13-1-Intro

8/11/2019 13-1-Intro

1/51

(An Introduction to Computer)

Security

Jerry den Hartog

Room: MF 6.063

http://www.win.tue.nl/~jhartog/CourseSecurity/

8/11/2019 13-1-Intro

2/51

What is Security?

Lets start with some freeassociation

8/11/2019 13-1-Intro

3/51

Network

IT Infrastructures & Security Goals

EHR

Privacy

AvailabilityIntegrity

Confidentiality

Course Overview

Goal

Challenge

Approach

Course

Schedule

8/11/2019 13-1-Intro

4/51

Network

Threats & Countermeasures

EPD

Course Overview

Goal

Challenge

Approach

Course

Schedule

8/11/2019 13-1-Intro

5/51

Course Overview

Goal

Challenge

Approach

ScheduleTopic Wednesday Topic Friday Lab session

Introduction Cryptography basics Web of Trust

Cryptography Network security basics HTTP basics, Sniffing

and tampering

Malware, web services

security

Hashes, Certificates,

etc.

SQL injection and XSS

Access Control (AC) Digital Rights

Management

AC and session

information stealing

Authentication

(Passwords,

Biometrics)

Authentication

(Hardware tokens)

Authentication Flaws,

Password cracking

Security Protocols Exercises: Security

Protocol and side

channel attack

Session stealing &

phishing

Privacy and Anonymity Exercises & Exam

Preparation

---

See www.win.tue.nl/~jhartog/CourseSecurity
http://www.win.tue.nl/~jhartog/CourseSecurityhttp://www.win.tue.nl/~jhartog/CourseSecurity

8/11/2019 13-1-Intro

6/51

Security What-When-Why-How

What & When

Dependability ~ Security

Security Attributes

Security Policies

Why

attacks & attackers common security issues

Measuring security

How

Security approaches,

models & tools

Security trade-offs Security architectures &

engineering

Analysing a scenario

Security requirements

Conclusions

Security : What When Why How

Content

What

Why

When

How

8/11/2019 13-1-Intro

7/51

WhatThe Why of Security

How

Security: WWW H

Content

What

Why

When

How

8/11/2019 13-1-Intro

8/51

To get Security...

prevent disallowed usage ?

... and enable allowed usage ?

Difference Dependability and Security ?

Other options than prevention

The only truly secure system is one that ispowered off, cast in a block of concrete and

sealed in a lead-lined room with armed guardsE. Spafford

Security: WWW H

Content

What

Why

When

How

8/11/2019 13-1-Intro

9/51

Dependability vs. Security

Dependability Problem ?program x

only works half of the time

crashes the computer

may cause the computer to explode

no longer works with the firewall installed

can stop the firewall from working

posts all your emails on a public website

tracks all your online activities

changes the data used by program y

Security Problem ?

Security: WWW H

Content

What

Why

When

How

8/11/2019 13-1-Intro

10/51

Dependability

vs.Security (2)

Basic Concepts and Taxonomy of Dependable and Secure Computing

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING

The `What of securi ty - Securi ty Attributes

Confidentiality

Integrity

Availability

Privacy

AuthenticityNon-repudiation

Accountability

8/11/2019 13-1-Intro

11/51


C-I-A

Privacy

Authenticity

Non-repudiation

Accountability

Privacy Online

Peter Steiner 1993 Nik Scott 2008

8/11/2019 13-1-Intro

12/51

Privacy

EU directives (e.g. 95/46/EC) to protect privacy.

College Bescherming Persoonsgegevens (CBP)

What is privacy?

Try to protect: Privacy Enhancing Technologies (PETs)

Users must be able to determine for themselves when, how,

to what extent and for what purpose information about them

is communicated to others (Definition PRIME, Europeanproject on privacy & ID management.)

Alice

The `What of security - Securi ty At tributes

C-I-A

Privacy

Authenticity

Non-repudiation

Accountability

8/11/2019 13-1-Intro

13/51

The What of securi ty - Security

Attributes

C-I-A

Privacy

Authenticity

Non-repudiationAccountability

EU Data Protection Directive

Personal data usage requirements:

Noticeof data being collected

Purposefor data use

Consentfor disclosure

Informed who is collecting their data

Kept secure Right to access & correctdata

Accountabilityof data collectors

8/11/2019 13-1-Intro

14/51

Other Security Attributes

Authenticity users or data are genuine

Prescription is real and issued by a genuine Md.

