USC CSci530Computer Security Systems Lecture notes – Spring 2012

Dr. Jelena MirkovicUniversity of Southern CaliforniaInformation Sciences Institute

If you wish to enroll and do not have D clearance yet, send an email to CSci530@usc.edu with:oYour nameoWhich prerequisites you have completedoA phone number oRequest to receive a D clearance

I will let you know within a day or two

Who gets in

http://ccss.usc.edu/530 oSyllabusoAssignmentsoNewsoLecture notes (also on DEN)

Keep checking it!

Class home page

http://ccss.usc.edu/530Lo1 of the 4 unitsoInstructor is David MorganoInstruction 4 – 4:50 Fridays in RTH105

WebCast via DEN Hands on work in the lab – exercising the

theoretical knowledge from class Some labs will be done remotely using DETER

testbed

Lab

Four reports, due as noted onlineEach discusses a paper of your choice from

a few top security conferences/journalsoSummary of the paper and its critiqueoYour ideas on the topico2-4 pages, submitted via DENoYou can submit reports early if you like

One report from each student will be chosen for presentation in class

Total 20% of your grade, 4% each

Paper Reports

4 quizzesoDone before each DETER exerciseoRepeated after the exerciseoYou MUST take each quiz

Total 5% of your grade

Quizzes

Class e-mail: csci530@usc.edu (TA and inst)InstructoroDr. Jelena MirkovicoOffice hours Fri 12:30-1:30pm or by appt

in SAL 234oContact via email (on class web page)

TAoMelina Demertzi oOffice hours Tu and We 10-11 am oContact via email (on class web page)

Administration

Grading:oPaper reports/presentations: 20%oLab:  20%oQuizzes: 5%oParticipation:  5%oMidterm Exam: 20%oFinal Exam: 30%

Grades assigned using an absolute curve:

Administration

A A- B+ B B- C+ C C- D+ D D93 90 86 83 80 76 73 70 66 63 60

DEN system will host the class discussion boardoTo gain access and log in

https://mapp.usc.edu/oContact webclass@usc.edu if you have

difficulty with the systemoI will check the discussion board once daily

but if you want a reliable response from me email me directly

DEN

Class participation is importantoAsk and answer questions in classoAsk, answer, participate on-line

Class participation carries 5% of your gradeoIf I don’t remember you from class, I look in the

web discussion forum to check participation Did you ask good questions Did you provide good answers Did you make good points in discussionsoFor DEN students, discussion board is the

primary means of class participation You can also call into the class if you like

Class Participation

What is and is not OKoI encourage you to work with others to learn the

material but everyone must DO their work ALONE

oDo not to turn in the work of othersoDo not give others your work to use as their ownoDo not plagiarize from others (published or not)oDo not try to deceive the instructors

See the Web siteoMore guidelines on academic integrityoLinks to university resourcesoDon’t just assume you know what is acceptable.

Academic Integrity

What Does Security Mean?

No one should be able to: o Break into my houseo Attack meo Steal my TVo Use my house to throw water balloons on

peopleo Damage my furnitureo Pretend to be my friend Bob and fool me o Waste my time with irrelevant thingso Prevent me from going to my favorite

restauranto Destroy my road, bridge, city ..

What Does Security Mean?… In Real Life

No one should be able to:o Break into my computero Attack my computero Steal my information o Use my computer to attack otherso Damage my computer or datao Use my resources without my permissiono Mess with my physical world

I want to talk to Aliceo Pretend to be Alice or myself or our computerso Prevent me from communicating with Alice

What Does Security Mean?… wrt Computers and Nets

An isolated computer has a security risk?o Computer security aims to protect a single,

connected, machine Networking = communication at all

times and in all scenarios!!!o Network security aims to protect the

communication and all its participants

Security = robustness or fault tolerance?

Computer vs. Network Security

Computer security Network security

Breaking into my computero Hackers

Break a password or sniff it off the network Exploit a vulnerability

Use social engineering Impersonate someone I trust

o Viruses and worms

What Are the Threats?

