27
| Date post: | 19-Dec-2015 |
| Category: |
Documents |
| Upload: | eric-singleton |
| View: | 218 times |
| Download: | 3 times |
IIS22
Overview
Definitions
Design issues
Cryptography
Security Protocols
[And08] R. J. Anderson. Security Engineering: A guide to building dependable distributed systems. John Wiley & Sons Inc, New York, Second edition, 2008. http://www.cl.cam.ac.uk/~rja14/book.html
[Sch04b] B. Schneier. Secrets and Lies: Digital Security in a Networked World. Wiley Publishing Inc, Indianapolis, Indiana, second edition, 2004. http://www.schneier.com/book-sandl.html
Definitions
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
Security is asset protection
IIS44
owners1
countermeasures5
threat agents7
vulnerabilities4
risk3
assets2
threats6
to reduce
leading to
that increase
that may bereduced by
that may possess
to
impose
give riseto
wish to abuse and/or may damage
may be aware of
thatexploit
wish to minimize
value
to
[ISO09] ITSEC. Information technology security techniques evaluation criteria for IT security part 1: Introduction and general model. Int. Standard ISO/IEC 15408-1, ISO/IEC, Dec 2009. http://standards.iso.org/ittf/PubliclyAvailableStandards/c050341_ISO_IEC_15408-1_2009.zip
IIS55
Definitions
Availability: authorised users want the system to work as/when they expect it to
Reliability: the ability of a system or component to perform its required functions
Safety: being protected against non-desirable events (not specifically malicious)
Confidentiality: to stop unauthorised users from reading sensitive information
Integrity: Every data item/system component is as the last authorised modifier left it
Maintainability: ease with which a software product can be modified
Dependability vs. Security
Availability (systems, data )
Reliability (systems )
Safety (systems )
Confidentiality (data )
Integrity (systems, data )
Maintainability (systems )
IIS66
[Avi04] A. Avižienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. on Dependable and Secure Computing, 1(1):11-33, Jan 2004. http://doi.ieeecomputersociety.org/10.1109/TDSC.2004.2
SecurityDependability
IIS77
Access control model – AU3
Authentication: determine who makes request
Authorisation: determine who is trusted to do which operation on an object
Auditing: determine what happened and why
[Lam04] B. W. Lampson. Computer security in the real world. IEEE Computer, 37(6):37-46, Jun 2004. http://doi.ieeecomputersociety.org/10.1109/MC.2004.17
PrincipalDo
OperationReference
MonitorObject
Audit log
Source request guard resource
Authentication Authorisation
IIS88
Privacy vs. Security
Privacy is the right of an individual to determine what information about oneself to share with others
Security can help» Selectively encrypt data
Security can hinder» Calling home to prevent piracy
» (Audit) logging
[War1890] S. D. Warren and L. D. Brandeis. The right to privacy. Harvard Law Review, 4(5):193-220, Dec 1890. http://www.jstor.org/stable/1321160
Design issues
IIS1010
Examples of design goals
Good:
As secure as the real world [Lam04]
Defense in depth
Make it usable
Be explicit about: naming, typing, freshness, assumptions, goals, limitations etc [And95a]
Bad:
Design security as an afterthought
Security by obscurity [Ker1883]
Make it complicated
[Ker1883] A. Kerckhoffs. La cryptographie militaire. J. des Sciences Militaires, IX:5-38, Jan 1883. http://www.petitcolas.net/fabien/kerckhoffs/
IIS1111
Tools
Policy – what is supposed to happen?» Access control
Mechanisms – how should it happen?» Tamper resistance
» Biometrics
» Cryptography, Hashing, Random numbers
Assurance – does it work?» Risk management
» Protocol verification
IIS1212
Attacks
Definition: a successful exploitation of a vulnerability
Examples:» Attacker shuts you out by trying to log in as you
» Cold boot attack (remember the movie?)
