USC CSCI430Security Systems

Lecture notes – Spring 2016

Dr. Jelena MirkovicUniversity of Southern California

Information Sciences Institute

Class Logistics

Class Web Page

• http://ccss.usc.edu/430 – Syllabus– Assignments– News– Lecture notes

• Keep checking it!• Discussion page on Piazza

Contact

• Instructor– Dr. Jelena Mirkovic– Office hours Tu/Th 3-4 or by appt in PHE 514/516– Contact via email (sunshine@isi.edu)

Grading• Grading:– CTF exercises: 20%– Homeworks: 20%– Participation: 10%– Midterm Exam: 20%– Final Exam: 30%

• Grades assigned using the curve below:

A A- B+ B B- C+ C C- D+ D D

90 86 83 80 76 73 70 66 63 60 56

Background• What you need for this class– Some basic knowledge of OS and networking

(see network primer on class Web page)– I will go over these basics and will remind you of relevant

parts when needed in class– Good programming skills in any language– Familiarity with Linux OS

Homeworks• Done on DeterLab testbed

– I will open an account for each of you after the class– You will get an automated email how to log on– Your assignment for the next class – readings linked on the Web page AND

run a sample experiment to learn how to use DeterLab. It could be the one from tutorial.

• We’ll have 4 homeworks, each carries 5% of your grade• Ask for help early• Do NOT email testbed ops when you have a problem:

– Email myself or TA– We can either help with an issue, find out help from DeterLab staff or extend

a deadline– We will take points off if you email testbed-ops!

Intro to DeterLab

users A

B

C

D

Links Network IPs IP example DNS name DNS example

black experimental any but 192.168.x.x

1.2.3.4 Short name, no dots

A

grey control 192.168.x.x 192.168.1.2 Long name node.exp.proj

A.test.USC430

SSH

SSH

Intro to DeterLab

users A

B

C

D

1 Gbps

100 Mbps

100 Mbps

boss

Links Network IPs IP example DNS name DNS example

black experimental any but 192.168.x.x

1.2.3.4 Short name, no dots

A

grey control 192.168.x.x 192.168.1.2 Long name node.exp.proj

A.test.USC430

SSH

SSH (long name) SSH, ping, etc(short name)/users/usc430aa

/proj/USC430

Intro to DeterLab

users A

B

C

D

1 Gbps

100 Mbps

100 Mbps

boss

Links Network IPs IP example DNS name DNS example

black experimental any but 192.168.x.x

1.2.3.4 Short name, no dots

A

grey control 192.168.x.x 192.168.1.2 Long name node.exp.proj

A.test.USC430

SSH

SSH (long name) SSH, ping, etc(short name)

Stay off control network – it is shared with all the users!• Make sure to use short names in your experimente.g. ping A and NOT ping A.test.USC430• Store large files locally/tmp or /mnt/local (using mkextrafs)• Collect tcpdump locally• Don’t create millions of files• This and more is in Student guidelines to Deterlab

Class Capture-the-Flag Exercises• Done on DeterLab testbed• Blue team develops some technology,

Red team attacks it• Everyone will have a chance to be on both teams• Each exercise will be performed in class, each carries 10%

of your grade– I’m not looking for extraordinary solutions (although they are

welcome) but for good integration of what you learned in class and what you managed to learn off the Internet

– Teamwork is important– Schedule is paramount! You have to develop code early and test

it thoroughly:• This cannot be done a day before the exercise• I will set some milestones for you to ensure timely progress

Midterm and Final• Open book, open notes• Each last 1 h 20 min• We will have reviews in class before each

Class Participation• Class participation is important– Ask and answer questions in class– Ask, answer, participate on-line (Piazza)– I will check the discussion boards once daily but if you want

a reliable response from me email me directly• Class participation carries 10% of your grade

Academic Integrity• What is and is not OK– I encourage you to talk with others if you have questions

but everyone must DO their work ALONE– Do not to turn in the work of others– Do not give others your work to use as their own– Do not plagiarize from others (published or not)– Do not try to deceive the instructor

• See the Web site– More guidelines on academic integrity– Links to university resources– If in doubt, ask

• You can always ask me or TA for help!

What Does Security Mean?

What Does Security Mean?… In Real Life

• No one should be able to: – Break into my house– Attack me– Steal my TV– Use my house to throw water balloons on people– Damage my furniture– Pretend to be my friend Bob and fool me – Waste my time with irrelevant things– Prevent me from going to my favorite restaurant– Destroy my road, bridge, city ..

What Does Security Mean?… wrt Computers and Nets

• No one should be able to:– Break into my computer– Attack my computer– Steal my information – Use my computer to attack others– Damage my computer or data– Use my resources without my permission– Mess with my physical world

• I want to talk to Alice– Pretend to be Alice or myself or our computers– Prevent me from communicating with Alice

Computer vs. Network Security• An isolated computer has a security risk?

– Computer security aims to protect a single, connected, machine

• Networking = communication at all times and in all scenarios!!!– Network security aims to protect the communication

and all its participants

• Security = robustness or fault tolerance?

