Start of Lecture: April 7, 2014 - University of Alberta

Chapter 15: Security

Start of Lecture: April 7, 2014

1


Reminders

• Hope Assignment 3 is going well

• This week is mostly for review

• Please check your marks on docsdb for any errors

• Any questions?

2


Thought Questions

• Could virtual memory be eliminated if RAM could contain the entire disk space, and be non volatile or if SSD’s had the ability to run at RAMs speed? Would this really be feasible and would this mean we could approach higher levels of CPU utilization?

• Some considerations also involve temporary variables that are not stored on disk (e.g. matrix transformation computed on stored data)

• Even for large amounts of memory, a logical separation is a good idea

• e.g can have a linear virtual memory address space (conceptually nice) with actual pages fragmented over physical memory address space; both convenient and adds another layer of protection

3


Thought Questions• During Bob’s lectures he talked about a lot of solutions that

“wasted” virtual memory and would say “it’s no big deal it’s just virtual memory not real memory”. I don’t really understand what happens if you run out of virtual memory? Or can that even happen, that you run out of virtual memory even though you still have memory available?

• it is very unlikely that you would really use up your entire virtual address space (of 4 GB!); if you did, the working set might be small

• the virtual address space is just a fake view of your process; the physical address space looks much different

• guard pages after “real” pages just need to throw a segmentation fault, but do not actually need to be allocated in physical memory

• e.g. guard pages in page-table, to thrown exception, but not allocated

4


Thought Questions

• The text mentions a few methods of Symmetric Encryption (DES, WEP) which have been declared easily broken. I'm wondering how long after those methods of encryption were actually broken did it become public knowledge that they had been cracked?

• They were not “cracked” with a sudden new invention (like a quantum computer), but rather by a weak design initially and gradually increasing computing power and persistence

• 1977 first machine proposed, for $20 million, to break DES in a day

• DES was known to have too short of a key: reduced from 128 bits to 56 bits for convenience to fit on a chip

• Video later discussing how MD5 was “broken”

5


Thought Questions• The text also mentions the replacements for those

encryptions and explains why they're safer than their predecessors, but doesn't emphasize that both DES and WEP were once declared 'safe' as well. History is full of a long list of encryption schemes that were all thought safe once upon a time but have since fallen to the time, ingenuity, and increased processing power. Why doesn't the text mention that there's a likelihood that even the encryption schemes many rely on today (RSA) have already been broken but that the knowledge of who likely broke them and how they've been broken hasn't yet been made public.

• in this case, RSA relies on an important cryptographic hardness property, which was not the case for previous encryption

• unless obtain quantum computers or prove that class of cryptographically hard problems = P (similar to the unlikely result that NP = P)

6


Hash functions are not encryption

• Encryption is a two-way process

• Hashed functions are not: generally it is hard to recover the original value from a hashed value (one-way)

• Secure hash functions are nearly guaranteed to be one-way — called cryptographic to indicate this desirable inability to recover the inputs

• Cryptographic hash functions useful for verification (e.g. test if message tampered with)

• Encryption useful for secure message-passing/authentication

7


Cryptographic hash functions

8


Encryption

• A set K of keys

• A set M of messages

• A set C of cipher texts

• An encrypting function E: K —> (M —> C)

• A decrypting function D: K —> (C —> M)

• For convenience, we write the function E(k) = Ek, so we can apply that function to m in M, Ek(m) (similarly with D)

9


Important properties of encryption algorithms

• E and D should be efficiently computable

• Can only decrypt if have key k, i.e. given ciphertext c in C, can compute m such that Ek(m) = c only if have k

• Since ciphertexts usually exposed (public keys), it is crucial that it be infeasible to derive key k from the ciphertext

• Encryption can be symmetric or asymmetric

10


Symmetric Encryption

• The same key is used to encrypt and decrypt

• What does that mean for the key k?

• both parties have to have access to the private key

• Can you design a symmetric encryption function?

11

keyexchange

message m

message m

encryptionalgorithm

E

decryptionalgorithm

D

write

encryptionkey k

decryptionkey k

readin

secu

rech

anne

l

plaintextciphertextc = E

k (m)

plaintextm

= Dk (c)

attacker


Symmetric Encryption: RC4

• Not secure so do not use this technique

• Uses a bit-wise x-or, since x-or is an involution — a function that applied twice results in the identity

• Encrypt: c = m XOR p(k)

• Decrypt: c XOR p(k) = (m XOR p(k)) XOR p(k)) = m

• Key k input to keystream generator; since encrypt and decrypt both know k, can both generate same key stream

12


Why is RC4 insecure?

• Has known biases in its encryption that enables the brute-force search of the key to be reduced

• i.e. known biases constrain the search space

• e.g. second byte of an RC4 key stream has about twice the likelihood of being zero as it should: 2/256

• Still used in practice, partly because alternatives have other worse properties (such as inefficiency, other exploits)

13


Asymmetric Encryption• Different encryption and decryption keys

• Public key used for encryption; private key used for decryption

• Any sender can use the public key for encryption, but only receiver can decrypt it

14

• No longer need to share private key ahead of time

• RSA is a widely-used public-key encryption algorithm


Asymmetric Encryption

• Let ke be the public key (encrypt) kd be the private key (decrypt)

• Choose two prime numbers p, q and set N = pq

• It must be computationally infeasible to derive ke from kd

• Encrypt: Eke,N(m) = mke mod N

• Decrypt: Dkd,N(c) = ckd mod N

15

message 69

69

695 mod 91

6229 mod 91

write

encryptionkey k5,91

decryptionkey k29,91

read

inse

cure

chan

nel

plaintext62


Asymmetric Encryption

• Encrypt: Eke,N(m) = mke mod N

• Decrypt: Dkd,N(c) = ckd mod N

• Choose ke to be coprime with (p-1)(q-1) (i.e. no common positive factors other than 1) and less than (p-1)(q-1)

