Security Protection Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved

Security

Protection

Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

Computer Security Triad

• Three key objectives are at the heart of computer security

Data and

services

Availability

Confidentiality

Integrity

The Security EnvironmentThreats

Security goals and threats.


Can We Build Secure Systems?

Two questions concerning security:1.Is it possible to build a secure computer system?2.If so, why is it not done?


Trusted Computing Base

Reference monitorAccepts all system call security and makes security decisions


Protection Domains

• Resources to be protected• Domain is a set of (object, rights)pairs.

– Each pair specifies an object and some operation that can be preformed on it.

– Right, in this context, means the permission to perform one of the operations.


Protection Domains (1)

Three protection domains.


Principle of Least Authority

In general,

Security works best when each domain has the minimum objects and privileges to do its work and no more.



A protection matrix.



A protection matrix with domains as objects.


Two methods of implementation

• Access Control lists• Capabilities list


Access control lists: slice by columns



Access Control Lists (1)

Use of access control lists to manage file access.



• Tana belongs to two groups and requires 2 login • An alternative is to have each entry be a group OR

an individualPigeon_data : debbie:RW, phil: RW, pigfan:RW



• Easy to change permissions with respect to file• Only check at file open.


Capabilities lists: slice by rows



Capabilities (1)

When capabilities are used, each process has a capability list.


• Protect the list from tampering:• A cryptographically protected capability.

• Suited for distributed files

Capabilities (2)


Cryptographically protected capability list

• Client sends a message to remote serve to create a file object.

• Server creates the object and generates a long random number ‘check field’

• Slot on the server’s table (inode) is reserved

• It is not sent back to the user and never put on the network


Cryptographically protected capability list

• Sent to the user is the capability entry in the form:


• Run object,rights, and check through a one-way function (f).• User sends the capability entry when it wants to access the

file.

Formal Models of Secure Systems

(a) An authorized state. (b) An unauthorized state.


Multilevel Security

• Discretionary Access Control– Operating systems allow individual to determine

who may read and write their files

• Mandatory Access Control– Organizational rules state who can see and modify

what.


Multilevel SecurityBell-LaPadula Model

Bell-LaPadula Model rules for information flow:1.The simple security property

– Process running at security level k can read only objects at its level or lower

2.The * property– Process running at security level k can write only

objects at its level or higher


Bell-LaPadula Model

The Bell-LaPadula multilevel security model.


Bell-LaPadula Model

• The Bell-LaPadula multilevel security model was devised to keep secrets, not guarantee the integrity of data.


The Biba Model

To guarantee the integrity of the data:1.The simple integrity principle

– process running at security level k can write only objects at its level or lower (no write up).

2.The integrity * property– process running at security level k can read only

objects at its level or higher (no read down).


• BUT… security leaks still can occur


Covert Channels (1)

(a) The client, server, and collaborator processes. (b) The encapsulated server can still leak to the collaborator via

covert channels.


Covert Channels (2)

Figure 9-13. A covert channel using file locking.


Steganography

• Concealing secrets in plain site

– Hiding secret information in paintings, jpegs, MP3 files… or messages… or the network

Network Security

Steganography example• The German Embassy in Washington, DC, sent these messages in

telegrams to their headquarters in Berlin during World War I (Kahn 1996).

PRESIDENT'S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY.

• PERSHING SAILS FROM N.Y. JUNE 1

Network Security

“StegTorrent”• Bob sends messages through computers

which he previously established control over. • The order of the messages and which

computer sends them, hides the secret. – Bob commands two computers to request a file from Alice– Alice send message to computer 1 then computer 2

– Alice sends message to computer 2 then compute 1

Network Security

Binary 1

Binary 0

Skyde (Skype Hide)• Skype packs data into audio packets while Alice is talking• Skype continues to send audio packets when Alice is silent.

– This improves the quality of the call and helps data continue to clear firewalls

• ‘Silent’ packets are hijacked contents are replaced with encrypted data– Receiver application just assumes the original silent packets

were lost• 30% of silent packets can be compromised with out notice

Network Security

Steganography

(a) Three zebras and a tree. (b) Three zebras, a tree, and the complete text of five plays by William Shakespeare.

Demo: http://www.cs.vu.nl/~ast/books/mos2/zebras.html


http://www.cs.vu.nl/~ast/books/mos2/zebras.html

Basics of Cryptography

Relationship between the plaintext and the ciphertext.


Secret-Key Cryptography

An encryption algorithm in which each letter isreplaced by a different letter.


Network Security

Key Cryptography

symmetric key crypto• requires sender, receiver

know shared secret key• Q: how to agree on key in

first place (particularly if never “met”)?

