Computer Security science and enggineering

Security Science And

Engineering Sashank Dara

1 This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported

This talk is intended for Graduate or Under graduate students as an attempt to motivate them into this exciting field of computer security This talk is by no means complete although constantly evolves to be comprehensive

This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 2

Science


Engineering


Flaws can be Disastrous


Boundaries to breach


Bumble bee aerodynamically cannot fly, what does this mean ?

Symbols and Interpretation

Engineering application, Product Scientific Theory,

Framework, Mathematical Model

A Flaw either in theory or in application that resulted In disaster

Scope for breaching theoretical or practical boundaries


Foundations •  Authentication •  Authorization •  Confidentiality •  Integrity •  Non Repudiation •  Availability ( Non Denial of service)

Note : Any a security application, appliance or research would be about achieving combination of above properties or their variants


Authentication

Less formally , this involves confirming the identity of a person or software program. “you are who you say you are”


Factors and Identity •  Ownership Factors, something the user has, say ID Card,

Security token, Phone etc.

•  Knowledge Factors, something the user knows, say password, passphrase, PIN, challenge response

•  Inherence Factors, something the user is or does, say finger print, DNA sequence, retinal scan, voice, facial recognition

•  Two factor authentication is an approach to authentication which requires the presentation of "two or more" of the three authentication "factors"


Applications •  Single sign-on, a user logs in once and gains access to all

systems without being prompted to log in again at each of them

•  Open-Id, Users may create accounts with their preferred OpenID identity providers, and then use those accounts as the basis for signing on to any website which accepts OpenID authentication.

•  Kerberos, is a computer network authentication protocol which works on the basis of "tickets" to allow nodes prove their identity to one another in a secure manner.

•  BrowserID is a decentralized identity system that makes it possible for users to prove ownership of email addresses in a secure manner, without requiring per-site passwords

•  Two-Factor authentication


Caveats •  Security experts argue that it is impossible to prove the identity of a

computer user with absolute certainty. Any given test can be spoofed one way or another, with varying degrees of difficulty. – Wikipedia

•  Strong Passwords are difficult to remember •  Finger printing has been successfully spoofed using glue and thumb

impressions •  Facial recognition can be beaten using photographs ! •  Voice can be easily mimicked ! •  ID Cards, Phones, Security Tokens can be subjected to theft !

•  U S Government defines strong authentication as layered authentication approach relying on two or more authenticators to establish the identity of an originator or receiver of information.


Authorization

Function of specifying access rights to resources, More formally, "ʺto authorize"ʺ is to define access policy.


Authorization •  For example, human resources staff are normally

authorized to access employee records, and this policy is usually formalized as access control rules in a computer system.

•  During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected)


Access Control

Access Control includes Authentication, Authorization, Audit


Two Steps •  Policy definition phase where access is authorized

o  This step is more of Authorization phase

•  Policy enforcement phase where access requests are approved or disapproved


Access Control Lists •  In short a list of permissions attached to an object or

a collection of objects •  File system ACLs, is a data structure (usually a table)

containing entries that specify individual user or group rights to specific system objects such as programs, processes, or files.

•  Network ACLs, is a list of rules specifying the services that can be accessed by inbound and outbound traffic. o  Firewalls predominantly are based on ACL’s o  Famous five tuple ( Source IP , Destination IP, Source port , Dest Port ,

action)


Security Models •  Discretionary based access control

o  Users (owners) have the ability to make policy decisions and/or assign security attributes.

o  Example is Unix file mode info represented by rwx bits

•  Mandatory based access control o  Decision making authorities have the ability to make policy decisions and/

or assign security attributes o  Users do not have ability to make policy decisions o  Example is SELinux framework

•  Role based access control o  Combination of DAC and MAC, typically used in enterprises


Security Models •  Context based access control

o  Deep packet and stateful inspection of firewalls

•  Capability based Security o  a capability is a token, ticket, or key that gives the possessor permission to

access an entity or object in a computer system o  In contrast there are no ACLs !

•  There are many other models


Mathematical models •  Conflicts in access control list can open up security

holes ! o  Often misconfiguration of firewalls resulted in disasters !

•  Can we mathematically model access control list ? o  Boolean logic o  Lattice based access control models

•  Can we prove they are formally correct and complete ?


User level Access Control •  Identity management, describes the management of

individual identities, their authentication, authorization, roles , and privileges o  Password managers, LDAP, Etc.

•  OAuth allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead o  Complimentary to OpenID

•  SAML, Secure Assertion Markup Language is an XML-based open standard for exchanging authentication and authorization data between security domains. o  Primarily to solve and standardize single sign on o  Quite popular among identity based solutions


Network Access Control •  Firewalls, often touted as first layer of defense in any

organization’s security design •  First generation firewalls were mere packet filters

based on five tuple •  Second generation firewalls are stateful and do

deep packet inspection •  Third generation firewalls are more “context-aware”


Confidentiality

23

Confidentiality is the concept of ensuring that data is not made available or disclosed to unauthorized people.

This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported

Integrity

24

Data Integrity in broadest meaning refers to the trustworthiness of information over its entire life cycle

This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported

Cryptography •  Cryptography simple stated is the art of “Secret

writing” •  Traditional Cryptography has been used

successfully for authentication, confidentiality, integrity

•  Confidentiality cannot be achieved without cryptography o  Exception a technique called chaffing and winnowing was proposed but

that is not practically strong enough


Cryptography •  Art of secret writing dates back to thousands of years •  cryptography was chiefly concerned with linguistic and

lexicographic patterns until twentieth century •  Now extensive use of of mathematics, including aspects of

information theory, computational complexity, statistics, combinatorics, abstract algebra, number theory, and finite mathematics generally

•  And lately even quantum theory and chaos theory too !