Non-repudiation

Cannot be denied (action/agreement/...)

Dr. cannot claim not issuing prescription

To achieve (means): (Digital) signatures

AccountabilityAbility to hold users accountable for their actions

Dr. can be identified, found and is liable for wrong

prescriptions


C-I-A

Privacy

Authenticity

Non-repudiation

Accountability

8/11/2019 13-1-Intro

15/51

Security Policies & Models

Policy: Specifies allowed / disallowed Context; applies to ..., approved/imposed by ...

Usage; required enforcement, dealing with breaches

Different notions of `security policy: fromgeneral intention statement

Data shall only be available to those with a `need-to-know

to formal, detailed specification

drwxr-xr-x, access control list, XACML policy, etc.

Security Model

(Formal) Framework to express and interpret policies.

E.g. relations on Users - Objects - Permissions - Groups.

The When of security - Security pol icies

8/11/2019 13-1-Intro

16/51


Policy: Specifies allowed / disallowed Context;

applies to ...,

approved/imposed by ...

Etc.

Usage;

required enforcement

dealing with breaches Different notions of `security policy

Security Model


8/11/2019 13-1-Intro

17/51


Policy: Specifies allowed / disallowed

Different notions of `security policy:

fromgeneral intention statementData shall only be available to those with a `need-to-know

to formal, detailed specification

drwxr-xr-x, access control list, XACML policy, etc.

Security Model


8/11/2019 13-1-Intro

18/51


Policy: Specifies allowed / disallowed

Different notions of `security policy:

Security Model

(Formal) Framework to express and interpret policies.

E.g. relations on Users - Objects - Permissions - Groups


8/11/2019 13-1-Intro

19/51

Summerizing the What & When

Security attributes what to achieve

Security Policies When to achieve them

Security Model Setting to interpret

policies

8/11/2019 13-1-Intro

20/51

WhatThe Why of Security

How

8/11/2019 13-1-Intro

21/51

A days worth of security news (2012)

Android-malware verstopt zich via steganografie

Microsoft: hang op als we bellen

Google mailt gebruikers over nieuw privacybeleid

OpenDNS laat Mac-gebruiker onzichtbaar internetten

"Google Chrome ruimt andermans rotzooi op Cybercriminelen vluchten naar Sovjet-Unie

FBI zet 15.000 euro op hoofd internetoplichter

Microsoft en Google samen tegen phishing

Leerlingen opgepakt wegens hacken schoolcijfers

DigiD offline wegens hash collision-lek

Rootkit infecteert pc via Windows Media Player

Android-malware besmet miljoenen gebruikersSource: Security.nl

8/11/2019 13-1-Intro

22/51

A days worth of security news (28-1-13) 58.000 toezichtcamera's open voor hackers

CBP: overheid weet veel te veel van ons

'WhatsApp schendt privacy gebruikers'

Autorun-worm houdt huis in Pakistan

200MB groot virus verrast onderzoekers

Pornosites veroorzaken piek in politievirussen

5 beveiligingstips voor WordPress-gebruikers

Afmeldlink e-mail blijft grootste bron van ergernis

Pentagon vervijfvoudigt aantal cybersoldaten 'Brussel moet privacy burgers beter beschermen'

Veel gemeenten lek door verouderde software

'Apple laat verwijderde iPhone sms'jes staan'

Oracle gaat veiligheid Java verbeteren Source: Security.nl

8/11/2019 13-1-Intro

23/51

Attackers & Attacks

(WHAT) Break Security goals (Attributes)

(WHY) Reach Attacker goals

(WHO) IBM Attacker classification I: Clever outsiders

II: Knowledgeable insiders

III: Funded Organisations

(WHO) CPA - CCA - etc. Formalization attack context

Attacker goals and capabilities

8/11/2019 13-1-Intro

24/51

Some common security issues

Security as an after thought Needs to be addressed from the start

Forgetting security depends on the whole system

Focusing where the risk isn't (...more below)

