Class 1Background, Tools, and Trust

CIS 755: Advanced Computer SecuritySpring 2015

Eugene Vasserman

http://www.cis.ksu.edu/~eyv/CIS755_S15/

This class

http://www.cis.ksu.edu/~eyv/CIS755_S15/

•Will discuss historical and modern work in security focusing on advanced concepts

Coursework consists of:1.Reading from “Cryptography Engineering,” “Security Engineering,” and papers2.Class discussions3.Quizzes, mid-terms, and a final exam

Administrative stuff

• Me: eyv@ksu–Office: 316A Nichols

• Readings, quizzes, etc. on schedule page• Watch for quiz announcements• Periodically check main page for news and

schedule page for changes and slideshttp://www.cis.ksu.edu/~eyv/CIS755_S15/

Administrative stuff II

• Office hours: –Monday 3 – 4:30 PM– Thursday 2:30 – 4 PM –Or by appointment– In 316A Nichols or by teleconference

• Be sure to do the reading!!• How was the reading?

Things to remember

• I can be wrong; papers can be wrong; anyone can be wrong!

• This class is experimental – if the workload is too heavy, if you’re not learning, if you are bored, let me know!

• Please contact me for any reason – email, stop by my office, or make an appointment

• If you don’t understand something, ask!

More things to remember

• Secure hardware: FAIL!• Mobile software agents: FAIL!• Loss of security is a one-way trip*

* Some exceptions apply

–e.g. confidentiality, integrity (sometimes)

• Attacks only get better• Security should be considered in design• There is such a thing as too much security

Reading papers

• Read critically–Pretend you know it’s broken and let the writer

convince you otherwise (or not!)

• Think like an adversary• Are there implicit assumptions?• Are the explicit assumptions reasonable?• Some resources are online–(website external resources )

Me being selfish

Any questions about my research?(Just what is it that I do around here? :)

Security basics

• “What is being secured?”–And security goal/property

• “Secure against what?”– Threat/attacker model, players and resources

• Kerckhoffs’ principle–Roughly, the only thing secret about a security

system should be the secret key• Shannon’s maxim– “The enemy knows the system”

Safety vs. security

• Think like an adversary!• Random → malicious faults• Engineering for security:

“What’s the worst that can happen?”Assume it will…

• Always, always, ALWAYS state your assumptions!

Security: fundamental differences

• Real world: physical, intuitive–Risk assessment• People are not even good at this in the real world!

– Trusted vs. trustworthy– Forensics, physical evidence• Forgery

– Fail “evident,” e.g. theft– Scale of failures

Building secure systems

• Players– Incentives and resources

• Adversary model– Logical or illogical: cost vs. payoff

• Levels of assurance• Proactive vs. reactive enforcement– Fail-closed/secure or fail-open/insecure?–Method of returning to secure states

What does “secure” mean?

• Secrecy/Confidentiality• Authenticity• Integrity• Privacy/Anonymity–Pseudonymity–Unlinkability–Deniability

• Accountability

Always state your

assumptions!

More basics

• Trusted vs. trustworthy– e.g. the recent SSL Certificate Authority fiasco

• Risk, hazard, vulnerability–Adversary, ROI, scale

• Assurance levels– “Rainbow” book series, Common Criteria

• Method of returning to secure states• Fail-closed/secure or fail-open/insecure?

Attack success variants

• Derive/recover secret key– Total break

• Forge signature/tag on any message–Universal break

• Forge for some chosen messages– Selective break

• Forge for some (garbled?) message– Existential break

xkcd.com

Security mechanisms (incomplete list)

• Access control• Authentication• Separation of roles• Logging• Trusted components in the hands of

trustworthy parties

Questions?