Date post: | 28-Dec-2015 |
Category: |
Documents |
Upload: | lynette-hubbard |
View: | 216 times |
Download: | 0 times |
Recaphttp://syssec.kaist.ac.kr/courses/ee515
E-mail policy Include [ee515] or [is523] in the subject of your e-
Student Surveyhttp://bit.ly/SiK9M3
News and Research Paper Survey
Every student needs to submit a summary of news or a research paper twice
Submission TBD
Submission date Check class calendar
Topic News and research papers should deal with security issues. Your content should be different from others. Therefore, always
check the current postings. Use twitter, google reader
Length: maximum 1,000 words, Grading: A – F Subject: Title – Author (ID) – #-th
News Survey News must be fresh
published within two weeks from the due dates.
Investigative/data journalism No duplicate! Do not rely on a single source. Read related articles. Use your own language Bibliography should be added. "The register" (http://www.theregister.co.uk/) "Ars Technica" (http://arstechnica.com/) "Bruce Schneier's blog" (http://www.schneier.com/) F-secure web blog (http://www.f-secure.com/weblog/) etc.
Group Projects Each project should have some "research" aspect. Group size
Min 1 Max 5
Important dates Pre-proposal: Sep 17, 9:00 AM. Full Proposal: Sep 24, 9:00 AM. Midterm report: Oct 24, 9:00 PM Final report: Dec 12, 9:00 AM. (NO EXTENSION!!).
Project examples Attack, attack, attack! Analysis Measurement
BMW StealerFirst, the car is entered
nearby RF jammers that block the lock signalbreaking a window
exploiting a gap in the car's internal ultrasonic sensor system to avoid tripping the alarm.
Connect a device to the car's OBD-II connectorAccess to the cars’ unique key fob digital ID, program a blank key fob to work with the car
http://www.youtube.com/watch?v=DshK4ZXPU9o
Security EngineeringBuilding a systems to remain dependable in
the face of malice, error or mischance
System ServiceAttack
Deny Service, Degrade QoS,
Misuse
SecurityPrevent Attacks
Communication Send message Eavesdrop Encryption
Web server Serving web page DoS CDN?
Computer ;-) Botnet Destroy
SMS Send SMSShutdown Cellular
NetworkRate Control,
Channel separation
Pacemaker Heartbeat ControlRemote programming
and eavesdroppingDistance bounding?
Nike+iPod Music + Pedometer Tracking Don’t use it?
Recommendation system
Collaborative filtering
Control rating using Ballot stuffing
?
A FrameworkPolicy: what you are
supposed to achieveMechanism: ciphers,
access control,hardware tamperresistance
Assurance: the amount of reliance you can put on each mechanism
Incentive: to secure or to attack
PolicyPolicy IncentivesIncentives
MechanismMechanism AssuranceAssurance
Design HierarchyWhat are we trying
to do?
How?
With what?
PolicyPolicy
ProtocolsProtocols
Hardware, crypto, ...Hardware, crypto, ...
Security vs DependabilityDependability = reliability + security Reliability and security are often strongly
correlated in practice
But malice is different from error!Reliability: “Bob will be able to read this file”Security: “The Chinese Government won’t be able
to read this file”
Proving a negative can be much harder …
Methodology 101 Sometimes you do a top-down development. In that
case you need to get the security spec right in the early stages of the project
More often it’s iterative. Then the problem is that the security requirements get detached
In the safety-critical systems world there are methodologies for maintaining the safety case
In security engineering, the big problem is often maintaining the security requirements, especially as the system – and the environment – evolve
TerminologiesA system can be:
a product or component (PC, smartcard,…)some products plus O/S, comms and
infrastructure the above plus applications the above plus internal staff the above plus customers / external users
Common failing: policy drawn too narrowly
Terminologies A subject is a physical person
A person can also be a legal person (firm)
A principal can be a person equipment (PC, smartcard) a role (the officer of the watch) a complex role (Alice or Bob, Bob deputising for Alice)
The level of precision is variable – sometimes you need to distinguish ‘Bob’s smartcard representing Bob who’s standing in for Alice’ from ‘Bob using Alice’s card in her absence’. Sometimes you don’t
TerminologiesSecrecy is a technical term – mechanisms
limiting the number of principals who can access information
Privacy means control of your own secrets
Confidentiality is an obligation to protect someone else’s secrets
Thus your medical privacy is protected by your doctors’ obligation of confidentiality
TerminologiesAnonymity is about restricting access to
metadata. It has various flavors, from not being able to identify subjects to not being able to link their actions
An object’s integrity lies in its not having been altered since the last authorized modification
Authenticity has two common meanings – an object has integrity plus freshnessyou’re speaking to the right principal
Terminologies A security policy is a succinct statement of
protection goals – typically less than a page of normal language
A protection profile is a detailed statement of protection goals – typically dozens of pages of semi-formal language
A security target is a detailed statement of protection goals applied to a particular system – and may be hundreds of pages of specification for both functionality and testing
Threat ModelWhat property do we want to ensure against
what adversary?
Who is the adversary?What is his goal?What are his resources?
e.g. Computational, Physical, Monetary…
What is his motive?What attacks are out of scope?
Terminologies Attack: attempt to breach system security (DDoS)
Threat: a scenario that can harm a system (System unavailable)
Vulnerability: the “hole” that allows an attack to succeed (TCP)
Security goal: “claimed” objective; failure implies insecurity
Goals: ConfidentialityConfidentiality of information means that it is
accessible only by authorized entities
Contents, Existence, Availability, Origin, Destination, Ownership, Timing, etc… of:
Memory, processing, files, packets, devices, fields, programs, instructions, strings...