Single point of failure Breach of a security feature causes complete

breakdown of system

Security by obscurityObscurity may help but it is dangerous to have the

security design depend on it (Kerckhoffs principle)

8/11/2019 13-1-Intro

25/51

Some common security issues (2)

Lack of Security policies

Lack of Preventative management

Keep systems up to date (e.g. patching)

Practice failure situations

Lack of Use of security features

E.g. Windows XP included firewall but not active (pre SP2)

Only need to check single checkbox

Relying on users for security

expertise, awareness, prioritiesAliceBob

8/11/2019 13-1-Intro

26/51

Weakest Link Different

aspects of security

``A chain is as strong as its weakest link

Security needs to be addressed in its whole;

Looking at a single aspect is like looking at asingle link.

system design (security not addressed)

quality of software (bugs in code)

strength of encryption (bad algorithm, bad`randomness, length/chose of key)

system usage (bad passwords, not using security

features)

8/11/2019 13-1-Intro

27/51

A program is only as strong as its design

The WMF problem provides a prime example of a software security flaw. At its

heart, the WMF problem is caused by a software feature being used in

an unintended way. WMF files, designed in the late 1980s, allow imagefiles to contain code that can be executed as the image decodes. Microsoft put

this "feature" in on purpose. The problem is, nobody put on their black hat and

thought through what an attacker might be able to do with such an inherentlydangerous feature. Malicious hackers use WMF information to install rootkits,

spyware, and other malicious code on their victims' machines. Some security

experts estimate that at least a million computers have been compromised this

way.

Source: Gary McGraw at itarchitect.com

Even though Microsoft has spent hundreds of millions of dollars on software

security, company representatives still expressed great surprise when theWindows Metafile (WMF) vulnerability surfaced. There's a simple reason for

this. Microsoft's approach, commendable in many ways, involves an

overemphasis on code-level bugs and is thus subject to a major blind spot:

overlookingarchitectural flawssuch as the WMF problem.

8/11/2019 13-1-Intro

28/51

Weakest Link



Looking at a single aspect is like looking at asingle link.

system design (holes in security perimeter)

quality software (bugs in code)



features)

8/11/2019 13-1-Intro

29/51

Programming flaws can lead to security holes

Buffer overloads: the big security hole

Last month, Microsoft reissued its buffer-overflow vulnerability announcement for

Simple Network Management Protocol(SNMP), ... buffer-overflow vulnerabilities in

ISAPI... buffer-overflow vulnerability in Oracle's supposedly unbreakable Oracle 8i

and Oracle 9i servers. ...

Source: ZDNet News

Another zero-day vulnerability reported in Windows 7

...This issue is caused by a buffer overflow error ... which could be exploited by

malicious users to crash an affected system or potentially execute arbitrary code

with kernel privileges.

Critical flaws in Windows, Internet Explorer

As part of this months Patch Tuesday schedule, Microsoft plans to ship a

dozen bulletins with fixes for 22 vulnerabilities, some serious enough to allow

hackers complete access to a vulnerable Windows machine. (Jan 2011)
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-006.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-010.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-010.asphttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-006.asp

8/11/2019 13-1-Intro

30/51

Basic idea buffer overflowcall routine CheckPin

routine CheckPin

{ char pin[ 4 ];

pin

8/11/2019 13-1-Intro

31/51

Weakest Link



Looking at a single aspect is like looking at a

single link. system design (holes in security perimeter)


strength of encryption (bad algorithm, bad

`randomness, length/chose of key)


features)

8/11/2019 13-1-Intro

32/51

Choose your crypto well...

IT: Mafia Boss Using Crook Crypto Captured

Posted by Zonkon Tuesday April 18, @11:13AM

from the never-heard-of-pgp-and-email dept.

boggis writes "Discovery is running a story on Bernardo

Provenzano, the recently arrested 'boss of bosses' of the

Sicilian Mafia. He apparently wrote notes to his henchmen

using a modified form of the Caesar Cipher, which was

easily cracked by the police and resulted in further arrestsof collaborators. Discovery's cryptography expert describes

it as a code that 'will keep your kid sister out'."

