If you can't read please download the document
Upload
steven-meyers
View
58
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Security Overview. Security Objectives. Confidentiality : prevent/detect/deter improper disclosure of information Integrity : prevent/detect/deter improper modification of information Availability : prevent/detect/deter improper denial of access to services. Distributed applications. - PowerPoint PPT Presentation
Citation preview
Security Overview
CSCE 824
Security ObjectivesConfidentiality: prevent/detect/deter improper disclosure of informationIntegrity: prevent/detect/deter improper modification of informationAvailability: prevent/detect/deter improper denial of access to services*FarkasCSCE 824
CSCE 824
Distributed applicationsAuthenticityNon-repudiationCSCE 824*Farkas
CSCE 824
Sample QuestionsWhat is the trade off between the security objectives?Give an example of the security objectives in the domain of college education.Consider the trend about attack sophistication and intruders knowledge. Recommend an approach to enhance the security of future computing systems.*FarkasCSCE 824
CSCE 824
Achieving SecurityPolicyWhat to protect?MechanismHow to protect?AssuranceHow good is the protection?*FarkasCSCE 824
CSCE 824
Security PolicyOrganizational PolicyComputerized Information SystemPolicy*FarkasCSCE 824
CSCE 824
Sample QuestionsWhy do we need to fit the security policy into the organizational policy?Why is it recommended to separate policy from mechanism?What does assurance mean in the context of security?Give an example security policy enforced on your personal computer/CSE computing system/CEC computing system and recommend security mechanism to implement the policy. *FarkasCSCE 824
CSCE 824
Security MechanismPrevention DetectionTolerance/Recovery*FarkasCSCE 824
CSCE 824
Security TradeoffsCOSTSecurityFunctionalityEase of Use*FarkasCSCE 824
CSCE 824
Threats, Attacks, Vulnerability, RiskTypes of threats Types of attacks Relation to security objectivesM(ethod), O(pportunity), and M(otive) of attacksMethods of defense Security planningRisk Management
*FarkasCSCE 824
CSCE 824
Risk Management Framework(Business Context)Understand BusinessContext *FarkasCSCE 824
CSCE 824
Sample QuestionsGive an example of vulnerability, threat, risk, and attack in the domain of What does it mean weakest link of defense?Recommend a way to increase computing systems security by incorporating security trade offs into the security planning. Why do we need to understand the business context to have effective security?
*FarkasCSCE 824
CSCE 824
Cryptography
CSCE 824
Insecure communicationsConfidential
Cryptographic ProtocolsMessages should be transmitted to destinationOnly the recipient should see itOnly the recipient should get itProof of the senders identityMessage shouldnt be corrupted in transitMessage should be sent/received once only
Conventional (Secret Key) CryptosystemEncryptionDecryptionPlaintextPlaintextCiphertextKSenderRecipientC=E(K,M)M=D(K,C)K needs secure channel
Public Key CryptosystemEncryptionDecryptionPlaintextPlaintextCiphertextSenderRecipientC=E(Kpub,M)M=D(Kpriv,C)Recipients public Key (Kpub)Recipients private Key (Kpriv)Kpub needs reliable channel
CryptographyCryptanalysts goal:Break messageBreak keyBreak algorithmTaxonomy of attacksBreakable vs. unbreakable cryptographic systemProperties of good cryptosystem.
Cryptosystem VulnerabilitiesPassive Attacker (Eavesdropper)Active AttackerCapabilities
Basic Encryption TechniquesSubstitutionPermutationCombinations and iterations of theseTechniques and attacksADVANTAGES/DISADVANTAGES!
