Transcript Mod_7-Ch11
Chapter 11
Security
The Security Problem
• Security must consider internal and external
environment of the system, and protect it from:
– unauthorized access.
– malicious modification or destruction
– accidental introduction of inconsistency.
• Easier to protect against accidental than
malicious misuse.
2
Security
A system is secure if its resources are used and
accessed as intended under all circumstances.
• Computer security
– Addresses the issue of preventing unauthorized
access to resources and information maintained by
computers
– Encompasses the following issues:
• Guaranteeing the privacy and integrity of sensitive data
• Restricting the use of computer resources
• Providing resilience against malicious attempts to
incapacitate the system
3
What is Security?
• All Security is based on the answers to the
questions.
– Who do you trust?
– How much do you trust them?
• The answers to these questions form a
Security Policy
4
Security Components
•
•
•
•
•
5
Physical Security
Authentication
Protection
Secure Communications
People
Physical Security
• Obviously, if your computer is
lost or stolen, you have a
security problem.
• Most modern computers are
to have wireless communicates
(WiFi or Bluetooth), which
these features are useful,
however, it allows open up
holes in the physical security of
the system.
6
WiFi – defined network
Bluetooth– ad-hoc network
Authentication
• Authentication
– Identifying users and the actions they are allowed
to perform
– A user can be identified by:
• a unique characteristic of the person (e.g., fingerprints,
voiceprints, retina scans and signatures)
• ownership of an item (e.g., badges, identification cards,
keys and smart cards)
• user knowledge (e.g., passwords, personal
identification numbers (PINs) and lock combinations)
Authentication
• Verify that someone is who they say they are
• Two general methods
– Data item that you know
• (e.g. Login, password)
– Data media that you have
• (e.g. card, smart card)
• Problems with data media you have
– Can be lost or stolen
– Can be forged
8
Authentication
• Biometrics
– Data item you have that most likely cannot be lost
or stolen
– Examples
•
•
•
•
9
Fingerprint
Retinal Scan
Facial Recognition
Voice Recognition
Protection
• Mechanisms to control what an authenticated
user can do.
– File Protection
– Memory Protection
– Web Protection
• Mechanism to keep unauthorized users from
accessing the system
– Firewalls
– Virus Detection
– Spyware Detection
10
Cryptography
• Cryptography
– Encoding and decoding data so that it can be
interpreted only by the intended recipients
– Data is transformed by means of a cipher or
cryptosystem
• Modern cryptosystems rely on algorithms that operate
on the individual bits or blocks (a group of bits) of data,
rather than letters of the alphabet
– Encryption and decryption keys
• Binary strings of a given length
Secret-Key Cryptography
• Secret-key cryptography
– Also known as symmetric cryptography
– Uses the same secret key to encrypt and decrypt a
message
• Sender
– Encrypts a message using the secret key
– Sends encrypted message to the intended recipient
• Recipient
– Decrypts the message using the same secret key
Encryption
• Scrambles information so that eavesdroppers
cannot read what is being transmitted
• Also used as part of Authentication to help
ensure that someone is not posing as
somebody else
13
People
• Lack of knowledge about security
• People will not keep information secure
– People can be conned into giving out information
they shouldn’t
• Poor System Administration
14
Types of Attacks
• Trojan Horse (is a program that claims to rid your
computer of viruses but instead introduces viruses onto
your computer)
• Trap Door (A way to bypass the normal security
protections. Often left in applications / systems to help
support staff)
• Stack & Buffer Overflow (is a type of the more general
programming malfunction known as buffer overflow
(or buffer overrun)
Occurs when an application sends more data to a buffer
than it can hold
15
Types of Attacks
• Worm (A program that automatically sends itself to
another system
• Virus (Program that attacks a system to carry out some
action the computer user does not want
• Denial of Service (Typical attack sends so many
messages to a system, that system cannot execute
anything except respond to those messages) Prevent a
system from servicing legitimate requests
• A well-designed buffer overflow attack can replace
executable code in an application’s stack to alter its
behavior
16
Security Attacks
• Cryptanalytic attacks
• Viruses and worms
• Denial-of-service attacks
– Domain name system (DNS) attack
• Software exploitation
– Buffer overflow
• System penetration
– Web defacing
Stack & Buffer Overflow
• Send an incorrectly formatted command /
message to a system. If system does not carry
out adequate checking, it may execute some
action it shouldn’t
18
Stack & Buffer Overflow
• How does this happen?
