Introduction to computer security

Introduction to
Information Security
[email protected]
Overview
 Definitions
 Design issues
 Cryptography
 Security Protocols
[And08] R. J. Anderson. Security Engineering: A guide to building dependable distributed
systems. John Wiley & Sons Inc, New York, Second edition, 2008.
http://www.cl.cam.ac.uk/~rja14/book.html
[Sch04b] B. Schneier. Secrets and Lies: Digital Security in a Networked World. Wiley Publishing
Inc, Indianapolis, Indiana, second edition, 2004. http://www.schneier.com/book-sandl.html
2
IIS
Definitions
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of
applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
Security is asset protection
owners1
to reduce
impose
countermeasures5
that may possess
may be aware of
that
exploit
threat agents7
give rise
to
wish to
minimize
that may be
reduced by
value
vulnerabilities4
leading to
risk3
to
that increase
threats6
to
assets2
wish to abuse and/or may damage
[ISO09] ITSEC. Information technology security techniques evaluation criteria for IT security
part 1: Introduction and general model. Int. Standard ISO/IEC 15408-1, ISO/IEC, Dec 2009.
http://standards.iso.org/ittf/PubliclyAvailableStandards/c050341_ISO_IEC_15408-1_2009.zip
4
IIS
Definitions
 Availability: authorised users want the system
to work as/when they expect it to
 Reliability: the ability of a system or
component to perform its required functions
 Safety: being protected against non-desirable
events (not specifically malicious)
 Confidentiality: to stop unauthorised users
from reading sensitive information
 Integrity: Every data item/system component
is as the last authorised modifier left it
 Maintainability: ease with which a software
product can be modified
5
IIS
Dependability vs. Security
Availability (systems, data )
Reliability (systems )
Dependability
Safety (systems )
Security
Confidentiality (data )
Integrity (systems, data )
Maintainability (systems )
[Avi04] A. Avižienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic concepts and taxonomy of
dependable and secure computing. IEEE Trans. on Dependable and Secure Computing, 1(1):1133, Jan 2004. http://doi.ieeecomputersociety.org/10.1109/TDSC.2004.2
6
IIS
Access control model – AU3
Authentication
Principal
Source
Do
Operation
request
Authorisation
Reference
Monitor
guard
Object
resource
Audit log
 Authentication: determine who makes request
 Authorisation: determine who is trusted to do
which operation on an object
 Auditing: determine what happened and why
[Lam04] B. W. Lampson. Computer security in the real world. IEEE Computer, 37(6):37-46, Jun
2004. http://doi.ieeecomputersociety.org/10.1109/MC.2004.17
7
IIS
Privacy vs. Security
 Privacy is the right of an individual to
determine what information about
oneself to share with others
 Security can help
» Selectively encrypt data
 Security can hinder
» Calling home to prevent piracy
» (Audit) logging
[War1890] S. D. Warren and L. D. Brandeis. The right to privacy. Harvard Law Review,
4(5):193-220, Dec 1890. http://www.jstor.org/stable/1321160
8
IIS
Design issues
Examples of design goals
Good:
Bad:
 As secure as the real
world [Lam04]
 Design security as an
afterthought
 Defense in depth
 Security by obscurity
[Ker1883]
 Make it usable
 Be explicit about:
naming, typing,
freshness,
assumptions, goals,
limitations etc
[And95a]
 Make it complicated
[Ker1883] A. Kerckhoffs. La cryptographie militaire. J. des Sciences Militaires, IX:5-38, Jan 1883.
http://www.petitcolas.net/fabien/kerckhoffs/
10
IIS
Tools
 Policy – what is supposed to happen?
» Access control
 Mechanisms – how should it happen?
» Tamper resistance
» Biometrics
» Cryptography, Hashing, Random numbers
 Assurance – does it work?
» Risk management
» Protocol verification
11
IIS
Attacks
 Definition: a successful exploitation of a
vulnerability
 Examples:
» Attacker shuts you out by trying to log in as you
» Cold boot attack (remember the movie?)
[Hal08] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A.
J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold boot attacks on
encryption keys. In 17th USENIX Security Symp., pp 45-60, San Jose, California, Jul 2008.
