security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · security...
TRANSCRIPT
![Page 1: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/1.jpg)
Securityarchitecture&engineering:introduc2on
SumanJanaColumbiaUniversity
*someslidesareborrowedfromVitalyShma2kovandAriJuels
1
![Page 2: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/2.jpg)
Coursegoals
• Understandthefundamentalprinciplesofsecurity– Whatarethecommonsecuritymechanisms?WhytheyoEengowrong?
– Whataretheunderlyingprinciplesbehindbuildingsecuresystems?
– Whybuildingsecuresystemsishard?
2
![Page 3: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/3.jpg)
Logis2cs
• Notextbookbutassignedreadingsfromdifferentsources
• Grading– Sixprogrammingassignments(54%)– Midterm(20%)– Non-cumula2vefinal(20%)– Classpar2cipa2on(6%)
• Classwebpage:hVp://sumanj.info/security_arch.html
3
![Page 4: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/4.jpg)
Theartofadversarialthinking
4
![Page 5: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/5.jpg)
What’sadversarialthinking?
“Securityrequiresapar/cularmindset.Securityprofessionals--atleastthegoodones--seetheworlddifferently.Theycan'twalkintoastorewithoutno/cinghowtheymightshopli?.They
can'tuseacomputerwithoutwonderingaboutthesecurityvulnerabili/es.Theycan'tvotewithouttryingtofigureouthow
tovotetwice.Theyjustcan'thelpit.”
-BruceSchneier
5
![Page 6: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/6.jpg)
Adversarialthinkingdisclaimer
Hopefully,youwilllearntothinklikeacriminalmastermindbutbehavelikeagentleman/woman!
6
![Page 7: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/7.jpg)
Adversarialthinking:keyques2ons
• Securitygoal:whatsecuritypolicytoenforce?
• Threatmodel:whoistheadversary?Whatac2onscantheadversaryperform?
• Mechanisms:Whatsecuritymechanismscanbeusedtoachievethesecuritygoalsgiventheadversarialmodel
7
![Page 8: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/8.jpg)
Keysecuritygoals
• Confiden2ality:Datanotleaked
• Integrity:Datanotmodified
• Availability:Dataisaccessiblewhenneeded
• Authen2city:Dataorigincannotbespoofed
8
![Page 9: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/9.jpg)
Youcanapplyadversarialthinkinganywhere
• ColumbiaIDcards– CanyoufakeanIDcard?
• ATMmachine– Howdoestheservicepersongetsaccesstorefillitwithcash?
• MTAmetrocard– Canyouincreasethecardbalancewithoutpaying?
9
![Page 10: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/10.jpg)
Example:airtravel
Printboardingpassathome
IDcheckbyTSA
Boardingpasscheckatthegate
10
![Page 11: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/11.jpg)
Adversarialthinkingexample:airtravel
• Securitygoal:Ensurethateachpersongelnginsideanairporthasavalidboardingpassandisauthorizedtofly(i.e.,notontheno-flylist)
• Mechanisms– TSAchecksvalidityoftheID(e.g.,driver’slicense)andtheboardingpassHow?
– TSAmatchesnameintheIDagainstthenameintheboardingpass
– TSAensuresthatthenameisnotontheno-flylist– GateagentcheckswhethertheboardingpassisvalidandhasbeencheckedbyTSAHow?
11
![Page 12: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/12.jpg)
CananaVackerwhoisontheno-flylistfly?
12
![Page 13: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/13.jpg)
Whatisthethreatmodel?
• CananaVackercreateafakeboardingpass?
• CananaVackerfakeadriver’slicense?
13
![Page 14: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/14.jpg)
Securityunderdifferentthreatmodels
• Securitygoal:Ensurethateachpersongelnginsideanairporthasavalidboardingpassandisauthorizedtofly(i.e.,notontheno-flylist)– WhataretheminimumrequirementsforsomeonetoviolatethisgoalinthecurrentTSAsystem?
– ThecurrentTSAsystemissecureunderwhichthreatmodels?