– Poorly Programmed Read
• Should be read(file,buffer,100)
• Instead of read(file,buffer) which reads as much data as
the remote system sends
– Inadequate checking of the validity of the data
that is received
19
SQL Injection
• Application does inadequate validation of user
input before putting it into an SQL statement
• Example
– SELECT BALANCE FROM ACCTS WHERE
ACCT_ID=xxxx
– User Input for xxxx
• 104;UPDATE ACCTS SET BALANCE=100000 WHERE
ACCT_ID=104
20
Goal of Protection
• Ensure that resources (data) is available only
to users that are authorized to access those
resources
• A Protection Policy specifies the details of this
goal for a particular system
• The Protection Policy is implemented via
Protection Mechanisms
21
Example Protection Policies
• Access by password knowledge
– Teresa can access the Personnel File if she knows a
password
• Access by User ID
– Patty can modify the Personnel File
Jonathon can read the file
Brandon has no access to the file
• Access by Group Membership
– The HR dept can modify the Personnel File
The Payroll dept can read the file
Other employees have no access to the file
22
Protection Policies
• A Protection Policy says:
– How a user can obtain access to a resource (data)
– What they can do with the resource / data (Access
Rights)
23
Owner
• Most Protection Policies have the concept of
the Owner of the data
• The Owner:
– Has all access rights to the data
– Can delegate Access Rights to other users / groups
24
Typical Access Rights
•
•
•
•
25
Read
Write
Execute
Delete
File Protection
Memory protection is a special case of protection in which
the OS will set up the appreciate access tables, but
enforcement is handled by hardware.
Table below shows the meaning and usage of the various combinations of permission bits.
R
W
E
Effect
0
0
0
No access allowed
0
0
1
Execute Only – Program can be executed
0
1
0
Write Only - not really useful
0
1
1
Write-Execute – Not used
1
0
0
Read Only – File can be read / copied
1
0
1
Read-Execute – Program can be executed /
copied
1
1
0
Read-Write – Normal data file
1
1
1
Read-Write-Execute – no protection
26
Two Protection Mechanisms
• File/data Attributes
– Each file specify attributes for Owner, Group,
Everyone
• Can specify Read, Write, Execute allowed
• Can specify separately for Owner, Group, Everyone
• Access Control Lists
– Associated with each protected resource
– Specifies which individuals and/or groups have
what access rights
27
Access Control List Example
HR dept
Read-Write
Payroll Dept
Read
Others
None
28
MS Windows
• NTFS (New Technology File System) is a
proprietary file system developed by Microsoft.
Starting with Windows NT 3.1, it is the default
file system of Most modern Windows. It is a File
System has support for Access Control Lists
• FAT (File Allocation Table ) is a File Allocated file
systems have no support for file protection.
• FAT is a file system developed mostly for hard drives that
originally used 12 or 16 bits for each cluster entry into the file
allocation table. It is used by the operating system (OS) to manage
files on hard drives and other computer systems. It is often also
found on in flash memory, digital cameras and portable devices.
