet Filter– Application Gateway– Circuit Gateway

CSCE 4550/5550, Fall 2009 Recap I 41

Internet Internal network(s)

Firewall

Outgoing Incoming

IP Tables

CSCE 4550/5550, Fall 2009 Recap I 42

Chain FORWARD (policy DROP)target prot opt source destination

Chain INPUT (policy DROP)target prot opt in out source destination ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHEDACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHEDACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED tcp spt:20ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)target prot opt source destinationChain

Accept incoming sshconnections.

Special case for ftp

ESTABLISHED connectionsare either initiated locally oraccepted through one of thefollowing rules.

All loopback (local) connectionsand control messages are OK.

“Policy” applies to all packetsnot explicitly handled by a rule(so this is “default deny”).

Chains for different packetsources/destinations.

Intrusion Detection Systems

• Categorization by location:– Host-based Intrusion Detection Systems (HIDS)

• Many just watch system/audit logs for suspicious activity• Some with more sophisticated monitoring (pH: monitors

system calls)

– Network-based Intrusion Detection Systems (NIDS)

• Watches all traffic at a certain point (can use a tap)• If just external access point, can miss insider attacks!• On switched networks: Use a “spanning port”• Difficulties with encrypted traffic

CSCE 4550/5550, Fall 2009 Recap I 43

Intrusion Detection Systems• Categorization by type:

– Signature-based• Monitors traffic for known suspicious patterns• Advantages: Fast, few false positives• Drawbacks: Can’t detect novel attacks, must prioritize warnings• Keeping signatures up-to-date leads to subscription services

– Anomaly-based• Tries to learn “typical activity” and flag anomalies• Anything unusual (including novel attacks) can be caught• Drawbacks: Slow and atypical behavior doesn’t necessarily mean bad

behavior (too many false positives)

– Snort and most commercial IDSs are signature-based (sometimes with simple anomaly-based extensions)

CSCE 4550/5550, Fall 2009 Recap I 44

Introduction to Computer Security - CSE at...

Documents

Transcript of Introduction to Computer Security - CSE at...