Source: Slashdot.org / Discovery channel
http://it.slashdot.org/http://slashdot.org/~Zonk/http://dsc.discovery.com/news/briefs/20060417/mafiaboss_tec.html?source=rsshttp://dsc.discovery.com/news/briefs/20060417/mafiaboss_tec.html?source=rsshttp://slashdot.org/search.pl?tid=93http://slashdot.org/search.pl?tid=93http://slashdot.org/~Zonk/http://it.slashdot.org/

8/11/2019 13-1-Intro

33/51

Weakest Link



Looking at a single aspect is like looking at a

single link.

system design (holes in security perimeter)




features)

8/11/2019 13-1-Intro

34/51

Memorystick, computer & diskettes

Het is de zoveelste keer dat vertrouwelijke informatie op straat is

terechtgekomen. ... landmachtkapitein een memorystick met geheime

militaire informatiein een huurauto had laten liggen. Op het

geheugenkaartje stonden onder meer instructies voor militairen inAfghanistan. ... een memorystick was kwijtgeraakt met daarop

vertrouwelijke informatie van de Militaire Inlichtingen- en

Veiligheidsdienst(MIVD).

... officier van justitie ... computer op straat, zonder de inhoud te wissen...

belandde het apparaat bij misdaadverslaggever Peter R. de Vries ...

medewerker van de veiligheidsdienst AIVD eind vorig jaar diskettesineen leaseauto liggen met daarop vertrouwelijke informatieover Pim

Fortuyn.Source: Elsevier website

Store your secrete data securely

(Dutch examples of loss of unencrypted data carriers with confidential information.)

8/11/2019 13-1-Intro

35/51

What

The Why of Security

How

prevention detection

correctionrepression

deterrence

8/11/2019 13-1-Intro

36/51

The How of Security

Techniques to address specific threats Cryptography

Identity Management, Access control

Security Protocols, Firewalls, Virus scanners

Physical security, Tamper resistant devices

Intrusion detection, auditing

Identify risk & threats, combine defenses

into complete security architecture:

Security Engineering

8/11/2019 13-1-Intro

37/51

How secure is it? Quantifying dependability:

Define tests, test coverage

If covers `common cases reasonable test dependability

not really suitable for security

Measuring security:Attackers typically using unexpected behaviour

Is 1 bug better than 5 bugs ?

1 exploitable error better that 5 ?

Which goal (attribute) is more important

How to reflect trade-offs in score

As much security as possible ?...truly secure system

is powered off...

8/11/2019 13-1-Intro

38/51

Measuring security?

Security of system ~ Costof breaking

Cost - Effort, Money, Expertise, ...Violate security goal / Reach attacker goal

Hard to measure in general

8/11/2019 13-1-Intro

39/51

40

CCWAPSS: Security Scoring

1. Authentication

2. Authorization

3. Input check4. Error handling

5. Password Quality

6. Privacy

7. Sessions

8. Patching9. Admin access

10. Encryption

11. Third parties

8.3/10

Criteria Checklist

(source: ccwapss 1.1 whitepaper)

8/11/2019 13-1-Intro

40/51

Security trade-offs No absolute securityThere will always be vulnerabilities in the system

design / implementation / usage / etc.

May not be desirable; allow for the unforeseen no access to `secure area ...

unless only exit during fire?

Need to make trade-offsConflicting requirements

easy to use secureConflicting securityrequirements

availability confidentiality

Conflicting goals of stakeholders

more usage information privacy user

...truly secure system

is powered off...

8/11/2019 13-1-Intro

41/51

Examples Security Trade-offs

Security - Performance:Increase key length in a public key crypto system

+ Increases protection against brute-force attack

- En/Decryption require more computation

Security UsabilityHave a user enter their password for every access+ Password does not have to be stored in memory

+ User away from machine

- Inconvenient for user

- Maybe less secure in the end; eavesdropping,

enter password in wrong place,

legit user may try to circumvent

8/11/2019 13-1-Intro

42/51

Examples Security Trade-offs (cont)

Security Cost Higher development time to achieve better security

Use of extra hardware, e.g. smartcard in credit/debitcard

Integrity Privacy:Gathering more information (e.g. logging)

may help prevent or detect misuse

decreases the privacy of the users

Access to a building: Open building privacy but low security

Check at entrance: Medium security but some privacy lost

Track users in the building: High security but no privacy

Etc..., etc...