29
Attack Prevention and Security
Solutions
•
•
•
•
•
Firewalls
Intrusion detection systems
Antivirus software
Security patches
Secure file systems
Firewalls
• Firewalls
– Protect a local area network (LAN) from intruders
outside the network
– Police inbound and outbound traffic for the LAN
• Types of firewalls (hardware and Software)
– Packet-filtering firewall
• Inspects packets for inconsistencies such as incorrect
source address
– Application-level gateways
• Inspect packets for malicious payloads
Intrusion-Detection Systems (IDSs)
• IDSs
– Monitor networks and application log files
• Logs record information about system behavior, such as:
– The time at which operating system services are requested
– The name of the process that requests them
– Examine log files to alert system administrators of
suspicious application and/or system behavior
– If an application exhibits erratic or malicious behavior,
an IDS can halt the execution of that process
• Host-based intrusion detection
• Network-based intrusion detection
Virus Protection
• Current Virus protection programs detect
malware by use of a “signature”
• Better technology is needed
– Requires frequent updates
– Virus writers starting to be able to trick the
signature detection mechanisms
33
Trusted Computing Initiative
• Rather than trying to detect “bad” programs …
– Allow system to execute only “good” programs
• Uses Digital Signature technology and
cryptography embedded into hardware
• What is a “good” program?
34
Encryption
• Two Primary Functions
– ciphertext = encrypt(plaintext,key1)
– plaintext = decrypt(ciphertext,key2)
– In cryptography, ciphertext (or cyphertext)
is the result of encryption performed on
plaintext using an algorithm.
Plaintext is what you have before encryption,
and ciphertext is the encrypted result.
35
Symmetric Systems
•
•
•
•
36
Key1 = key2
Both sides must know the key
Both sides MUST keep the key secret
Requires a secure channel to distribute the
key(s)
Symmetric Systems
• Examples
– DES (Data Encryption Standard)
• 56 bit keys
• 35 years old
– AES (Advanced Encryption Standard)
• Keys can be 128, 192, or 256 bits
• New standard
37
Asymmetric Systems
• Key1 ≠ key2
• One key is published (to the world)
– This a “public key”
• The other key is kept private
– This a “private key”
• Also known as Public Key encryption
38
Asymmetric Systems
• Examples
– RSA (Rabin, Shamir, Adelman)
Based on the difficulty of factoring very large numbers
RSA is stands for Ron Rivest, Adi Shamir and Leonard
Adleman, who first publicly described the algorithm in
1977. it is one of the the first practicable public-key
cryptosystems and is widely used for secure data
transmission
– ECC (Elliptic Curve Cryptography)
39
• Based on the difficulty of calculating the coefficients of an
ellipse.
ECC is an approach to public-key cryptography based on the
algebraic structure of elliptic curves over finite fields.
Public Key Infrastructure (PKI)
• A public key infrastructure (PKI) is a set of
hardware, software, people, policies, and
procedures needed to create, manage,
distribute, use, store, and revoke Digital
Certificates.
• A business structure using
– Digital Certificates
– Certificate Authorities
40
Digital Certificates
• In cryptography, a public key certificate (also
known as a digital certificate or identity
certificate) is an electronic document used to
prove ownership of a public key.
• The certificate includes information about the key,
information about its owner's identity,
• A Digital Certificate identifies the author of a
Signed Component
– Contains name of the author
– The Certificate Authority (CA) that validated the
author’s public key
41
– Signed by Certificate Authority
Verifying a Digital Certificate
•
•
•
•
42
Get name of Certificate Authority
Lookup their public key (comes with OS)
Use CA’s public key to decrypt certificate hash
Verify Hash
Verifying Digital Certificate
OS
Certificate
CA Name
CA Public Key
Decrypt
Encrypted Hash
43
Hackers & Encryption
• The IT Director of a company is quoted in the
press as saying:
– “Yes, a hacker did break into our system and get a
copy of the files containing customer’s credit card
numbers. But, those files are encrypted, so he
can’t use the information.”
• Is he correct?
44
Security of Encryption
• At least 1 key must be kept secret
• A break in the other security components can
allow unauthorized access to the secret key
• On some systems, the encryption is done on a
separate physical secure device
45