Inherent Weaknesses of Symmetric CryptographyKey distribution must be done secretly (difficult when parties are geographically distant, or don't know each other)Need a key for each pair of usersn users need n*(n-1)/2 keysIf the secret key (and cryptosystem) is compromised, the adversary will be able to decrypt all traffic and produce fake messages
Product CiphersOne encryption applied to the result of the other En(En-1((E1(M)))), e.g.,Double transpositionSubstitution followed by permutation, followed by substitution, followed by permutationBroken for Chosen plaintext*FarkasCSCE 824
CSCE 824
Trustworthy Encryption SystemsBased on sound mathematicsHas been analyzed by expertsHas stood the test of time
Examples: Data Encryption Standard (DES), Advanced Encryption Standard (AES), River-Shamir-Adelman (RSA)
Public Key Encryption *FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Public-Key EncryptionTwo keys one is private one is publicSolves the key distribution problem (but need reliable channel)Provides electronic signaturesSlower than secret-key encryption
*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Public-Key EncryptionNeeded for security:One of the keys must be kept secretImpossible (at least impractical) to decipher message if no other information is availableKnowledge of algorithm, one of the keys, and samples of ciphertext must be insufficient to determine the other key
*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6RSA NotationC = E(KE-B, M)M = D(KD-B,C)
KE-B:public key of BKD-B:private key of BE: encryption alg.D:decryption alg.M:plaintextC:ciphertext *FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6RSABoth sender and receiver know nSender knows eOnly receiver knows dModulus: Remainder after division, i.e., if a mod n=b then a=c*n+bNeed:Find values e,d,n such that
Easy to calculate Me, Cd for all M < nInfeasible to determine d give e
Med mod n = M mod n*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Signature and EncryptionDEDEABPlaintextPlaintextSignedPlaintextSignedPlaintextEncrypted Signed PlaintextAs private keyBs public keyBs private keyAs public key*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Non-repudiationRequires notarized signature, involving a third party
Large system: hierarchies of notarization*FarkasCSCE 824
CSCE 824
Cryptographic Hash Functions *FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 8-9Hash FunctionsHash function h maps an input x of arbitrary length to a fixed length output h(x) (compression)Accidental or intentional change to the data will change the hash valueGiven h and x, h(x) is easy to compute (ease of computation)*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 8-9Good Hash FunctionIt is easy to compute the hash value for any given messageIt is infeasible to find a message that has a given hashIt is infeasible to modify a message without changing its hashIt is infeasible to find two different messages with the same hash
*FarkasCSCE 824
CSCE 824
Cryptographic Protocols *FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6ProtocolsGood protocol characteristics:Established in advanceMutually subscribedUnambiguousComplete
*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Symmetric-Key Distribution: Symmetric-Key TechniquesSymmetric-Key without ServerSymmetric-Key with Server
*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Symmetric-Key Distribution: Public-Key TechniquesSimple secret key distributionSecret key distribution with confidentiality and authenticationDiffie-Hellman Key Exchange*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Simple secret key distributionSenderRecipientKE-S ||ID-S
2. E KE-S(Ksession)
Vulnerable to active attack!HOW?*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6With confidentiality and authenticationSenderRecipientE KE-R[N1||ID-A]
2. E KE-S[N1||N2]
3. E KE-R[N2]
4. E KE-R E KD-S(Ksession)Assume: KE-R and KE-S are known in advanceQuestion: Why do we need reliable distribution of public keys?*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Intruder in the Middle AttackJohnRoseIntruderHi Rose, Im John.Hi John, Im Rose.Hi John, Im Rose.Hi Rose, Im John.Intruder and John Uses Diffie-HellmanTo agree on key K.Intruder and RoseUses Diffie-HellmanTo agree on key K.Question: the attacker may want to have K and K be the same, Why?*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Asymmetric-Key ExchangeWithout serverBroadcastingPublicly available directoryWith serverPublic key distribution centerCertificates*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Public-key certificatesCertificate AuthoritySenderRecipient KE-SC-S=EKD-CAuth[Time1,ID-S,KE-S]1. C-S2. C-R KE-RCR=EKD-CAuth[Time2,ID-R,KE-R]*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6CertificatesGuarantees the validity of the informationEstablishing trustPublic key and user identity are bound together, then signed by someone trustedNeed: digital signature*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Digital SignatureNeed the same effect as a real signatureUn-forgeableAuthenticNon-alterableNot reusable
*FarkasCSCE 824
CSCE 824
CSCE 522 - Farkas*Lecture 6Digital signatureDirect digital signature: public-key cryptography basedArbitrated digital signature:Conventional encryption: Arbiter sees messageArbiter does not see messagePublic-key basedArbiter does not see message*FarkasCSCE 824
CSCE 824
Identification and Authentication*FarkasCSCE 824
CSCE 824
AuthenticationAllows an entity (a user or a system) to prove its identity to another entityTypically, the entity whose identity is verified reveals knowledge of some secret S to the verifierStrong authentication: the entity reveals knowledge of S to the verifier without revealing S to the verifier
Authentication InformationMust be securely maintained by the system.
