Security and Authentication

Download Report

Transcript Security and Authentication 

Security and Authentication
CS-4513
D-Term 2007
(Slides include materials from Operating System Concepts, 7th ed., by Silbershatz, Galvin, & Gagne,
Modern Operating Systems, 2nd ed., by Tanenbaum, and Distributed Systems: Principles & Paradigms, 2nd
ed. By Tanenbaum and Van Steen)
CS-4513, D-Term 2007
Security and
Authentication
1
Reading Material
• Tanenbaum, Modern
Operating Systems,
Chapter 9
– Security and threats
– Viruses
• Silbershatz, Chapters 1415
– Protection
– Security
• Tanenbaum & Van Steen
• How to write and
detect!
– Chapter 9
– Protection –
implementation of
security
CS-4513, D-Term 2007
Security and
Authentication
2
Puzzle
• Alice wishes to send secret message to Bob
– She places message in impenetrable box
– Locks the box with unbreakable padlock
– Sends locked box to Bob
• Problem:– Bob has no key to unlock box
– No feasible way to securely send key to Bob
• How does Bob retrieve message?
CS-4513, D-Term 2007
Security and
Authentication
3
Answer
• Bob adds 2nd unbreakable padlock to box
– Locks with own key
– Sends box back to Alice (with two padlocks!)
• Alice unlocks and removes her lock
– Sends box back to Bob
• Bob unlocks his lock
– Opens box and reads message
• What could go wrong?
CS-4513, D-Term 2007
Security and
Authentication
4
Authentication
• How does a system know who it is talking
to?
• Who do I say that I am?
• How can I verify that?
• Something I know (that nobody else should know)
• Something I have (that nobody else should have)
• Something I am (that nobody else should be…)
CS-4513, D-Term 2007
Security and
Authentication
5
Threats against Authentication
I want to pretend to be you:
• I can steal your password
– the sticky note on your monitor or the list in your desk
drawer
– by monitoring your communications or looking over
your shoulder
• I can guess your password
– particularly useful if I can also guess your user name
• I can get between you and the system you are
talking to
CS-4513, D-Term 2007
Security and
Authentication
6
Getting between you and system you are talking to
CS-4513, D-Term 2007
Security and
Authentication
7
Login Spoof
• I create a login screen in my process
– On a public machine
– Looks exactly like real one
• You log into system
– My login process records your user ID and password
– Logs you in normally
• Result:– I have gotten between you and system
without your knowledge
– Also, I have stolen your user ID and password
CS-4513, D-Term 2007
Security and
Authentication
8
The Trouble with Passwords
•
•
•
•
•
They are given away
They are too easy to guess
They are used too often
There are too many of them
They are used in too many places
CS-4513, D-Term 2007
Security and
Authentication
9
Some ways around the problem
• Better passwords
– longer
– larger character set
– more random in nature/encrypted
• Used less often
– changed frequently, one system per password
– challenge/response – use only once
CS-4513, D-Term 2007
Security and
Authentication
10
The Challenge/Response Protocol
Art
Mary
Hello, I’m Art
Decrypt This {R}P
R
Hello Art! How can I help you?
CS-4513, D-Term 2007
Security and
Authentication
11
Threat: Steal passwords from the system
• Don’t keep them in an obvious place
• Encrypt them so that version seen by system
is not same as what user enters
• … or version on the wire
• …… or version used last time
CS-4513, D-Term 2007
Security and
Authentication
12
Too many passwords to remember?
• Third-party authentication
– Get someone to vouch for you
• The basics: “This guy says you know him..”
“Yes, I trust him, so you should too..”
• Kerberos – Certificate-based authentication
within a trust community
CS-4513, D-Term 2007
Security and
Authentication
13
What is in a certificate?
•
•
•
•
•
•
Who issued it
When was it issued
For what purpose was it issued
For what time frame is it valid
(possibly other application-specific data)
A “signature” that proves it has not been
forged
CS-4513, D-Term 2007
Security and
Authentication
14
Systems and Networks Are Not Different
• Same basic rules about
code behavior apply
• Same authentication
rules apply
• The same security
principles apply
CS-4513, D-Term 2007
• Same Coding Rules
Apply To:
Security and
Authentication
– An application
– Code which manages
incoming messages
– Code which imposes
access controls on a
network
– ...