Requirements

8/11/2019 13-1-Intro

43/51

Security Requirements

Security Requirement Engineering Methodology structured approach to finding security requirements

integration into system design

Integral part requirements elicitation process

E.g. SecureUML

Consider `misuse cases (in addition to use cases)

KOAS, NFR, i*Tropos Goal oriented (security goals as explicitly functionality)

Security Problem Frames

Problem patterns based (related to security goals)

q

Design

Concepts

Process

Attackers

Requirements

8/11/2019 13-1-Intro

44/51

i*/Tropos conceptsActor

Entity with intent: role, position, agent (human/software)

Goal (Soft goal)Strategic interest of an actor

Taskcourse of action to satisfy a goal

Resource

Physical or informational entity (without intent/goal)

Social dependency (between two actors)depends to reach goal, execute task, deliver resource

Agreement between two actors

q

Design

Concepts

Process

Attackers

Requirements

8/11/2019 13-1-Intro

45/51

Development Process

Identify stakeholders and their goals

For each actor & goal:

adopt it (this actor will achieve it; elaborate to tasks)

delegate it to an existing or new actor

decompose it into new subgoals

Finish when all goals have been adopted.

q

Design

Concepts

Process

Attackers

Requirements

8/11/2019 13-1-Intro

46/51

Attacker Analysis

Any actors can be a potential attacker

Assumed guilty until proven innocent

Attacker inherits the

intention, capabilities, relations

of legitimate actor

External attackers

Not necessarily linked to system actor

q

Design

Concepts

Process

Attackers

Requirements

8/11/2019 13-1-Intro

47/51

Requirements Elicitation

[Liu et al. 2003] Security and Privacy Requirements Analysis within a Social Setting.

q

Design

Concepts

Process

Attackers

8/11/2019 13-1-Intro

48/51

http://www.win.tue.nl/~jhartog/CourseSecurity(reading material, slides, exercises, assignments)

Preparation for Fridays lecture/Lab section look at 5thchapter of Security Engineering

Nice introduction to the topic of cryptography

(For all lab section); bring your laptop

Create a public key-private key pair (e.g. gpg4win) Install Firefox and Tamper data plug in

Follow up on this lecture: reading material: Check website for links, exercises, etc.

Article on security requirement engineering

1stchapter of Security Engineering by Anderson.

Exercise: Analyze security related news article.
http://www.win.tue.nl/~jhartog/CourseSecurityhttp://www.win.tue.nl/~jhartog/CourseSecurity

8/11/2019 13-1-Intro

49/51

Literature: Listed on course page

Articles & book chapters - available online

Several chapters from Security Engineering

Interesting read but light on the (technical) details

Handbook of Applied Cryptography Useful information but very technical, limited to crypto.

Articles on selected subjects

Experiments, Exercises and notes

Still under development; feedback appreciated.

Links will be posted on course server

8/11/2019 13-1-Intro

50/51

Conclusions

Main Messages to take away from today Security is not an `add-on feature

Needs to be taken into account from the start

Security requires looking at the `complete picture

Consider whole system not just isolated parts

Try to place treated security techniques in

contextWhat is their role in an security architecture

What goals can they achieve

What trade-off need to be made

8/11/2019 13-1-Intro

51/51

Nieuws Item Analysis Find a security related news article and analyze it

what is the security issue in this article related to availability, confidentiality, integrity, etc.

Collect some background information when needed.

For a security incident What was the failure, why did it occur

How could it have been prevented how should it be solved For a solution/technology

What problem is solved, how can it be used, will it work

For an opinion/analysis/... Do you agree, what are possible other/counter arguments

For a more general article What is the issue you have identified

Did the article address this issue?

How well was the issue described does the article get the key points correct, did it miss any issues.

13-1-Intro

Documents

Transcript of 13-1-Intro