Authentication RequirementsNetwork must ensureData exchange is established with addressed peer entity not with an entity that masquerades or replays previous messagesNetwork must ensure data source is the one claimedAuthentication generally follows identificationEstablish validity of claimed identityProvide protection against fraudulent transactions
User AuthenticationWhat the user knowsPassword, personal informationWhat the user possessesPhysical key, ticket, passport, token, smart cardWhat the user is (biometrics)Fingerprints, voiceprint, signature dynamics
PasswordsCommonly used methodFor each user, system stores (user name, F(password)), where F is some transformation (e.g., one-way hash) in a password fileF(password) is easy to computeFrom F(password), password is difficult to computePassword is not stored in the systemWhen user enters the password, system computes F(password); match provides proof of identity
Vulnerabilities of PasswordsInherent vulnerabilitiesEasy to guess or snoopNo control on sharingPractical vulnerabilitiesVisible if unencrypted in distributed and network environmentSusceptible for replay attacks if encrypted naivelyPassword advantageEasy to modify compromised password.
Attacks on PasswordGuessing attack/dictionary attackSocial EngineeringSniffingTrojan loginVan Eck sniffing
One-time Password
Use the password exactly once!
Lamports schemeDoesnt require any special hardwareSystem computes F(x),F2(x),, F100(x) (this allows 100 logins before password change)System stores users name and F100(x) User supplies F99(x) the first timeIf the login is correct, system replaces F100(x) with F99(x) Next login: user supplies F98(x) and so onUser calculates Fn(x) using a hand-held calculator, a workstation, or other devices
Time SynchronizedSecret keyTimeOne Time PasswordDES*FarkasCSCE 824
CSCE 824
Challenge ResponseWork stationHostNetwork Non-repeating challenges from the host is used The device requires a keypadUser IDChallengeResponse*FarkasCSCE 824
CSCE 824
Access Control*FarkasCSCE 824
CSCE 824
Access ControlProtection objects: system resources for which protection is desirableMemory, file, directory, hardware resource, software resources, etc.Subjects: active entities requesting accesses to resourcesUser, owner, program, etc.Access mode: type of accessRead, write, execute
Access Control Requirement Cannot be bypassedEnforce least-privilege and need-to-know restrictionsEnforce organizational policy
Access ControlAccess control: ensures that all direct accesses to object are authorizedProtects against accidental and malicious threats by regulating the reading, writing and execution of data and programsNeed:Proper user identification and authenticationInformation specifying the access rights is protected form modification*FarkasCSCE 824
CSCE 824
Access ControlAccess control components:Access control policy: specifies the authorized accesses of a systemAccess control mechanism: implements and enforces the policySeparation of components allows to:Define access requirements independently from implementationCompare different policiesImplement mechanisms that can enforce a wide range of policies *FarkasCSCE 824
CSCE 824
Closed vs. Open SystemsClosed systemOpen SystemAccess requ.Access requ.Exists Rule?Exists Rule?Access permittedAccess deniedAccess deniedAccess permitted
Allowed accessesDisallowed accessesyesnoyesno(minimum privilege)(maximum privilege)*FarkasCSCE 824
CSCE 824
Access Control ModelsAll accessesDiscretionary ACMandatory ACRole-Based AC*FarkasCSCE 824
CSCE 824
Discretionary Access ControlAccess control is based onUsers identity and Access control rulesMost common administration: owner basedUsers can protect what they ownOwner may grant access to othersOwner may define the type of access given to others
Access Matrix ModelOBJECTS AND SUBJECTSSUBJECTS
JoeSamFile 1File 2*FarkasCSCE 824
ReadWriteOwnRead
ReadWriteOwn
CSCE 824
Grant and RevokeGRANT ON To [WITH GRANT OPTION]------------------------------------------------------------------------------------------------------------------------------------GRANT SELECT * ON Student TO MatthewsGRANT SELECT *, UPDATE(GRADE) ON Student TO FARKASGRANT SELECT(NAME) ON Student TO Brown
GRANT command applies to base relations as well as views
Grant and RevokeREVOKE [ON ]FROM -------------------------------------------------------------------------------------------------------------------------REVOKE SELECT* ON Student FROM BlueREVOKE UPDATE ON Student FROM BlackREVOKE SELECT(NAME) ON Student FROM Brown
Non-cascading RevokeABCA revokes Ds privilegesEF*FarkasCSCE 824
CSCE 824
Cascading RevokeABCA revokes Ds privileges*FarkasCSCE 824
CSCE 824
Positive and Negative AuthorizationProblem:Contradictory authorizations GRANT ON X TO DENY ON X TO *FarkasCSCE 824
CSCE 824
Negative Authorization-Positive authorization granted By A to D becomes blocked but NOT deleted.*FarkasCSCE 824
CSCE 824
DAC and Trojan HorseEmployeeBlacks EmployeeBrown: read, writeBlack, Brown: read, writeBrownBlack*FarkasCSCE 824
CSCE 824
DAC and Trojan HorseEmployeeBlacks EmployeeBrown: read, writeBlack, Brown: read, writeBrownBlackWord ProcessorUses shared program*FarkasCSCE 824
CSCE 824
DAC OverviewAdvantages:IntuitiveEasy to implementDisadvantages:Inherent vulnerability (look TH example)Maintenance of ACL or Capability listsMaintenance of Grant/RevokeLimited power of negative authorization
Mandatory Access ControlObjects: security classification e.g., grades=(confidential, {student-info})Subjects: security clearancese.g., Joe=(confidential, {student-info})Access rules: defined by comparing the security classification of the requested objects with the security clearance of the subject e.g., subject can read object only if label(subject) dominates label(object)
*FarkasCSCE 824
CSCE 824
Mandatory Access ControlIf access control rules are satisfied, access is permittede.g., Joe wants to read grades.label(Joe)=(confidential,{student-info})label(grades)=(confidential,{student-info})Joe is permitted to read grades
Granularity of access rights!