15
The Principles
• Understand what you are trying to protect
• Understand the threat(s) you are trying to
protect against
– Also, costs and risks
• Be prepared to establish trust by telling
people how you do it
• Assume that the bad guys are at least as
clever as you are!
CS-4513, D-Term 2007
Security and
Authentication
16
Security must occur at four levels to be
effective
• Physical
– The best security system is no better than the lock on
your front door (or desk, or file cabinet, etc.)!
• Human
– Phishing, dumpster diving, social engineering
• Operating System
– Protection and authentication subsystems
• Network
– Similar to OS
• Security is as weak as the weakest link in chain
CS-4513, D-Term 2007
Security and
Authentication
17
How do these attacks work?
• Messages that attack mail readers or
browsers
• Denial of service attacks against a web
server
• Password crackers
• Viruses, Trojan Horses, other “malware”
CS-4513, D-Term 2007
Security and
Authentication
18
The concept of a “Vulnerability”
• Buffer overflow
• Protocol/bandwidth interactions
– Protocol elements which do no work
• “execute this” messages
– The special case of “mobile agents”
• Human user vulnerabilities
– eMail worms
– Phishing
CS-4513, D-Term 2007
Security and
Authentication
19
Another Principle
• There is a never-ending war going on
between the “black hats” and the rest of us.
• For every asset, there is at least one
vulnerability
• For every protective measure we add,
“they” will find another vulnerability
CS-4513, D-Term 2007
Security and
Authentication
20
Yet Another Principle
• There is no such thing as a bullet-proof
barrier
• Every level of the system and network
deserves an independent threat evaluation
and appropriate protection
• Only a multi-layered approach has a chance
of success!
CS-4513, D-Term 2007
Security and
Authentication
21
Actual Losses:
• Approximately 70% are due to user error
• More than half of the remainder are caused
by insiders
• “Social Engineering” accounts for more loss
than technical attacks.
CS-4513, D-Term 2007
Security and
Authentication
22
What is “Social Engineering”?
“Hello. This is Dr. Burnett of the cardiology
department at the Conquest Hospital in
Hastings. Your patient, Sam Simons, has
just been admitted here unconscious. He has
an unusual ventricular arrhythmia. Can you
tell me if there is anything relevant in his
record?”
CS-4513, D-Term 2007
Security and
Authentication
23
Social Engineering (2)
From: [email protected]
Sent: Sunday, December 3, 2006 8:10 AM
To: [email protected]
Subject: Re: Approved
Please read the attached file.
CS-4513, D-Term 2007
Security and
Authentication
24
Program Threats in Operating Systems
• Trojan Horse
– Code segment that misuses its environment
– Exploits mechanisms for allowing programs written by users to be
executed by other users
– Spyware, pop-up browser windows, covert channels
• Trap Door
– Specific user identifier or password that circumvents normal
security procedures
– Could be included in a compiler
• Logic Bomb
– Program that initiates a security incident under certain
circumstances
• Stack and Buffer Overflow
– Exploits a bug in a program (overflow either the stack or memory
buffers)
CS-4513, D-Term 2007
Security and
Authentication
25
Program Threats – Viruses
• Code fragment embedded in legitimate programs
• Very specific to CPU architecture, operating
system, applications
• Usually borne via email or as a macro
• E.g., Visual Basic Macro to reformat hard drive
Sub AutoOpen()
Dim oFS
Set oFS =
CreateObject(’’Scripting.FileSystemObject’
’)
vs = Shell(’’c:command.com /k format
c:’’,vbHide)
End Sub
CS-4513, D-Term 2007
Security and
Authentication
26
Program Threats (Cont.)
