Click here to load reader

Modified from Silberschatz, Galvin and Gagne Lecture 22 Chapter 15: Security

  • View
    224

  • Download
    1

Embed Size (px)

Text of Modified from Silberschatz, Galvin and Gagne Lecture 22 Chapter 15: Security

  • Slide 1
  • Modified from Silberschatz, Galvin and Gagne Lecture 22 Chapter 15: Security
  • Slide 2
  • 2 Principles of Computer Operating Systems Security Services Enhance the security of data processing systems and information transfers of an organization. Counter security attacks. Security Attack Action that compromises the security of information owned by an organization. Security Mechanisms Designed to prevent, detect or recover from a security attack. Aspects of Security
  • Slide 3
  • 3 Principles of Computer Operating Systems Enhance security of data processing systems and information transfers Authentication Assurance that the communicating entity is the one claimed Authorization Prevention of the unauthorized use of a resource Availability Data is available in a timely manner when needed Security Services
  • Slide 4
  • 4 Principles of Computer Operating Systems Confidentiality Protection of data from unauthorized disclosure Integrity Assurance that data received is as sent by an authorized entity Non-Repudiation Protection against denial by one of the parties in a communication Security Services
  • Slide 5
  • 5 Principles of Computer Operating Systems Security Attacks Information source Information destination Normal Flow
  • Slide 6
  • 6 Principles of Computer Operating Systems Security Attacks Information source Information destination Interruption Attack on availability (ability to use desired information or resources)
  • Slide 7
  • 7 Principles of Computer Operating Systems Denial of Service Internet Perpetrator Victim ICMP echo (spoofed source address of victim) Sent to IP broadcast address ICMP echo reply ICMP = Internet Control Message Protocol Innocent reflector sites Smurf Attack 1 SYN 10,000 SYN/ACKs Victim is dead
  • Slide 8
  • 8 Principles of Computer Operating Systems Security Attacks Information source Information destination Interception Attack on confidentiality (concealment of information)
  • Slide 9
  • 9 Principles of Computer Operating Systems Packet Sniffing Packet Sniffer Client Server Network Interface Card allows only packets for this MAC address Every network interface card has a unique 48-bit Media Access Control (MAC) address, e.g. 00:0D:84:F6:3A:10 24 bits assigned by IEEE; 24 by card vendor Packet sniffer sets his card to promiscuous mode to allow all packets
  • Slide 10
  • 10 Principles of Computer Operating Systems Security Attacks Information source Information destination Fabrication Attack on authenticity (identification and assurance of origin of information)
  • Slide 11
  • 11 Principles of Computer Operating Systems IP addresses are filled in by the originating host Using source address for authentication r-utilities (rlogin, rsh, rhosts etc..) IP Address Spoofing Can A claim it is B to the server S? ARP Spoofing Can C claim it is B to the server S? Source Routing Internet 2.1.1.1 C 1.1.1.11.1.1.2 A B 1.1.1.3 S
  • Slide 12
  • 12 Principles of Computer Operating Systems Security Attacks Information source Information destination Modification Attack on integrity (prevention of unauthorized changes)
  • Slide 13
  • 13 Principles of Computer Operating Systems When is a TCP packet valid? Address / Port / Sequence Number in window How to get sequence number? Sniff traffic Guess it Many earlier systems had predictable Initial Sequence Number Inject arbitrary data to the connection TCP Session Hijack
  • Slide 14
  • 14 Principles of Computer Operating Systems Security Attacks Message interception Traffic analysis eavesdropping, monitoring transmissions Passive attacks MasqueradeDenial of service some modification of the data stream Active attacks ReplayModification of message contents
  • Slide 15
  • 15 Principles of Computer Operating Systems Feature designed to Prevent attackers from violating security policy Detect attackers violation of security policy Recover, continue to function correctly even if attack succeeds. No single mechanism that will support all services Authentication, authorization, availability, confidentiality, integrity, non- repudiation Security Mechanism
  • Slide 16
  • 16 Principles of Computer Operating Systems
  • Slide 17
  • 17 Principles of Computer Operating Systems Cryptography as a Security Tool Broadest security tool available Source and destination of messages cannot be trusted without cryptography Means to constrain potential senders (sources) and / or receivers (destinations) of messages Based on secrets (keys)
  • Slide 18
  • 18 Principles of Computer Operating Systems Secure Communication over Insecure Medium
  • Slide 19
  • 19 Principles of Computer Operating Systems Encryption Encryption algorithm consists of Set of K keys Set of M Messages Set of C ciphertexts (encrypted messages) A function E : K (MC). That is, for each k K, E(k) is a function for generating ciphertexts from messages. Both E and E(k) for any k should be efficiently computable functions. A function D : K (C M). That is, for each k K, D(k) is a function for generating messages from ciphertexts. Both D and D(k) for any k should be efficiently computable functions. An encryption algorithm must provide this essential property: Given a ciphertext c C, a computer can compute m such that E(k)(m) = c only if it possesses D(k). Thus, a computer holding D(k) can decrypt ciphertexts to the plaintexts used to produce them, but a computer not holding D(k) cannot decrypt ciphertexts. Since ciphertexts are generally exposed (for example, sent on the network), it is important that it be infeasible to derive D(k) from the ciphertexts
  • Slide 20
  • 20 Principles of Computer Operating Systems Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Q: how do Bob and Alice agree on key value? plaintext ciphertext K A-B encryption algorithm decryption algorithm A-B K plaintext message, m K (m) A-B K (m) A-B m = K ( ) A-B
  • Slide 21
  • 21 Principles of Computer Operating Systems Symmetric Encryption Data Encryption Standard most commonly used symmetric block-encryption algorithm created by US Govt Encrypts a block of data at a time initial permutation 16 identical rounds of function application, each using different 48 bits of key final permutation DES operation
  • Slide 22
  • 22 Principles of Computer Operating Systems Symmetric Encryption (cont) DES is breakable using brute force making DES more secure use three keys sequentially (3-DES) on each datum use cipher-block chaining Advanced Encryption Standard (AES) symmetric-key NIST standard replacing DES, Nov 2001 processes data in 128 bit blocks 128, 192, or 256 bit keys brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
  • Slide 23
  • 23 Principles of Computer Operating Systems Asymmetric Encryption Public-key encryption based on each user having two keys: public key published key used to encrypt data private key key known only to individual user used to decrypt data Must be an encryption scheme that can be made public without making it easy to figure out the decryption scheme Most common is RSA block cipher Efficient algorithm for testing whether or not a number is prime No efficient algorithm is know for finding the prime factors of a number
  • Slide 24
  • 24 Principles of Computer Operating Systems Public key cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bobs public key plaintext message K (m) B + K B + Bobs private key K B - m = K ( K (m) ) B + B -
  • Slide 25
  • 25 Principles of Computer Operating Systems Asymmetric Encryption (Cont.) Formally, it is computationally infeasible to derive D(k d, N) from E(k e, N), and so E(k e, N) need not be kept secret and can be widely disseminated E(k e, N) (or just k e ) is the public key D(k d, N) (or just k d ) is the private key N is the product of two large, randomly chosen prime numbers p and q (for example, p and q are 512 bits each) Encryption algorithm is E(k e, N)(m) = m k e mod N, where k e satisfies k e k d mod (p1)(q 1) = 1 The decryption algorithm is then D(k d, N)(c) = c k d mod N
  • Slide 26
  • 26 Principles of Computer Operating Systems RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e

Search related