• Diffie-Hellman Key exchange

• Khan Academy

public key cryptography

radically different approach [Diffie-Hellman76, RSA78]

sender, receiver do not share secret key

public encryption key known to all

private decryption key known only to receiver

https://www.youtube.com/watch?v=YEBfamv-_do

https://www.youtube.com/watch?v=YEBfamv-_do

https://www.khanacademy.org/computing/computer-science/cryptography

Network Security

Public key cryptography

plaintextmessage, m

ciphertextencryptionalgorithm

decryption algorithm

Bob’s public key

plaintextmessageK (m)

B+

K B+

Bob’s privatekey

K B-

m = K (K (m))B+

B-

Network Security

Public key encryption algorithms

need K ( ) and K ( ) such thatB B. .

given public key K , it should be impossible to compute private key K

B

B

Requirements:

1

2

RSA: Rivest, Shamir, Adelson algorithm

+ -

K (K (m)) = m BB

- +

+

-

Network Security

Prerequisite: modular arithmetic

• x mod n = remainder of x when divide by n• Facts:

[(a mod n) + (b mod n)] mod n = (a+b) mod n[(a mod n) - (b mod n)] mod n = (a-b) mod n[(a mod n) * (b mod n)] mod n = (a*b) mod n

• Thus (a mod n)d mod n = ad mod n• Example: x=14, n=10, d=2:

(x mod n)d mod n = 42 mod 10 = 6xd = 142 = 196 xd mod 10 = 6

Network Security

RSA: getting ready

• A message is a bit pattern.• A bit pattern can be uniquely represented by an integer

number. • Thus encrypting a message is equivalent to encrypting a

number.Example• m= 10010001 . This message is uniquely represented by the

decimal number 145. • To encrypt m, we encrypt the corresponding number, which

gives a new number (the ciphertext).

Network Security

RSA: Creating public/private key pair

1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p-1)(q-1)

3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”).

4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).

5. Public key is (n,e). Private key is (n,d).

K B+ K B

-

Network Security

RSA: Encryption, decryption0. Given (n,e) and (n,d) as computed above

1. To encrypt message m (<n), compute

c = m mod n

e

2. To decrypt received bit pattern, c, compute

m = c mod n

d

m = (m mod n)

e mod n

dMagichappens!

c

Network Security

RSA example:Bob chooses p=5, q=7. Then n=35, z=24.

e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z).

bit pattern m me c = m mod ne

0000l000 12 24832 17

c m = c mod nd

17 481968572106750915091411825223071697 12

cd

encrypt:

decrypt:

Encrypting 8-bit messages.

Network Security

RSA: another important property

The following property will be very useful later:

K (K (m)) = m BB

- +K (K (m))

BB+ -

=

use public key first, followed

by private key

use private key first,

followed by public key

Result is the same!

Network Security

Why is RSA Secure?• suppose you know Bob’s public key (n,e). How

hard is it to determine d?• essentially need to find factors of n without

knowing the two factors p and q. • fact: factoring a big number is hard.

Generating RSA keys have to find big primes p and q approach: make good guess then apply

testing rules (see Kaufman)

Network Security

Ensuring Networked Message Integrity

• allows communicating parties to verify that received messages are authentic.– Content is not read by anyone other than

intended recipient– Content of message has not been altered – Source of message is who/what you think it is: – Message has not been replayed

Network Security

• Goal: Allow communicating parties to verify that received messages are authentic.– Content is not read by anyone other than

intended recipientEncryption

– Content of message has not been altered – Source of message is who/what you think it is – Message has not been replayed

Ensuring Networked Message Integrity

Network Security

Ensuring Network Message Integrity

• allows communicating parties to verify that received messages are authentic.– Content is not read by anyone other than

intended recipientEncryption

– Content of message has not been alteredMessage Digests

– Source of message is who/what you think it is– Message has not been replayed

Network Security

Message Digests

• function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature”

• note that H( ) is a many-to-1 function

• H( ) is often called a “hash function”

desirable properties:–easy to calculate– irreversibility: Can’t

determine m from H(m)–collision resistance:

computationally difficult to produce m and m’ such that H(m) = H(m’)

– seemingly random output

large message

m

H: HashFunction

H(m)

Network Security

Hashed Message Digest

• MD5 hash function widely used (RFC 1321) – computes 128-bit message digest in 4-step process.