• Then can compute the private key, kd, using extended Euclidean algorithm

• Exponentiation in encrypt/decrypt can be computed efficiently using exponentiation by squaring

16


Example of asymmetric encryption with RSA

17

15.34 Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9th Edition

Asymmetric Encryption Example

� For example. make p = 7and q = 13

� We then calculate N = 791 = 13כ and (pí��qí��

� We next select ke relatively prime to 72 and< 72, yielding 5

� Finally, we calculate kd such that kekd mod 72 = 1, yielding 29

� We how have our keys

z Public key, ke,N = 5, 91

z Private key, kd,N = 29, 91

� Encrypting the message 69 with the public key results in the cyphertext 62

� Cyphertext can be decoded with the private key

z Public key can be distributed in cleartext to anyone who wants to communicate with holder of public key


Example of asymmetric encryption with RSA

18

message 69

69

695 mod 91

6229 mod 91

write

encryptionkey k5,91

decryptionkey k29,91

read

inse

cure

chan

nel

plaintext62


When are symmetric and asymmetric encryption used?

• Symmetric cryptography usually simpler transformations that are not computationally intensive, but less secure

• Asymmetric much more computationally intensive, but very secure (based on cryptographic hardness property of finding prime factors of a number)

• Asymmetric typically used for authentication, key distribution, small amounts of confidential info

• Symmetric encryption for bulk data encryption

19


Authentication

• Encryption allows messages to be passed safely by constraining the set of receivers of a message

• Authentication constrains the set of senders

• Keys and passwords often not enough as can still be compromised from man-in-the-middle or password vulnerabilities

• certificate authorities create a web of trust

• new authentication techniques, like biometrics, link the key or password with biological readings about a person

20

Chapter 15: Security 21

message m

encryptionalgorithm

E

decryptionalgorithm

D

write

3. Ekbad (m)

message mread

encryptionkey kbad

decryptionkey kd

decryptionalgorithm

D

decryptionkey kbad

2. Publickeyk

bad

1. Publickeyk

e

attacker

Man-in-the-middle attack for asymmetric encryption


Video Break: brought to you by a terrific classmate!

22

https://www.youtube.com/watch?v=8ZtInClXe1Q

https://www.youtube.com/watch?v=8ZtInClXe1Q


Some philosophical questions

• Are you interested in learning how to hack? If so, why?

• Do you think the punishment for the Morris worm was warranted?

• What do you think of bitcoin?

• What do you think about quantum computing?

• Any other thoughts/predictions about operating systems?

23


Info for the final exam

• Worth 25% of the final mark

• Questions are more about concepts, though you may write small pieces of code or comment/use given code

• There will be about 5-6 questions

• Exam designed for 2 hours, but you will have 3 hours to complete it

• Open-book, open-note but no electronic devices

• Suggestion: do the practice questions in the textbook, which have posted solutions online at os-book.com

24

http://os-book.com


General strategies for exam taking

• Cherry picked from: http://www4.ncsu.edu/unity/lockers/users/f/felder/public/Papers/testtaking.htm

• Read over the whole exam before beginning to write anything

• Choose the problem or question that seems easiest to you and do it first. Continue to do the problems in order of increasing difficulty.

25



• STAY IN MOTION! Work on a problem until you get stuck. Think about it for a minute or two, and if nothing comes to you then drop it and go on to another problem. Don't spend 30 minutes sweating out an additional five points on a problem and run out of time, leaving a 40-point problem untouched. You may later have time to return to the first one and you're much more likely to think of how to do it then.

26



• Given enough detail to indicate understanding and use proper terminology. Write legibly.

• Think partial credit. Try to put something down for each part of every problem/question.

• If you don't understand a question, ask for clarification. It is not cheating and I will decide if it is appropriate.

27



• Don't panic. If you feel yourself sweating or hyperventilating, put down your pencil, close your eyes, take a few deep breaths, and consciously relax any muscles that you're clenching (jaw, neck, stomach).

• If you have time at the end, check your solutions. Did you answer each part of every question? Did you answer the question(s) asked? Are your answers clear?

28


How do you want to review?

• I want you to remember the key concepts from this course

• will you recall what a binary semaphores is in 5 years?

• Try to do the practice final before Wednesday, so you can come with a list of questions or review topics

• Any requests for review?

29


Practice Final Exam: Q1Consider an OS that supports virtual memory with demand paging, and a spinning- platter, disk-based paging device (i.e., a typical hard drive). What is the most likely impact of increasing the size of main memory (e.g., increasing RAM from 4 GB to 8 GB) on the frequency with which the CPU scheduler (i.e., short-term scheduler) is invoked? Choose (and circle) the best answer from the following 4 possible answers. Explain your choice; most of the marks are for the explanation.

1. the relationship between the size of main memory and the CPU scheduler is complicated and difficult to predict

2. the size of main memory has nothing to do with the CPU scheduler

3. a larger main memory tends to increase the frequency with which the CPU scheduler is invoked

4. a larger main memory tends to reduce the frequency with which the CPU scheduler is invoked

30


How do you approach this question?

• Think about some of the issues we have discussed for memory management and scheduling and their effects on CPU utilization

• Paging for memory management and issues with swapping, including page look-ups

• Factors that affect scheduling, such as types of jobs in the ready queue, number of jobs in ready queue

31

Start of Lecture: April 7, 2014 - University of Alberta

Documents

Transcript of Start of Lecture: April 7, 2014 - University of Alberta