Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.
-
date post
15-Jan-2016 -
Category
Documents
-
view
212 -
download
0
Transcript of Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.
![Page 1: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/1.jpg)
Computer SecurityComputer Security
Dept. of Computer ScienceCS 5200Fall 2005
Dr. Scott Cannon
![Page 2: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/2.jpg)
Why is security important?Why is security important?
Privacy, info. integrity, availability of services
Example need areas: Email Financial transactions Records and document access Authentication of people
The Internet was not designed for security
![Page 3: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/3.jpg)
Attacks…Attacks…
Eavesdropping Masquerading Tampering Denial of service Replaying Leakage
Mischievous attacks are often as bad as malicious attacks.
![Page 4: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/4.jpg)
Concepts…Concepts…
Security Policy
Security Mechanism
![Page 5: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/5.jpg)
Name conventions…Name conventions…
Alice 1st participant, usually the originator
Bob 2nd participantCarl 3rd participantEve an eavesdropperMalfoy malicious personSara a trusted server
![Page 6: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/6.jpg)
Security Assumptions…Security Assumptions…
Interfaces are exposed Networks are insecure Secrets become less secure with age Algorithms and program code are
available to attackers Attackers have access to large resources Trusted bases should be minimized.
![Page 7: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/7.jpg)
Situation…Situation…
Consider a simple Internet purchase: authentication of vendor secure transmission of credit card info secure delivery of electronic media insuring non-repudiation
All these must be achieved without previous contact between the buyer and seller
![Page 8: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/8.jpg)
CryptographyCryptography
Encryption uses a key (or keys) in a algorithm such that the coded message cannot be decrypted without knowledge of the key
Notation KA Alice’s secret key KAB Alice and Bob’s shared secret key KApriv, KApub Alice’s public and private keys {m}K Message m encryped with key K [m]K Message m signed using key K E{m}K The encryption operation using key K D{m}K The decryption operation using key K
![Page 9: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/9.jpg)
Trivial example…Trivial example…
E{m}k = m ^ k = m’ => {m}k
D{m’}k = m’ ^ k = m => {m’}key
![Page 10: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/10.jpg)
Secret Key EncryptionSecret Key Encryption
Shared secret key Alice shares her secret key (K) with Bob;
Alice: {m}K = m’ Bob: {m’}K = m
Advantages: easy, fast, cheap Problems:
How does Bob know that m’ is not a copy of an earlier encrypted message?
What if this is the first communication between Alice and Bob?
![Page 11: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/11.jpg)
Authentication ServiceAuthentication Service
Alice would like to communicate with Bob such that Bob can verify: the message does in fact come from Alice, the message has not been tampered with,
and the message is not a replay.
Authentication must be available even though Alice and Bob have never communicated before.
![Page 12: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/12.jpg)
Authentication with a secret keyAuthentication with a secret key
Alice sends a unencrypted request to Sara requesting access to Bob’s data.
Sara returns {{ticket}KB, KAB}KA
Alice decrypts the message with KA : {ticket}KB, KAB
Alice sends the encrypted ticket to Bob with her identity: {ticket}KB, Alice
The ticket is actually KAB, Alice Bob decrypts the ticket to a) verify Alice’s identify
and b) get the shared secret key KAB
Alice and Bob can now communicate with KAB
![Page 13: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/13.jpg)
Problems with secret keys…Problems with secret keys…
How do Alice and Bob send their secret keys to Sara?
Sara must be a secured server with knowledge of everyone’s secret keys
![Page 14: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/14.jpg)
Public key encryptionPublic key encryption
A public key encryption algorithm uses two keys: One key undoes the effects of the other. Only the pair to a key can decrypt a message encrypted by the other key
One key is held private, the other can be public!
{m}Kpriv = m’ {m’}Kpub = m
Given Kpub, one cannot determine Kpriv within a reasonable amount of time.
![Page 15: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/15.jpg)
Authentication using public keysAuthentication using public keys
Anyone can decrypt a message from Alice and verify that it came from her – since only Alice could produce {m}KApriv = m’
(Alice has signed the message)
Anyone can send a message to Alice that only Alice can read: {m}KApub = m’
![Page 16: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/16.jpg)
Public key messagingPublic key messaging
Alice: {{m}KApriv}KBpub = m’
Bob: {{m’}KBpriv}KApub = m
Only Alice can encrypt m’. Only Bob can decrypt m’ to produce m.
This is true even though Malfoy has both KApub and KBpub.
The message m’ has been signed by Alice
![Page 17: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/17.jpg)
Hybred approaches…Hybred approaches…
Alice to Bob: {{“Alice”}KApriv, KAB} KBpub = m’
Bob: {m’}KBpriv => signature, KAB
Bob to Alice: {X}KAB
Alice to Bob: {Y}KAB …
![Page 18: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/18.jpg)
Cryptography algorithmsCryptography algorithms
Encryption / Decryption must not require extensive time or special hardware
Time, cost Vs. Security
Given Kpub, Malfoy should not be able to calculate Kpriv within a reasonable amount of time.
Cryptographic algorithms and programs should be considered publicThe above is the subject of U.S. ITAR export laws
![Page 19: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/19.jpg)
Digital digest signaturesDigital digest signatures
Since public-key encryption is costly, often only a digest of a document is signed.
To protect against replaying attacks, a digest will usually include a date.
If Malfoy knows the digest algorithm, he could possibly alter the document without changing the encrypted digest.
![Page 20: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/20.jpg)
Other security issues…Other security issues…
Passwords Taking over a service Denial of service Spoofing
![Page 21: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/21.jpg)
Passwords and securityPasswords and security
Most passwords are simple variation of one or more of the following; a name (pet, family, famous person) a date a word associated with a hobby or personal
interest. Passwords are stored in public files (using
one-way encryption). A password cracker can try all possible 8-
char passwords in a few days with a desktop PC.
![Page 22: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/22.jpg)
IP addresses and portsIP addresses and ports
An internet message has a header that contains; Source IP address Destination IP address destination port number Routing history
The local OS keeps a table of ports vs. processesport # process25 smtp80 http…
Taking over a computer is simply a matter of making a change in this table: bind()
![Page 23: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/23.jpg)
Denial of ServiceDenial of Service
Denial-of-service attacks are usually just a matter of flooding the IP address and port of the service you wish to deny.
Prevention: Monitor the source IP address of incoming requests.
Problem: A message source IP address and its routing history is easily spoofed.
![Page 24: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/24.jpg)
SpoofingSpoofing
Malfoy is relatively free to spoof the source IP address of any Internet message.
Internet transport protocols (TCP/IP, UDP/IP, A25, etc.) do not normally verify a source address.
Mail service (smtp) only makes a primitive verification that the FROM: field in an email corresponds to the message source.
While TCP automatically inserts a source address, Malfoy can use RAW protocols or modify TCP at the source.
![Page 25: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/25.jpg)
Security – the bottom lineSecurity – the bottom line
The computer industry is very sensitive to security issues.
Security measures can only hamper Malfoy.
The only real security is a trustworthy software professional
![Page 26: Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.](https://reader035.fdocuments.net/reader035/viewer/2022070412/56649d415503460f94a1c9f2/html5/thumbnails/26.jpg)
Security and students…Security and students…
A software professional is similar to the guy responsible for shredding worn-out currency – the only real security is trust.
A computer science student or employee caught or even suspected of attempting to bypass computer security is marked for the rest of his or her career.
Consider: A bank clerk caught taking $5 from a till will never work in any bank again – ever.