A vulnerability is a bug in the software that createsunexpected computer behavior when exploited, suchas enabling access without login, running unauthorizedcode or crashing the computer. An exploit is an input to the buggy program that makesuse of the existing vulnerability.

Attacking my computero Denial-of-service attacks

o Viruses and some worms

What Are the Threats?

A virus is a self-replicating program that requiresuser action to activate such as clicking on E-mail,downloading an infected file or inserting an infectedfloppy, CD, etc ..A worm is a self-replicating program that does notrequire user action to activate. It propagates itselfover the network, infects any vulnerable machine itfinds and then spreads from it further.

A DOS attack aims to disrupt a service by either exploiting a vulnerability or by sending a lot ofbogus messages to a computer offering a service

Stealing my information o From my computer or from communicationo I will use cryptography!

There are many ways to break ciphers There are many ways to divulge partial

information (e.g. who do you talk to)o I would also like to hide who I talk to and when

I will use anonymization techniques Anonymization hinders other security

approaches that build models of normal traffic patterns

What Are the Threats?

Using my machine to attack otherso E-mail viruseso Wormso Denial-of-service attacks (including reflector

attacks)o Spam, phishing

What Are the Threats?

Damaging my computer or datao I have to prevent break-inso I will also use cryptography to detect

tamperingo I must replicate data to recover from

tamperingo Denial-of-service attacks and worms can

sometimes damage computers

What Are the Threats?

Taking up my resources with irrelevant messageso Denial-of-service attackso Spam mail (takes time to read and fills

space)o Malicious mail (may contain a virus)o Viruses and worms

What Are the Threats?

Messing up with my physical worldo Cyber-physical attacks or collateral victims

o Power systems, traffic control, utilitieso Travel agencieso Medical deviceso Smart vehicles

What Are the Threats?

Pretending to be Alice or myself or our computerso I want to be sure who I am talking to

(authentication and digital signatures)o It is hard to impersonate a computer in two-

way communication, such as TCP But it has been done

o Plain IP spoofing seems an extremely hard problem to solve

What Are the Threats?

IP spoofing means putting a fake IP address in thesender field of IP packets.

Preventing me from communicating with Aliceo Alice could be attackedo Routers could be overloaded or tampered

witho DNS servers could be attacked

What Are the Threats?

Confidentiality (C)oKeep data secret from non-participants

Integrity (I)oAka “authenticity”oKeep data from being modifiedoKeep it functioning properly

Availability (A)oKeep the system running and reachable

The Three Aspects of Security

No one should be able to:oBreak into my computer – A, C, IoAttack my computer – A, C, IoSteal my information - CoUse my computer to attack others – I?oDamage my computer or data - Io Use my resources without my permission – Ao Mess with my physical world – I, A

I want to talk to Aliceo Pretend to be Alice or myself or our computers – C, Io Prevent me from communicating with Alice - A

What Does Security Mean?… wrt Computers and Nets

PolicyoDeciding what confidentiality, integrity and

availability meanMechanismoImplementing the policy

Orthogonal Aspects

Your security frequently depends on othersoTragedy of commons

A good solution must oHandle the problem to a great extentoHandle future variations of the problem, toooBe inexpensiveoHave economic incentiveoRequire a few deployment pointsoRequire non-specific deployment points

What Are the Challenges?

Fighting a live enemyo Security is an adversarial fieldo No problem is likely to be completely solved o New advances lead to improvement of attack

techniqueso Researchers must play a double game

What Are the Challenges?

Attack patterns changeOften there is scarce attack dataTesting security systems requires

reproducing or simulating legitimate and traffico No agreement about realistic traffic patterns

No agreement about metricsThere is no standardized evaluation

procedureSome security problems require a lot of

resources to be reproduced realistically

What Are the Challenges?