Goals: IntegrityIntegrity means that information can only be
modified by authorized entities
e.g. Contents, Existence, Availability, Origin, Destination, Ownership, Timing, etc… of:
Memory, processing, files, packets, devices, fields, programs, instructions, strings...
Goals: AvailabilityAvailability means that authorized entities
can access a system or service.
A failure of availability is often called Denial of Service:Packet droppingAccount freezing JammingQueue filling
Goals: AccountabilityEvery action can be traced to “the
responsible party.”
Example attacks:Microsoft certGuest accountStepping stones
Goals: DependabilityA system can be relied on to correctly deliver
serviceDependability failures:
Therac-25: a radiation therapy machine whose patients were given massive overdoses (100
times) of radiation bad software design and development practices:
impossible to test it in a clean automated way
Ariane 5: expendable launch system the rocket self-destructing 37 seconds after launch
because of a malfunction in the control software A data conversion from 64-bit floating point value to 16-
bit signed integer value
Interacting GoalsFailures of one kind can lead to failures of
another, e.g.: Integrity failure can cause Confidentiality failureAvailability failure can cause integrity,
confidentiality failureEtc…
In a Nutshell Security by Obscurity is not secure! Conservative modeling for adversary State-sponsored, Hacktivists, Hacker+Criminals,
Researchers ;-) Care for the weakest link. Plan for unknown attacks. Check for environmental changes All stages are important Attacker modeling, design, implementation,
deployment, operation Check News! Cyber Warfare?
Security & RiskWe only have finite resources for security…
If we only have $20K, which should we buy?
Product A
Prevents Attacks: U,W,Y,Z
Cost $10K
Product B
Prevents Attacks: V,X
Cost $20K
RiskThe risk due to a set of attacks is the
expected (or average) cost per unit of time.One measure of risk is Annualized Loss
Expectancy, or ALE:
Σattack A
( pA × LA )
Annualized attack incidence
Cost per attack
ALE of attack A
Risk ReductionA defense mechanism may reduce the risk of
a set of attacks by reducing LA or pA. This is the gross risk reduction (GRR):
The mechanism also has a cost. The net risk reduction (NRR) is GRR – cost.
Σattack A
(pA × LA – p’A×L’A)
Attacks
Source Destination
Normal Flow
Source Destination
Interruption: Availability
Source Destination
Interception: Confidentiality
Source Destination
Modification: Integrity
Source Destination
Fabrication: Authenticity
Taxonomy of AttacksPassive attacks
EavesdroppingTraffic analysis
Active attacksMasqueradeReplayModification of message contentDenial of service
Big pictureTrusted third party
(e.g. arbiter, distributorof secret information)
SecretInformation
Message
SecretInformation
Message
Alice Bob
InformationChannel
Eve
Terminology for Encryption
A denotes a finite set called the alphabet M denotes a set called the message space
M consists of strings of symbols from an alphabetAn element of M is called a plaintext
C denotes a set called the ciphertext spaceC consists of strings of symbols from an alphabetAn element of C is called a ciphertext
K denotes a set called the key space An element of K is called a key
Ee is an encryption function where e K
Dd called a decryption function where d K
Encryption
Why do we use key?Or why not use just a shared encryption function?
Plaintext source
EncryptionEe(m) = c
destination
DecryptionDd(c) = m
c insecure channel
Alice Bob
Adversary
m m
SKE with Secure channel
Plaintext source
EncryptionEe(m) = c
destination
DecryptionDd(c) = m
c Insecure channel
Alice Bob
Adversary
Key source
e
m m
d Secure channel
PKE with insecure channel
Plaintext source
EncryptionEe(m) = c
destination
DecryptionDd(c) = m
cInsecure channel
Alice Bob
PassiveAdversary
Key source
d
m m
e Insecure channel
Public key should be authentic!
ee
ee
EEee(m)(m)
ee’’
EEee’’(m)(m)EEee(m)(m)
Need to authenticate public keys
Digital SignaturesPrimitive in authentication and non-
repudiation
Signature Process of transforming the message and some
secret information into a tag
NomenclatureM is set of messagesS is set of signaturesSA: M ! S for A, kept private
VA is verification transformation from M to S for A, publicly known
Key Establishment, Management
Key establishmentProcess to whereby a shared secret key becomes
available to two or more partiesSubdivided into key agreement and key transport.
Key managementThe set of processes and mechanisms which
support key establishment The maintenance of ongoing keying relationships
between parties
Symmetric vs. Public keyPros Cons
SKE High data throughput Relatively short key size
The key must remain secret at both ends
O(n2) keys to be managed Relatively short lifetime of
the key
PKE
O(n) keys Only the private key
must be kept secret longer key life time digital signature
Low data throughput Much larger key sizes
Symmetric key EncryptionSymmetric key encryption
if for each (e,d) it is easy computationally easy to compute e knowing d and d knowing e
Usually e = d
Block cipherbreaks up the plaintext messages to be
transmitted into blocks of a fixed length, and encrypts one block at a time
Stream cipherencrypt individual characters of plaintext
message one at a time, using encryption transformation which varies with time
Hash function and MAC A hash function is a function h
compression ease of computation Properties
one-way: for a given y, find x’ such that h(x’) = y collision resistance: find x and x’ such that h(x) = h(x’)
Examples: SHA-1, MD-5
MAC (message authentication codes) both authentication and integrity MAC is a family of functions hk
ease of computation (if k is known !!) compression, x is of arbitrary length, hk(x) has fixed length computation resistance
Example: HMAC