*FarkasCSCE 824
CSCE 824
Mandatory Access ControlSecurity Classes (labels): (A,C) A total order authority level C set of categoriese.g.,A = confidential > public , C = {student-info, dept-info}(confidential,{ })(confidential,{dept-info})(confidential,{student-info,dept-info})(confidential,{student-info})(public,{student-info,dept-info})(public,{,dept-info})(public,{ })(public,{student-info})*FarkasCSCE 824
CSCE 824
Mandatory Access Control
Dominance (): label l=(A,C) dominates l=(A,C) iff A A and C C
e.g., (confidential,{student-info}) (public,{student-info})BUT (confidential, {student-info}) (public,{student-info, department-info}) *FarkasCSCE 824
CSCE 824
Bell- LaPadula (BLP) ModelConfidentiality protectionLattice-based access controlSubjectsObjectsSecurity labelsSupports decentralized administration*FarkasCSCE 824
CSCE 824
BLP Reference MonitorAll accesses are controlled by the reference monitorCannot be bypassedAccess is allowed iff the resulting system state satisfies all security propertiesTrusted subjects: subjects trusted not to compromise security*FarkasCSCE 824
CSCE 824
BLP Axioms 1.Simple-security property: a subject s is allowed to read an object o only if the security label of s dominates the security label of oNo read upApplies to all subjects*FarkasCSCE 824
CSCE 824
*-property: a subject s is allowed to write an object o only if the security label of o dominates the security label of sNo write downApplies to un-trusted subjects onlyBLP Axioms 2.*FarkasCSCE 824
CSCE 824
Blind WritesImproper modification of dataMost implementations disallow blind writes*FarkasCSCE 824
CSCE 824
Trojan Horse and BLPEmployeeBlacks EmployeeBrown: read, writeBlack, Brown: read, writeBrownBlackWord ProcessorTHInsert Trojan HorseInto shared programUse shared programReadEmployeeCopyEmployeeTo BlacksEmployeeSecretPublicSecret PublicPublic SecretReference Monitor*FarkasCSCE 824
CSCE 824
RBAC MotivationMulti-user systemsMulti-application systemsPermissions are associated with rolesRole-permission assignments are persistent v.s. user-permission assignmentsIntuitive: competency, authority and responsibility
RBACAllows to express security requirements but CANNOT ENFORCE THESE PRINCIPLES
e.g., RBAC can be configured to enforce BLP rules but its correctness depend on the configuration done by the system security officer.
RolesUser group: collection of user with possibly different permissionsRole: mediator between collection of users and collection of permissionsRBAC independent from DAC and MAC (they may coexist)RBAC is policy neutral: configuration of RBAC determines the policy to be enforced
RBACRBAC3 consolidated model RBAC1role hierarchy RBAC2constraintsRBAC0 base model*FarkasCSCE 824
CSCE 824
RBAC0.. UUsers RRoles PPermissions. SSessions User assignmentPermissionassignment*FarkasCSCE 824
CSCE 824
RBAC1Role Hierarchy*FarkasCSCE 824
CSCE 824
RBAC1Role HierarchyPrimary-care PhysicianPhysician Specialist PhysicianHealth-care providerInheritanceof privileges*FarkasCSCE 824
CSCE 824
RBAC2.. UUsers RRoles PPermissions. SSessions User assignmentPermissionassignment*FarkasCSCE 824
CSCE 824
RBAC3*FarkasCSCE 824
CSCE 824
Next ClassDatabase securityFarkasCSCE 824*
CSCE 824
**********************