USENIX Association. http://citp.princeton.edu/memory/
12
IIS
Cryptography
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of
applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
Algorithms + keys
 Cipher (aka cryptosystem)
» “Public” algorithm +
» Secret keys
“attack”
encrypt
14
“gfd6#Q”
“attack”
“sdwr$350”
decrypt
Symmetric ciphers
 Public algorithm + one secret key
 Standard algorithms: DES, AES
 Example: one time pad
01011001
Message
01010101
Secret key
-----------------
00001100
Cipher text
01010101
Secret key
----------------01011001
15
XOR
IIS
XOR
Decrypted message
Asymmetric ciphers
 Public algorithm+private key+public key
 Example: El Gamal
» Multiplicative group Zn*={1...n-1} with n prime
» Generator g:
Zn* = { gi | i  N }
» Private key:
x  Zn*
» Public key:
h = gx
All calculations
» Salt:
y R Zn*
modulo n
» Enc(m,h):
(c,d) = (mhy, gy)
» Dec((c,d),x): c/dx
 Exercise: prove that this works...
16
IIS
Random numbers
 Pseudo random in SW
 True random in HW
 Standard statistical tests
» NIST web site
 For example
» Linear Congruential Method
» r0 = s
» rn+1=(a rn+c) mod m
» Cyclic 
» Deterministic 
17
IIS
Hash functions
 Map arbitrary bit string to fixed size output
» Easy to calculate for given input
» Practically impossible to invert
» Extremely unlikely that two inputs give the same hash
 For example
» Knuth’s variant on Division
» Hash(n) = n(n+h) mod m
» Try it out…
18
IIS
Visual Cryptography
[Nao97] M. Naor and B. Pinkas. Visual authentication and identification. In Burton S. Kaliski Jr.,
editor, 17th Int. Conf. on Advances in Cryptology (CRYPTO), volume LNCS 1294, pages 322336, Santa Barbara, California, Aug 1997. Springer.
http://www.springerlink.com/content/ghv31wm0pexkd3kq/
19
IIS
Security Protocols
[And95a] R. J. Anderson and R. Needham. Programming satan's computer. In J. van Leeuwen,
editor, Computer Science Today, volume LNCS 1000, pages 426-440. Springer, 1995.
http://dx.doi.org/10.1007/BFb0015258
Definitions
 Sequence of communications by two or
more parties to achieve security
objective(s)
 Not like this (why?):
21
A  B:
A
“Hi, I’m Alice”
B  A:
Enter password:
“Prove It!”
A  B:
$R%&^8!
“Here’s the proof”
IIS
Dolev Yao attacker model
 Eve can:
» See all messages
» Delete, alter, inject and redirect messages
» Initiate new communications
» Reuse messages from past sessions
 Eve cannot:
» Solve “hard” problems (such as?)
» Guess pseudo-random values (eg. nonces)
» Get another identity (identity theft)
» Time computations
 What to do: Make everything explicit
22
IIS
Design is hard
 ‘‘Security protocols are three line
programs that people still manage to get
wrong’’ (Roger Needham)
[Low96] G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key protocol using FDR.
In 2nd Int. Workshop on Tools and Algorithms for the Construction and Analysis of Systems
(TACAS), volume LNCS 1055, pages 147-166, Passau, Germany, Mar 1996. Springer.
http://dx.doi.org/10.1007/3-540-61042-1_43
23
IIS
Authentication protocol (1)
A  B:
A
“Hi, I’m Alice”
B  A:
Enc(Nb,PKa)
“Prove It!”
A  B:
Nb
“Here’s the proof”
 What’s the problem with this?
» The nonce Nb leaks, so it cannot be used to secure
the session
24
IIS
Authentication protocol (2)
A  B:
A
“Hi, I’m Alice”
B  A:
Enc(Nb,PKa)
“Prove It!”
A  B:
Enc(Nb,PKb)
“Here’s the proof”
 (Wo)man in the middle attack:
25
AEB:
A
BEA:
Enc(Nb,PKa)
AE:
Enc(Nb,PKe)
B receives “A”
from E
E uses A to
decrypt Nb
Now E has Nb
EB:
Enc(Nb,PKb)
E fools B
IIS
Authentication protocol (3)
A  B:
A
“Hi, I’m Alice”
B  A:
Enc({B,Nb},PKa)
“Prove It!”
A  B:
Enc(Nb,PKb)
“Here’s the proof”
 Does it work now?
26
A  E B :
A
“Hi, I’m Alice”
BEA:
Enc({B,Nb},PKa)
A can see that the
message is not
from E
IIS
Conclusions
 Consider the system as a whole
 Know your enemy
 Be explicit
 Use standard tools
27
IIS