Chapter 11Security

2

The Security Problem

• Security must consider internal and external environment of the system, and protect it from:– unauthorized access.– malicious modification or destruction– accidental introduction of inconsistency.

• Easier to protect against accidental than malicious misuse.

3

SecurityA system is secure if its resources are used and

accessed as intended under all circumstances.• Computer security

– Addresses the issue of preventing unauthorized access to resources and information maintained by computers

– Encompasses the following issues: • Guaranteeing the privacy and integrity of sensitive data• Restricting the use of computer resources• Providing resilience against malicious attempts to

incapacitate the system

4

What is Security?

• All Security is based on the answers to the questions.– Who do you trust?– How much do you trust them?

• The answers to these questions form a Security Policy

5

Security Components

• Physical Security• Authentication• Protection• Secure Communications• People

6

Physical Security• Obviously, if your computer is

lost or stolen, you have a security problem.

• Most modern computers are to have wireless communicates (WiFi or Bluetooth), which these features are useful, however, it allows open up holes in the physical security of the system.

WiFi – defined network

Bluetooth– ad-hoc network

Authentication

• Authentication– Identifying users and the actions they are allowed

to perform– A user can be identified by:

• a unique characteristic of the person (e.g., fingerprints, voiceprints, retina scans and signatures)

• ownership of an item (e.g., badges, identification cards, keys and smart cards)

• user knowledge (e.g., passwords, personal identification numbers (PINs) and lock combinations)

8

Authentication• Verify that someone is who they say they are• Two general methods

– Data item that you know• (e.g. Login, password)

– Data media that you have• (e.g. card, smart card)

• Problems with data media you have– Can be lost or stolen– Can be forged

9

Authentication

• Biometrics– Data item you have that most likely cannot be lost

or stolen– Examples

• Fingerprint• Retinal Scan• Facial Recognition• Voice Recognition

10

Protection• Mechanisms to control what an authenticated

user can do.– File Protection– Memory Protection– Web Protection

• Mechanism to keep unauthorized users from accessing the system– Firewalls– Virus Detection– Spyware Detection

Cryptography

• Cryptography– Encoding and decoding data so that it can be

interpreted only by the intended recipients– Data is transformed by means of a cipher or

cryptosystem• Modern cryptosystems rely on algorithms that operate

on the individual bits or blocks (a group of bits) of data, rather than letters of the alphabet

– Encryption and decryption keys • Binary strings of a given length

Secret-Key Cryptography• Secret-key cryptography

– Also known as symmetric cryptography– Uses the same secret key to encrypt and decrypt a

message• Sender

– Encrypts a message using the secret key– Sends encrypted message to the intended recipient

• Recipient– Decrypts the message using the same secret key

13

Encryption• Scrambles information so that eavesdroppers

cannot read what is being transmitted• Also used as part of Authentication to help

ensure that someone is not posing as somebody else

14

People

• Lack of knowledge about security• People will not keep information secure

– People can be conned into giving out information they shouldn’t

• Poor System Administration

15

Types of Attacks• Trojan Horse (is a program that claims to rid your

computer of viruses but instead introduces viruses onto your computer)

• Trap Door (A way to bypass the normal security protections. Often left in applications / systems to help support staff)

• Stack & Buffer Overflow (is a type of the more general programming malfunction known as buffer overflow (or buffer overrun)

Occurs when an application sends more data to a buffer than it can hold

16

Types of Attacks• Worm (A program that automatically sends itself to

another system• Virus (Program that attacks a system to carry out some

action the computer user does not want• Denial of Service (Typical attack sends so many

messages to a system, that system cannot execute anything except respond to those messages) Prevent a system from servicing legitimate requests

• A well-designed buffer overflow attack can replace executable code in an application’s stack to alter its behavior

Security Attacks

• Cryptanalytic attacks• Viruses and worms• Denial-of-service attacks

– Domain name system (DNS) attack

• Software exploitation– Buffer overflow

• System penetration– Web defacing

18

Stack & Buffer Overflow

• Send an incorrectly formatted command / message to a system. If system does not carry out adequate checking, it may execute some action it shouldn’t

19

Stack & Buffer Overflow

• How does this happen?– Poorly Programmed Read

• Should be read(file,buffer,100)• Instead of read(file,buffer) which reads as much data as

the remote system sends

– Inadequate checking of the validity of the data that is received

20

SQL Injection

• Application does inadequate validation of user input before putting it into an SQL statement

• Example– SELECT BALANCE FROM ACCTS WHERE

ACCT_ID=xxxx– User Input for xxxx

• 104;UPDATE ACCTS SET BALANCE=100000 WHERE ACCT_ID=104

21

Goal of Protection

• Ensure that resources (data) is available only to users that are authorized to access those resources

• A Protection Policy specifies the details of this goal for a particular system

• The Protection Policy is implemented via Protection Mechanisms

22

Example Protection Policies

• Access by password knowledge– Teresa can access the Personnel File if she knows a

password• Access by User ID

– Patty can modify the Personnel FileJonathon can read the fileBrandon has no access to the file

• Access by Group Membership– The HR dept can modify the Personnel File

The Payroll dept can read the fileOther employees have no access to the file

23

Protection Policies

• A Protection Policy says:– How a user can obtain access to a resource (data)– What they can do with the resource / data (Access

Rights)

24

Owner

• Most Protection Policies have the concept of the Owner of the data

• The Owner:– Has all access rights to the data– Can delegate Access Rights to other users / groups

25

Typical Access Rights

• Read• Write• Execute• Delete

26

File Protection

R W E Effect

0 0 0 No access allowed

0 0 1 Execute Only – Program can be executed

0 1 0 Write Only - not really useful

0 1 1 Write-Execute – Not used

1 0 0 Read Only – File can be read / copied

1 0 1 Read-Execute – Program can be executed / copied

1 1 0 Read-Write – Normal data file

1 1 1 Read-Write-Execute – no protection

Memory protection is a special case of protection in which the OS will set up the appreciate access tables, but enforcement is handled by hardware. Table below shows the meaning and usage of the various combinations of permission bits.