• Virus dropper inserts virus onto the system
• Many categories of viruses, literally many thousands of
viruses
–
–
–
–
–
–
–
–
–
–
File
Boot
Macro
Polymorphic
Source code
Encrypted
Stealth
Tunneling
Multipartite
Armored
CS-4513, D-Term 2007
Security and
Authentication
27
Questions?
Security Policy
Fun with Cryptography
CS-4513, D-Term 2007
Security and
Authentication
28
Fun with Cryptography
• What is cryptography about?
• General Principles of Cryptography
• Basic Protocols
– Single-key cryptography
– Public-key cryptography
• An example...
CS-4513, D-Term 2007
Security and
Authentication
29
Cryptography as a Security Tool
• Broadest security tool available
– Source and destination of messages cannot be
trusted without cryptography
– Means to constrain potential senders (sources)
and / or receivers (destinations) of messages
• Based on secrets (keys)
CS-4513, D-Term 2007
Security and
Authentication
30
Principles
• Cryptography is about the exchange of
messages
• The key to success is that all parties to an
exchange trust that the system will both
protect them from threats and accurately
convey their message
• TRUST is essential
CS-4513, D-Term 2007
Security and
Authentication
31
Therefore
• Algorithms must be public and verifiable
• We need to be able to estimate the risk of
compromise
• The solution must practical for its users, and
impractical for an attacker to break
CS-4513, D-Term 2007
Security and
Authentication
32
Guidelines
• Cryptography is always based on algorithms
which are orders of magnitude easier to
compute in the forward (normal) direction
than in the reverse (attack) direction.
• The attacker’s problem is never harder than
trying all possible keys
• The more material the attacker has the
easier his task
CS-4513, D-Term 2007
Security and
Authentication
33
Example
• What is
314159265358979  314159265358979?
vs.
• What are prime factors of
3912571506419387090594828508241?
CS-4513, D-Term 2007
Security and
Authentication
34
Time marches on…
• We must assume that there will always be
improvements in computational power,
mathematics and algorithms.
– Messages which hang around get less secure
with time!
• Increases in computing power help the good
guys and hurt the bad guys for new and
short-lived messages
CS-4513, D-Term 2007
Security and
Authentication
35
Caveat
• We cannot mathematically PROVE that the
inverse operations are really as hard as they
seem to be…It is all relative…
The Fundamental Tenet of Cryptography:
If lots of smart people have failed to solve a
problem, it won’t be solved (soon)
CS-4513, D-Term 2007
Security and
Authentication
36
Secret key cryptography
K
T
Cleartext
CS-4513, D-Term 2007
f (T,K)
K
C
Cyphertext
Security and
Authentication
g (C,K)
T
Cleartext
37
Secret Key Methods
• DES (56 bit key)
• IDEA (128 bit key)
• http://www.mediacrypt.com/community/index.asp
• Triple DES (three 56 bit keys)
• AES
– From NIST, 2000
– choice of key sizes up to 256 bits and more
– Commercial implementations available
CS-4513, D-Term 2007
Security and
Authentication
38
Diffie – Hellman
Alice
Agree on p,g
choose random A
Bob
choose random B
TA = gA mod p
TB = gB mod p
compute (TB)A
compute (TA)B
Shared secret key is gAB mod p
CS-4513, D-Term 2007
Security and
Authentication
39
D–H Problems
• Not in itself an encryption method – we
must still do a secret key encryption
• Subject to a “man in the middle” attack
– (Alice thinks she is talking to Bob, but actually
Trudy is intercepting all of the messages and
substitution her own)
CS-4513, D-Term 2007
Security and
Authentication
40
RSA Public key cryptography
Key #1
T
Cleartext
f ()
Key #2
C
Cyphertext
f ()
T
Cleartext
Key #1 can be either a Public Key or a Private Key.
Key #2 is then the corresponding Private Key or Public Key.
CS-4513, D-Term 2007
Security and
Authentication
41
RSA Public Key Cryptography
• Rivest, Shamir and Adelman (1978)
• I can send messages that only you can read
• I can verify that you and only you could
have sent a message
• I can use a trusted authority to distribute my
public key
– The trusted authority is for your benefit!