Computer security Network security

Security Properties• Confidentiality (C)– Keep data secret from non-participants

• Integrity (I)– Aka “authenticity”– Keep data from being modified– Keep it functioning properly

• Availability (A)– Keep the system running and reachable

Orthogonal Aspects

• Policy– Deciding what confidentiality, integrity and availability

mean• Mechanism– Implementing the policy

Security Goals

• Attack prevention– It is impossible for the attack to succeed

• Attack detection– Low false positives, false negatives and detection delay

• Attack response– Retaliation, observation, recovery

• Attack recovery– Remedy the effects of the attack or sustain it

A false positive is when the system detects an attack, but the attack did not occur. A false negative is when the attack is missed by the system.

What Does Security Mean?… wrt Computers and Nets

• No one should be able to:– Break into my computer – A, C, I– Attack my computer – A, C, I– Steal my information - C– Use my computer to attack others – I?– Damage my computer or data - I– Use my resources without my permission – A– Mess with my physical world – I, A

• I want to talk to Alice– Pretend to be Alice or myself or our computers – C, I– Prevent me from communicating with Alice - A

• Breaking into my computero Hackers

• Break a password or sniff it off the network• Exploit a vulnerability

• Use social engineering• Impersonate someone I trust

o Viruses and worms

A vulnerability is a weakness in the system (its design, implementation or use procedures) that when exploitedmakes it behave in a way that system’s creator did not expect. An exploit is a set of steps that exercises the vulnerability

What Are the Threats?(this list is not exhaustive)

• Attacking my computero Denial-of-service attacks

o Viruses and some wormsA virus is a self-replicating program that requiresuser action to activate such as clicking on E-mail,downloading an infected file or inserting an infectedfloppy, CD, etc ..A worm is a self-replicating program that does notrequire user action to activate. It propagates itselfover the network, infects any vulnerable machine itfinds and then spreads from it further.

A DOS attack aims to disrupt a service by either exploiting a vulnerability or by sending a lot ofbogus messages to a computer offering a service

What Are the Threats?(this list is not exhaustive)

• Stealing my information o From my computer or from communicationo I will use cryptography!

• There are many ways to break ciphers• There are many ways to divulge partial information

(e.g. who do you talk to)o I would also like to hide who I talk to and when

• I will use anonymization techniques• Anonymization hinders other security approaches

that build models of normal traffic patterns

What Are the Threats?(this list is not exhaustive)

• Using my machine to attack otherso E-mail viruseso Wormso Denial-of-service attacks (including reflector attacks)o Spam, phishing

What Are the Threats?(this list is not exhaustive)

• Damaging my computer or datao I have to prevent break-inso I will also use cryptography to detect tamperingo I must replicate data to recover from tamperingo Denial-of-service attacks and worms can sometimes

damage computers

What Are the Threats?(this list is not exhaustive)

• Taking up my resources with irrelevant messageso Denial-of-service attackso Spam mail (takes time to read and fills space)o Viruses and worms

What Are the Threats?(this list is not exhaustive)

• Interfering with my physical worldo Cyber-physical attacks or collateral victims

o Power systems, traffic control, utilitieso Travel agencieso Medical deviceso Smart vehicles

What Are the Threats?(this list is not exhaustive)

• Pretending to be Alice or myself or our computerso I want to be sure who I am talking to

(authentication and digital signatures)o It is hard to impersonate a computer in two-way

communication, such as TCP• But it has been done

o Plain IP spoofing seems an extremely hard problem to solve

IP spoofing means putting a fake IP address in thesender field of IP packets.

What Are the Threats?(this list is not exhaustive)

• Preventing me from communicating with Aliceo Alice could be attackedo Routers could be overloaded or tampered witho DNS servers could be attacked

What Are the Threats?(this list is not exhaustive)

Some Security Mechanisms(this list is not exhaustive)

• Encryption• Checksums• Key management• Authentication• Authorization• Accounting• Firewalls

• VPNs• Intrusion Detection• Intrusion Response• Virus scanners• Policy managers• Trusted hw

What Are the Challenges?• Your security frequently depends on others– Tragedy of the Commons

• A good solution must – Handle the problem to a great extent– Handle future variations of the problem, too– Be inexpensive– Have economic incentive– Require a few deployment points– Require non-specific deployment points

What Are the Challenges?• Fighting a live enemy

o Security is an adversarial fieldo No problem is likely to be completely solved o New advances lead to improvement of attack

techniqueso Researchers must play a double role

What Are the Challenges?• Attack patterns change• Often there is scarce attack data• Testing security systems requires reproducing or

simulating legitimate and attack traffico No agreement about realistic traffic patterns

• No agreement about metrics• There is no standardized evaluation procedure• Some security problems require a lot of resources

to be reproduced realistically

Practical Considerations

• Risk analysis and risk management– How important it is to enforce a policy– Which threats matter– Legislation may play a role

• The role of trust– Assumptions are necessary

• Human factors– The weakest link

In The Shoes of an Attacker

• Who are the attackers– Used to be teenage hackers (bragging rights)– Now organized criminal (for profit)– Political organizations

• Risk to the attacker– Usually very small