Risk analysis and risk managementoHow important it is to enforce a policyoWhich threats matteroLegislation may play a role

The role of trustoAssumptions are necessary

Human factorsoThe weakest link

Practical Considerations

MotivationoBragging RightsoProfit (Spam, Scam, Phishing, Extortion)oRevenge / to inflict damageoTerrorism, politics

Risk to the attackeroUsually smalloCan play a defensive role

In The Shoes of an Attacker

Buggy codeProtocol design failuresWeak cryptoSocial engineering/human factorInsider threatsPoor configurationIncorrect policy specificationStolen keys or identitiesMisplaced incentives (DoS, spoofing, tragedy

of commons)

Why We Aren’t Secure

Policy defines what is allowed and how the system and security mechanisms should act

Policy is enforced by mechanism which interprets and enforces it, e.g.oFirewallsoIDSoAccess control lists

Implemented asoSoftware (which must be implemented correctly

and without vulnerabilities)

The Role Of Policy

EncryptionChecksumsKey managementAuthenticationAuthorizationAccountingFirewalls

Some Security Mechanisms VPNs Intrusion Detection Intrusion Response Virus scanners Policy managers Trusted hw

Most deployment of security services today handles the easy stuff, implementing security at a single point in the network, or at a single layer in the protocol stack:oFirewalls, VPN’soIPSecoSSLoVirus scannersoIntrusion detection

Today’s Security Deployment

Unfortunately, security isn’t that easy. It must be better integrated with the application.oAt the level at which it must ultimately be

specified, security policies pertain to application level objects, and identify application level entities (users).

A More Difficult Problem

Security is made even more difficult to implement since today’s systems lack a central point of control.oHome machines unmanagedoNetworks managed by different organizations.oA single function touches machines managed by

different parties. Clouds

oWho is in control?

Loosely Managed Systems

Cryptography

What Is Cryptography?Goal: Protect private communication in the

public worldAlice and Bob are shouting messages in a

crowded roomEveryone can hear what they are saying

but no one can understand (except them)We have to scramble the messages so they

look like nonsense or alternatively like innocent text

Only Alice and Bob know how to get the real messages out of the scramble

Cryptography Is Also Useful For …Authentication

o Bob should be able to verify that Alice has created the message

Integrity checkingo Bob should be able to verify that message

has not been modified

Non-repudiationo Alice cannot deny that she indeed sent the

message

Exchanging a secret with someone you have never met, shouting in a room full of people

Proving to someone you know some secret without giving it away

Sending secret messages to any m out of n people so only those m can retrieve messages and the rest n-m cannot

Sending a secret message so that it can be retrieved only if m out of n people agree to retrieve it

Cryptography Is Also Useful For …

So, How Do We Scramble Messages?

Good cryptography assumes knowledge of algorithm by anyone, secret lies in a key!!!

Alice could give a message covertly “Meeting at the old place”oDoesn’t work for arbitrary messages and oDoesn’t work if Alice and Bob don’t know

each otherAlice could hide her message in some

other text – steganographyAlice could change the message in a

secret wayoBob has to learn a new algorithmoSecret algorithms can be broken by bad

guys

Sample Crypto Scheme: Ceasar’s CipherSubstitute each letter with a letter

which is 3 letters later in the alphabetoHELLO becomes KHOOR

Instead of using number 3 we could use n [1,25]. n would be our key

How can we break this cipher? Can you decipher this: Bpqa kzgxbwozixpg ammua zmit miag. Em eivb uwzm!

Sample Crypto Scheme: Ceasar’s CipherWe can also choose a mapping for each

letter:(H is A, E is M, L is K, O is Y). This mapping would be our key. This is monoalphabetic cipher.oHELLO becomes AMKKY

How can we break this cipher?

Types Of Cryptographic Functions

Symmetric key crypto: one keyoWe will call this secret key or shared keyoBoth Alice and Bob know the same key

Asymmetric key crypto: two keysoAlice has public key and private keyoEveryone knows Alice’s public key but only

Alice knows her private keyoOne can encrypt with public key and

decrypt with private key or vice versaHash functions: no key

oOutput depends on input in non-linear fashion