CS-4513, D-Term 2007
Security and
Authentication
42
RSA Details
• We will use the same operation to encrypt
and decrypt
• To encrypt, we will use “e” as a key, to
decrypt we will use “d” as a key
• e and d are inverses with respect to the
chosen algorithm
CS-4513, D-Term 2007
Security and
Authentication
43
RSA Details
• Choose n as the product of two large primes
– Finding the factors of a large number is
mathematically hard (difficult)
– Finding primes is also hard
• Choose e to be a (fairly small) prime and
compute d from e and the factors of n
• THROW AWAY THE FACTORS OF n!
• Publish two numbers, e (public key) and n
CS-4513, D-Term 2007
Security and
Authentication
44
RSA Details
• Encryption: Cyphertext = (Cleartext)e mod n
• Decryption: Cleartext = (Cyphertext)d mod n
• Typical d will be on the order of 500 to 700 bits
• The cost of the algorithm is between 1 and 2 
the size of n,
– Each operation is a giant shift and add (multiply by a
power of 2)
CS-4513, D-Term 2007
Security and
Authentication
45
RSA Problems
• It is much more costly than typical secretkey methods 
– Use RSA to hide (i.e., encrypt) a secret key,
– Encrypt the message with the secret key and
append/prefix the encrypted key
• Requires a “Public Key Infrastructure” for
effective key generation and distribution
– Chain of trust thing again!
CS-4513, D-Term 2007
Security and
Authentication
46
Message Digests (aka Digital Signatures)
• A message digest is a non-reversable
algorithm which reduces a message to a
fixed-length “summary”
• The summary has the property that a change
to the original will produce a new summary
• The probability that the new summary is the
same as the old should be 1/(size of digest)
• Silbershatz, p. 582 (§15.4.1.3)
• Tanenbaum, p. 590 (§9.2.4)
CS-4513, D-Term 2007
Security and
Authentication
47
Message Digests (2)
• There are several good (but possibly no
perfect) message digest algorithms
• MD5 is probably the most common one in
use – 128 bit digest
• has known weaknesses
• SHA-1 – 160 bit digest (current best choice)
• [Another product of NIST]
CS-4513, D-Term 2007
Security and
Authentication
48
Conclusion
• Protection in OS and distributed system is
• Difficult
• Important
• Security is needed for
• Authentication of users
• Validation of communication
CS-4513, D-Term 2007
Security and
Authentication
49
Resources
• Network World Security Newsletter
– http://www.nwsubscribe.com
– Practical advice, not a virus alert newsletter. Especially good for
the links to other security resources at the bottom of each article
• CERT Coordination Center at CMU
– http://www.cert.org
• News about system threats, including viruses and other
problems. Source for OCTAVE papers and process
• Norton AntiVirus Site (Symantec)
– http://securityresponse.symantec.com/avcenter/
• McAfee Security (Network Associates)
– http://us.mcafee.com/virusinfo/
CS-4513, D-Term 2007
Security and
Authentication
50
Textbooks
Network Security: C. Kaufman, R. Perlman, M. Speciner,
Prentice Hall (2002)
– A practical but rigorous presentation of network security issues and
techniques with emphasis on cryptographic solutions
Security Engineering: R. Anderson, Wiley (2001)
– Focused on learning from past mistakes in security system design.
– Excellent discussion of policies and policy models.
– See author’s web site (www.ross-anderson.com) if you are
interested in current research.
CS-4513, D-Term 2007
Security and
Authentication
51
Other Books
Real World Linux Security: R. Toxen, Prentice Hall (2003)
– An excellent read. Lists hundreds of vulnerabilities and what to do
about them. Valuable for non Linux users too.
Windows 2003 Security Bible: B. Rampling, Wiley (2003)
– Good example of a how-to book. Specific to WIN2003
The Art of Deception: K. Mitnick, Wiley (2002)
– Mitnick is one of the most famous social engineers.
– Must-read for those involved in broad security planning, and fun
for everyone.