[Hal08] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold boot attacks on encryption keys. In 17th USENIX Security Symp., pp 45-60, San Jose, California, Jul 2008. USENIX Association. http://citp.princeton.edu/memory/
Cryptography
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
Algorithms + keys
Cipher (aka cryptosystem)» “Public” algorithm +
» Secret keys
IIS1414
encrypt decrypt“attack” “sdwr$350” “attack”“gfd6#Q”
IIS1515
Symmetric ciphers
Public algorithm + one secret key
Standard algorithms: DES, AES
Example: one time pad
01011001 Message
01010101 Secret key
----------------- XOR
00001100 Cipher text
01010101 Secret key
----------------- XOR
01011001 Decrypted message
IIS1616
Asymmetric ciphers
Public algorithm+private key+public key
Example: El Gamal
» Multiplicative group Zn*={1...n-1} with n prime
» Generator g: Zn* = { gi | i N }
» Private key: x Zn*
» Public key: h = gx
» Salt: y R Zn*
» Enc(m,h): (c,d) = (mhy, gy)
» Dec((c,d),x): c/dx
Exercise: prove that this works...
All calculationsmodulo n
IIS1717
Random numbers
Pseudo random in SW True random in HW Standard statistical tests
» NIST web site
For example» Linear Congruential Method» r0 = s» rn+1=(a rn+c) mod m» Cyclic » Deterministic
IIS1818
Hash functions
Map arbitrary bit string to fixed size output» Easy to calculate for given input
» Practically impossible to invert
» Extremely unlikely that two inputs give the same hash
For example» Knuth’s variant on Division
» Hash(n) = n(n+h) mod m
» Try it out…
IIS1919
Visual Cryptography
[Nao97] M. Naor and B. Pinkas. Visual authentication and identification. In Burton S. Kaliski Jr., editor, 17th Int. Conf. on Advances in Cryptology (CRYPTO), volume LNCS 1294, pages 322-336, Santa Barbara, California, Aug 1997. Springer. http://www.springerlink.com/content/ghv31wm0pexkd3kq/
Security Protocols
[And95a] R. J. Anderson and R. Needham. Programming satan's computer. In J. van Leeuwen, editor, Computer Science Today, volume LNCS 1000, pages 426-440. Springer, 1995. http://dx.doi.org/10.1007/BFb0015258
IIS2121
Definitions
Sequence of communications by two or more parties to achieve security objective(s)
Not like this (why?):
A B: A “Hi, I’m Alice”
B A: Enter password: “Prove It!”
A B: $R%&^8! “Here’s the proof”
IIS2222
Eve can:» See all messages
» Delete, alter, inject and redirect messages
» Initiate new communications
» Reuse messages from past sessions
Eve cannot:» Solve “hard” problems (such as?)
» Guess pseudo-random values (eg. nonces)
» Get another identity (identity theft)
» Time computations
What to do: Make everything explicit
Dolev Yao attacker model
IIS2323
Design is hard
‘‘Security protocols are three line programs that people still manage to get wrong’’ (Roger Needham)
[Low96] G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key protocol using FDR. In 2nd Int. Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume LNCS 1055, pages 147-166, Passau, Germany, Mar 1996. Springer. http://dx.doi.org/10.1007/3-540-61042-1_43
IIS2424
Authentication protocol (1)
What’s the problem with this?» The nonce Nb leaks, so it cannot be used to secure
the session
A B: A “Hi, I’m Alice”
B A: Enc(Nb,PKa) “Prove It!”
A B: Nb “Here’s the proof”
IIS2525
Authentication protocol (2)
(Wo)man in the middle attack:
A B: A “Hi, I’m Alice”
B A: Enc(Nb,PKa) “Prove It!”
A B: Enc(Nb,PKb) “Here’s the proof”
A E B : A B receives “A” from E
B E A : Enc(Nb,PKa) E uses A to decrypt Nb
A E : Enc(Nb,PKe) Now E has Nb
E B : Enc(Nb,PKb) E fools B
IIS2626
Authentication protocol (3)
Does it work now?
A B: A “Hi, I’m Alice”
B A: Enc({B,Nb},PKa) “Prove It!”
A B: Enc(Nb,PKb) “Here’s the proof”
A E B : A “Hi, I’m Alice”
B E A : Enc({B,Nb},PKa) A can see that the message is not from E
IIS2727
Conclusions
Consider the system as a whole
Know your enemy
Be explicit
Use standard tools