14
![Page 15: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/15.jpg)
Notallthreatmodelsareequal
• Whichoneisharderandwhy?– Crea2ngafakeaboardingpass– Crea2ngafakedriver’slicense
15
![Page 16: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/16.jpg)
Securitymeasuresinadriver’slicense?
16
![Page 17: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/17.jpg)
Securitymeasuresinaboardingpass?
Canthebarcodebefaked?
17
![Page 18: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/18.jpg)
Airtravelrevisited:adifferentsecuritygoal
Printboardingpassathome
IDcheckbyTSA
Boardingpasscheckatthegate
Securitygoal:everybodyboardinganaircraEmustpassthroughTSAsecuritycheck
18
![Page 19: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/19.jpg)
EverybodymustgothroughTSAchecks
• HowdoesthecurrentTSAsystemensurethis?• WhatisanexamplethreatmodelwherethisgoalcanbeviolatedbyanaVacker?
19
![Page 20: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/20.jpg)
Yetanothersecuritygoal
• Onlyauthorizedtravelersshouldbeallowedtoenterpremiumlounges– Howwilltherecep2onistattheloungeknowwhoisauthorized?
20
![Page 21: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/21.jpg)
WhatisthethreatmodelforthisaVack?
Howwillyoufixit?
21
![Page 22: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/22.jpg)
WhataboutTSAPre-Check?
• HowdoesTSAPre-Checkwork?– PassengersapplyforPre-Check– TSArandomlydecidewhetherthepassengeriseligibleforPre-Checkornotandsendstheinforma2onbacktotheAirline.
– TheAirlineencodesthatinforma2oninabarcodethatisontheissuedboardingpass.
22
![Page 23: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/23.jpg)
HackingTSAPre-Check
1meansnoPre-Checkand3meansPre-Check
Source:hVps://puckinflight.wordpress.com/2012/10/19/security-flaws-in-the-tsa-pre-check-system-and-the-boarding-pass-check-system/
Noencryp2on
23
![Page 24: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/24.jpg)
Unintendedside-effectsoftheboarding-passdesign
• Whathappensifsomeoneelsegetsholdofyourboardingpass?
Allthisinforma2onisintheboarding
passincleartext
24
![Page 25: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/25.jpg)
Adifferentselng:money
• Coun2ngtokensmustbekeptinasafeplacetopreventtampering– Inatempleorinclayenvelopesonshippingroutes
• Howtomakecoun2ngtokenscompletelyportablefortrade?
25
![Page 26: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/26.jpg)
Adifferentselng:money
• Securitygoals– Tokenscanonlybecreatedbyatrustedauthority– Authen2cityoftokensshouldbeeasilyverifiablebyanyone
• Threatmodel– AVackerscanforgeormodifytokens
• Claytokenscanbeeasilyforged!
26
![Page 27: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/27.jpg)
Adifferentselng:money
• Coinswereintroducedaround6/7thcenturyBCE– Maketokensoutofscarceresources(goldandsilvers)
– Applyasignaturethatishardtocopy(dependsontheskillsoftheengravers)
– Harshpenaltyforforgers
27
![Page 28: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/28.jpg)
Moderncrypto-currencies
• Sameprinciples!– Scarceresource:computa2on– Hard-to-forgedata:cryptography– Wewilltalkaboutbitcoinslaterintheclass
28
![Page 29: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/29.jpg)
Whoistheadversary?dependsonwhoyouare
29
![Page 30: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/30.jpg)
Hackers
• EvgeniyMikhailovichBogachev– GameoverZeusbotnet:bankingfraudandransomwaredistribu2on
30
![Page 31: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/31.jpg)
Chinesegovernment
• Censorshipofmaterialscri2caltothecurrentregime
• Monitoringdissidents
31
![Page 32: Security architecture & engineering: introduc2onsuman/security_arch/intro.pdf · Security architecture & engineering: introduc2on Suman Jana Columbia University *some slides are borrowed](https://reader030.vdocuments.mx/reader030/viewer/2022041023/5ed47c4ceeb5a3100a4b554a/html5/thumbnails/32.jpg)
Na2onalSecurityAgency(NSA)
32