CS-4513, D-Term 2007
Security and
Authentication
52
CS-4513, D-Term 2007
Security and
Authentication
53
C Program with Buffer-overflow Condition
#include <stdio.h>
#define BUFFER SIZE 256
int main(int argc, char *argv[])
{
char buffer[BUFFER SIZE];
if (argc < 2)
return -1;
else {
strcpy(buffer,argv[1]);
return 0;
}
}
CS-4513, D-Term 2007
Security and
Authentication
54
Layout of Typical Stack Frame
CS-4513, D-Term 2007
Security and
Authentication
55
Modified Shell Code
#include <stdio.h>
int main(int argc, char *argv[])
{
execvp('\bin\sh', '\bin \sh', NULL);
return 0;
}
CS-4513, D-Term 2007
Security and
Authentication
56
Hypothetical Stack Frame
After attack
Before attack
CS-4513, D-Term 2007
Security and
Authentication
57
Effect
• If you can con a privileged program into
reading a string into a buffer unprotected
from overflow, then …
• …you have just gained the privileges of that
program in a shell!
CS-4513, D-Term 2007
Security and
Authentication
58
What is a “Security Policy?”
• What rights MAY a user have?
– Define the maximum!
• What rights can a user pass on?
• How can a user acquire additional rights?
• Linux/Unix:
CS-4513, D-Term 2007
-rwxr-xr-- /foo
-rw--w---- /bar
Security and
Authentication
59
Policy Models (1)
A “Policy Model” is a framework for creating
a specific policy for a specific organization
• Linux/Unix
–
–
–
–
Users, groups, everybody
“owner” (or “…”) controls grant of rights
Rights based on UID, GID – Focus on files
Process has rights of parent
• can change GID or drop rights
CS-4513, D-Term 2007
Security and
Authentication
60
Policy Models (2)
• Win200X
– Users and groups
– Groups may be members of groups
– Rights are the combined rights of all groups of
which the user is a direct or indirect member
– Administrator controls everything
• can grant any right
– The default is strong control over admin
functions and little control over files
CS-4513, D-Term 2007
Security and
Authentication
61
Policy Models (3)
• Typical Business
– Managers can (usually) grant rights to their staff
– Information is visible to people above in the
organization
– Managers do not have authority to grant access
downward for some classes of information
– Overall control is maintained by restricting access to
applications rather than to data
– databases have their own distinct access controls
CS-4513, D-Term 2007
Security and
Authentication
62
Policy Models (4)
• The Military Mind
– Access rights are granted only by a higher
authority
– Access is broken into two models
• need-to-know (usually organizational with upward
visibility)
• item-by-item (classification may occur in advance of
creation or after)
– Creator may be denied access to own work
– Some weird anomalies
CS-4513, D-Term 2007
Security and
Authentication
63
Policy Models (5)
• The BMA (British Medical Assoc.) model (1995)
– Each medical record has an access control list
– Access may be granted to a new clinician by the subject
or the primary clinician
– Patient must be notified of all ACL changes, and may
revoke access
– Deletions are not allowed
– All access must be logged and auditable
– Information may be aggregated from A into B only if
ACL(A) is a superset of ACL(B)
• Reference
Anderson, Ross, “An Update on the BMA Security Policy,”
1996. (.pdf)
CS-4513, D-Term 2007
Security and
Authentication
64
Policy Models (6)
• The HIPAA model (1998)
– The patient controls the right to access
“personally identifiable health information”
– Access is granted to any clinician or facility
staff participating in the care of the patient
– Patient must be notified of all breaches
– Deletions are not allowed
– All access must be logged and auditable
– Privileges may be revoked
CS-4513, D-Term 2007
Security and
Authentication
65
More Principles
• Think about Assets, Threats and
Vulnerabilities FIRST
• Find an appropriate (and minimally
complex) Policy Model
• Match your OS capabilities to the policy
model as best you can
• Train staff to recognize social engineering!
• Train staff to make a habit out of the policy!
CS-4513, D-Term 2007
Security and
Authentication
66
Questions
Return to Topic
CS-4513, D-Term 2007
Security and
Authentication
67