Cryptanalysis

27

Myth: The Enigma was too complex to be broken

-‐‑ ... as believed by the German Military • Fact: The Enigma was broken almost daily for years during WWII

This particular work by Landon Curt Noll is Licensed under CC Attribution-Share Alike 3.0 Unported License

Cryptographic Engg •  Many implementation challenges

o  Key management o  Pseudo Random Number Generators o  Side channel attacks o  Tamper proof hardware o  Verification techniques o  Protocol Analysis


Protocols •  Secure Sockets Layer (SSL/TLS) •  IP Sec •  VPN’s •  PGP •  Many many to name a few


Caveats •  Myth: The larger the key, the stronger the key •  Fact: Key size is no guarantee of key strength •  An early web browser with 128-bit SSL keys

o  Key was generated by the random() pseudo-random number generator o  With only 4 billion different srandom() seeds, only 4 billion different SSL keys

could ever be generated o  Only 32 bits of real protection

•  There are more important issues than size: o  - Generating keys that cannot be guessed o  - Securely storing keys o  - How humans use a key o  - How unattended machines use a key o  - Lost key recovery o  - Key life-cycle management

30 This particular work by Landon Curt Noll is Licensed under CC Attribution-Share Alike 3.0 Unported License

Caveats •  Large Key but Weak Key Example, The US “nuclear

football” o  Nuclear launch authorization code was long but until 1976, the code was

all 0’s!!! Really !!!

•  Larger keys do not necessarily mean better o  Key size cannot overcome a predictable method of generating it o  A huge compromised key is much worse than a smaller well-managed

key o  The cost of discovering the key must be higher than the value of the data

being protected

31 This particular work by Landon Curt Noll is Licensed under CC Attribution-Share Alike 3.0 Unported License

Applications •  Entire Web Commerce infrastructure SETS,HTTPS •  Virtual Private Networking •  IPSEC •  Cryptography in wireless applications (mobile

phone, WLANs, analysis of standards, etc.) •  Cryptography for pervasive computing (RFID, sensor

networks, smart devices, etc.) •  FPGA design security •  Hardware IP protection and anti-counterfeiting •  Reconfigurable hardware for cryptography


Applications •  Smart card processors, systems and applications •  Security in commercial consumer applications (pay-

TV, automotive, domotics, etc.) •  Secure storage devices (memories, disks, etc. •  Technologies and hardware for content protection •  Trusted computing platforms


Non Repudiation


Non Repudiation •  A service that provides proof of the integrity and

origin of data. •  An authentication that with high assurance can be

asserted to be genuine. •  Entire Public Key Infrastructure is built for this


Availability ( Non Denial of Service)


Denial of Service •  A DoS attack can be perpetrated in a number of

ways. The five basic types of attack are: o  Consumption of computational resources, such as

bandwidth, disk space, or processor time. o  Disruption of configuration information, such as routing

information. o  Disruption of state information, such as unsolicited resetting

of TCP sessions. o  Disruption of physical network components.


Denial of Service •  A DoS attack may include execution of malware

intended to: o  Max out the processor's usage, preventing any work from

occurring. o  Trigger errors in the microcode of the machine. o  Trigger errors in the sequencing of instructions, so as to

force the computer into an unstable state or lock-up. o  Exploit errors in the operating system, causing resource

starvation and/or thrashing, i.e. to use up all available facilities so no real work can be accomplished.

o  Crash the operating system itself.

•  Few DOS Attacks o  Smurf attack , Ping flood , Ping of death, SYN Flood


Intrusion Prevention systems

•  Are network security appliances that monitor network and/or system activities for malicious activity

•  First generation were Intrusion Detection Systems •  Classification

o  Network based o  Host based o  Wireless IPS o  Network Behavior Analysis

•  IPS checks for malware, worm outbreaks, DDOS attacks •  An IPS can also correct Cyclic Redundancy Check (CRC)

errors, un fragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.


Intrusion Prevention systems

•  Detection Methods o Signature Methods o Statistical anomaly detection o Stateful protocol Analysis Detection

•  Other Recent Trends o  IP Reputation o  Global Correlation

•  Popular IPS (Open Source) o Snort


Security Principles •  Security is an afterthought , internet was built to share

physics documents among researchers but not social networking, commerce and everything

•  Security by obscurity is disastrous, o  Kerckhoff’s principle A cryptosystem should be secure even if everything

about the system, except the key, is public knowledge.

•  Security is as strong as its weakest link and often its the people.

•  There is no silver bullet •  Security is a process rather than a product. •  Defense in depth •  Risk Assessment , Threat modeling , compliance can

mitigate


Conclusions •  Few things not yet covered

o  Cloud security o  Threat modeling o  Popular Attacks o  Secure Development Life cycle o  Social Engineering o  Security Management

o  Many Others ..

•  This talk is a work in progress, so it would be continually evolving do come back to check for latest revisions of the file


Contact •  I can be reached at

o  [email protected] o  http://www.linkedin.com/in/sashankdara

•  Note : Parts of the work is taken from Landon Curt Noll as mentioned in the foot notes where ever relevant. o  He can be reached at http://isthe.com/chongo/


This work is made available under Creative Commons Attribution-Share Alike 3.0 Images courtesy : Google Images


Date post:	26-Dec-2014
Category:	Education
Upload:	sashank-dara
View:	534 times
Download:	2 times

Computer Security science and enggineering

Education