27

Two Protection Mechanisms

• File/data Attributes– Each file specify attributes for Owner, Group,

Everyone• Can specify Read, Write, Execute allowed• Can specify separately for Owner, Group, Everyone

• Access Control Lists– Associated with each protected resource– Specifies which individuals and/or groups have

what access rights

28

Access Control List Example

HR dept Read-Write

Payroll Dept Read

Others None

29

MS Windows• NTFS (New Technology File System) is a

proprietary file system developed by Microsoft. Starting with Windows NT 3.1, it is the default file system of Most modern Windows. It is a File System has support for Access Control Lists

• FAT (File Allocation Table ) is a File Allocated file systems have no support for file protection.

• FAT is a file system developed mostly for hard drives that originally used 12 or 16 bits for each cluster entry into the file allocation table. It is used by the operating system (OS) to manage files on hard drives and other computer systems. It is often also found on in flash memory, digital cameras and portable devices.

Attack Prevention and Security Solutions

• Firewalls• Intrusion detection systems• Antivirus software• Security patches • Secure file systems

Firewalls• Firewalls

– Protect a local area network (LAN) from intruders outside the network

– Police inbound and outbound traffic for the LAN

• Types of firewalls (hardware and Software)– Packet-filtering firewall

• Inspects packets for inconsistencies such as incorrect source address

– Application-level gateways• Inspect packets for malicious payloads

Intrusion-Detection Systems (IDSs)• IDSs

– Monitor networks and application log files• Logs record information about system behavior, such as:

– The time at which operating system services are requested – The name of the process that requests them

– Examine log files to alert system administrators of suspicious application and/or system behavior

– If an application exhibits erratic or malicious behavior, an IDS can halt the execution of that process

• Host-based intrusion detection • Network-based intrusion detection

33

Virus Protection

• Current Virus protection programs detect malware by use of a “signature”

• Better technology is needed– Requires frequent updates– Virus writers starting to be able to trick the

signature detection mechanisms

34

Trusted Computing Initiative

• Rather than trying to detect “bad” programs …– Allow system to execute only “good” programs

• Uses Digital Signature technology and cryptography embedded into hardware

• What is a “good” program?

35

Encryption

• Two Primary Functions– ciphertext = encrypt(plaintext,key1)– plaintext = decrypt(ciphertext,key2)

– In cryptography, ciphertext (or cyphertext) is the result of encryption performed on

plaintext using an algorithm. Plaintext is what you have before encryption,

and ciphertext is the encrypted result.

36

Symmetric Systems

• Key1 = key2• Both sides must know the key• Both sides MUST keep the key secret• Requires a secure channel to distribute the

key(s)

37

Symmetric Systems

• Examples– DES (Data Encryption Standard)

• 56 bit keys• 35 years old

– AES (Advanced Encryption Standard)• Keys can be 128, 192, or 256 bits• New standard

38

Asymmetric Systems

• Key1 ≠ key2• One key is published (to the world)

– This a “public key”

• The other key is kept private– This a “private key”

• Also known as Public Key encryption

39

Asymmetric Systems• Examples

– RSA (Rabin, Shamir, Adelman)Based on the difficulty of factoring very large numbersRSA is stands for Ron Rivest, Adi Shamir and Leonard

Adleman, who first publicly described the algorithm in 1977. it is one of the the first practicable public-key cryptosystems and is widely used for secure data transmission

– ECC (Elliptic Curve Cryptography)• Based on the difficulty of calculating the coefficients of an

ellipse.ECC is an approach to public-key cryptography based on the

algebraic structure of elliptic curves over finite fields.

40

Public Key Infrastructure (PKI)

• A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke Digital Certificates.

• A business structure using – Digital Certificates – Certificate Authorities

41

Digital Certificates• In cryptography, a public key certificate (also

known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key.

• The certificate includes information about the key, information about its owner's identity,

• A Digital Certificate identifies the author of a Signed Component– Contains name of the author– The Certificate Authority (CA) that validated the

author’s public key– Signed by Certificate Authority

42

Verifying a Digital Certificate

• Get name of Certificate Authority• Lookup their public key (comes with OS)• Use CA’s public key to decrypt certificate hash• Verify Hash

43

Verifying Digital Certificate

CA Public Key

OS

CA Name

Encrypted Hash

Decrypt

Certificate

44

Hackers & Encryption

• The IT Director of a company is quoted in the press as saying:– “Yes, a hacker did break into our system and get a

copy of the files containing customer’s credit card numbers. But, those files are encrypted, so he can’t use the information.”

• Is he correct?

45

Security of Encryption

• At least 1 key must be kept secret• A break in the other security components can

allow unauthorized access to the secret key• On some systems, the encryption is done on a

separate physical secure device