• SHA-1 is also used.– US standard [NIST, FIPS PUB 180-1]

– 160-bit message digest

Network Security

Message Authentication Code (MAC)m

ess

ag

e

H( )

s

mess

ag

e

mess

ag

e

s

H( )

compare

s = shared secret

• Authenticates sender• Verifies message integrity• No encryption !• Also called “keyed hash”• Notation: MDm = H(s||m) ; send m||MDm

Network Security

Message Integrity• allows communicating parties to verify that

received messages are authentic.– Content is not read by anyone other than

intended recipient– Content of message has not been altered :

Message Digests– Source of message is who/what you think it is:

• Digital Signatures• Certification Authority

– Message has not been replayed

Network Security

REMEMBER: RAS important property

The following property will be very useful later:

K (K (m)) = m BB

- +K (K (m))

BB+ -

=

use public key first, followed

by private key

use private key first,

followed by public key

Result is the same!

Network Security

Digital Signatures

cryptographic technique analogous to hand-written signatures.

• sender (Bob) digitally signs document, establishing he is document owner/creator.

• goal is similar to that of MAC, except now use public-key cryptography

verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document (Non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m. )

Network Security

Digital Signatures

simple digital signature for message m:• Bob signs m by encrypting with his private key KB,

creating “signed” message, KB(m)--

Dear Alice

Oh, how I have missed you. I think of you all the time! …(blah blah blah)

Bob

Bob’s message, m

Public keyencryptionalgorithm

Bob’s privatekey

K B-

Bob’s message, m, signed

(encrypted) with his private key

K B-(m)

Network Security

Digital Signatures (more)

• suppose Alice receives msg m, digital signature KB(m)

• Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m.

• if KB(KB(m) ) = m, whoever signed m must have used Bob’s private key.

+ +

-

-

- -

+

Alice thus verifies that: Bob signed m. no one else signed m. Bob signed m and not m’.

Non-repudiation: Alice can take m, and signature KB(m) to court and prove that

Bob signed m. -

Network Security

Ensuring Message Integrity– Content is not read by anyone other than intended

recipientEncryption


– Source of message is who/what you think it isDigital SignaturesCertification Authority

– Message has not been replayed

Network Security

Public-key certification• motivation: Trudy plays pizza prank on Bob

– Trudy creates e-mail order: Dear Pizza Store, Please deliver to me four pepperoni pizzas. Thank you, Bob

– Trudy signs order with her private key– Trudy sends order to Pizza Store– Trudy sends to Pizza Store her public key, but says it’s Bob’s

public key.– Pizza Store verifies signature; then delivers four pizzas to

Bob.– Bob doesn’t even like Pepperoni

Network Security

Certification Authorities

• Certification authority (CA): binds public key to particular entity, E.

• E (person, router) registers its public key with CA.– E provides “proof of identity” to CA. – CA creates certificate binding E to its public key.– certificate containing E’s public key digitally signed by CA – CA says

“this is E’s public key”

Bob’s public

key K B+

Bob’s identifying informatio

n

digitalsignature(encrypt)

CA private

key K CA-

K B+

certificate for Bob’s public

key, signed by CA

Network Security

Certification Authorities• when Alice wants Bob’s public key:

– gets Bob’s certificate (Bob or elsewhere).– apply CA’s public key to Bob’s certificate, get

Bob’s public key

Bob’s public

key K B+

digitalsignature(decrypt)

CA public

key K CA+

K B+

Network Security

Certificates: summary

• primary standard X.509 (RFC 2459)• certificate contains:

– issuer name– entity name, address, domain name, etc.– entity’s public key– digital signature (signed with issuer’s private key)

• Public-Key Infrastructure (PKI)– certificates, certification authorities– often considered “heavy”

Network Security

Ensuring Message Integrity– Content is not read by anyone other than intended

recipientEncryption


– Source of message is who/what you think it isDigital SignaturesCertification Authority

– Message has not been replayedNonce

Network Security

End-point authentication

• want to be sure of the originator of the message – end-point authentication

• assuming Alice and Bob have a shared secret, will MAC provide end-point authentication?– we do know that Alice created message. – … but did she send it?

Network Security

“I am Alice”

R

MACTransfer $1M from Bill to Susan

MAC =f(msg,s,R)

Defending against playback attack: nonce

Authentication (1)

Methods of authenticating users when theyattempt to log in based on one of three general principles:1.Something the user knows.2.Something the user has.3.Something the user is.


Authentication (2)

(a) A successful login. (b) Login rejected after name is entered. (c) Login rejected after name and password are typed.


UNIX Password Security

The use of salt to defeat precomputation of encrypted passwords.


Challenge-Response Authentication

Questions should be chosen so that the user does not need to write them down. Examples:1.On what street was your elementary school?2.What did Mrs. Ellis teach?


Authentication Using a Physical Object

Use of a smart card for authentication.


Authentication Using Biometrics

A device for measuring finger length.


End of part 1


Documents

Security Protection Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved