USC CSci530Computer Security Systems Lecture notes – Spring 2012
Dr. Jelena MirkovicUniversity of Southern CaliforniaInformation Sciences Institute
If you wish to enroll and do not have D clearance yet, send an email to [email protected] with:oYour nameoWhich prerequisites you have completedoA phone number oRequest to receive a D clearance
I will let you know within a day or two
Who gets in
http://ccss.usc.edu/530 oSyllabusoAssignmentsoNewsoLecture notes (also on DEN)
Keep checking it!
Class home page
http://ccss.usc.edu/530Lo1 of the 4 unitsoInstructor is David MorganoInstruction 4 – 4:50 Fridays in RTH105
WebCast via DEN Hands on work in the lab – exercising the
theoretical knowledge from class Some labs will be done remotely using DETER
testbed
Lab
Four reports, due as noted onlineEach discusses a paper of your choice from
a few top security conferences/journalsoSummary of the paper and its critiqueoYour ideas on the topico2-4 pages, submitted via DENoYou can submit reports early if you like
One report from each student will be chosen for presentation in class
Total 20% of your grade, 4% each
Paper Reports
4 quizzesoDone before each DETER exerciseoRepeated after the exerciseoYou MUST take each quiz
Total 5% of your grade
Quizzes
Class e-mail: [email protected] (TA and inst)InstructoroDr. Jelena MirkovicoOffice hours Fri 12:30-1:30pm or by appt
in SAL 234oContact via email (on class web page)
TAoMelina Demertzi oOffice hours Tu and We 10-11 am oContact via email (on class web page)
Administration
Grading:oPaper reports/presentations: 20%oLab: 20%oQuizzes: 5%oParticipation: 5%oMidterm Exam: 20%oFinal Exam: 30%
Grades assigned using an absolute curve:
Administration
A A- B+ B B- C+ C C- D+ D D93 90 86 83 80 76 73 70 66 63 60
DEN system will host the class discussion boardoTo gain access and log in
https://mapp.usc.edu/oContact [email protected] if you have
difficulty with the systemoI will check the discussion board once daily
but if you want a reliable response from me email me directly
DEN
Class participation is importantoAsk and answer questions in classoAsk, answer, participate on-line
Class participation carries 5% of your gradeoIf I don’t remember you from class, I look in the
web discussion forum to check participation Did you ask good questions Did you provide good answers Did you make good points in discussionsoFor DEN students, discussion board is the
primary means of class participation You can also call into the class if you like
Class Participation
What is and is not OKoI encourage you to work with others to learn the
material but everyone must DO their work ALONE
oDo not to turn in the work of othersoDo not give others your work to use as their ownoDo not plagiarize from others (published or not)oDo not try to deceive the instructors
See the Web siteoMore guidelines on academic integrityoLinks to university resourcesoDon’t just assume you know what is acceptable.
Academic Integrity
What Does Security Mean?
No one should be able to: o Break into my houseo Attack meo Steal my TVo Use my house to throw water balloons on
peopleo Damage my furnitureo Pretend to be my friend Bob and fool me o Waste my time with irrelevant thingso Prevent me from going to my favorite
restauranto Destroy my road, bridge, city ..
What Does Security Mean?… In Real Life
No one should be able to:o Break into my computero Attack my computero Steal my information o Use my computer to attack otherso Damage my computer or datao Use my resources without my permissiono Mess with my physical world
I want to talk to Aliceo Pretend to be Alice or myself or our computerso Prevent me from communicating with Alice
What Does Security Mean?… wrt Computers and Nets
An isolated computer has a security risk?o Computer security aims to protect a single,
connected, machine Networking = communication at all
times and in all scenarios!!!o Network security aims to protect the
communication and all its participants
Security = robustness or fault tolerance?
Computer vs. Network Security
Computer security Network security
Breaking into my computero Hackers
Break a password or sniff it off the network Exploit a vulnerability
Use social engineering Impersonate someone I trust
o Viruses and worms
What Are the Threats?
A vulnerability is a bug in the software that createsunexpected computer behavior when exploited, suchas enabling access without login, running unauthorizedcode or crashing the computer. An exploit is an input to the buggy program that makesuse of the existing vulnerability.
Attacking my computero Denial-of-service attacks
o Viruses and some worms
What Are the Threats?
A virus is a self-replicating program that requiresuser action to activate such as clicking on E-mail,downloading an infected file or inserting an infectedfloppy, CD, etc ..A worm is a self-replicating program that does notrequire user action to activate. It propagates itselfover the network, infects any vulnerable machine itfinds and then spreads from it further.
A DOS attack aims to disrupt a service by either exploiting a vulnerability or by sending a lot ofbogus messages to a computer offering a service
Stealing my information o From my computer or from communicationo I will use cryptography!
There are many ways to break ciphers There are many ways to divulge partial
information (e.g. who do you talk to)o I would also like to hide who I talk to and when
I will use anonymization techniques Anonymization hinders other security
approaches that build models of normal traffic patterns
What Are the Threats?
Using my machine to attack otherso E-mail viruseso Wormso Denial-of-service attacks (including reflector
attacks)o Spam, phishing
What Are the Threats?
Damaging my computer or datao I have to prevent break-inso I will also use cryptography to detect
tamperingo I must replicate data to recover from
tamperingo Denial-of-service attacks and worms can
sometimes damage computers
What Are the Threats?
Taking up my resources with irrelevant messageso Denial-of-service attackso Spam mail (takes time to read and fills
space)o Malicious mail (may contain a virus)o Viruses and worms
What Are the Threats?
Messing up with my physical worldo Cyber-physical attacks or collateral victims
o Power systems, traffic control, utilitieso Travel agencieso Medical deviceso Smart vehicles
What Are the Threats?
Pretending to be Alice or myself or our computerso I want to be sure who I am talking to
(authentication and digital signatures)o It is hard to impersonate a computer in two-
way communication, such as TCP But it has been done
o Plain IP spoofing seems an extremely hard problem to solve
What Are the Threats?
IP spoofing means putting a fake IP address in thesender field of IP packets.
Preventing me from communicating with Aliceo Alice could be attackedo Routers could be overloaded or tampered
witho DNS servers could be attacked
What Are the Threats?
Confidentiality (C)oKeep data secret from non-participants
Integrity (I)oAka “authenticity”oKeep data from being modifiedoKeep it functioning properly
Availability (A)oKeep the system running and reachable
The Three Aspects of Security
No one should be able to:oBreak into my computer – A, C, IoAttack my computer – A, C, IoSteal my information - CoUse my computer to attack others – I?oDamage my computer or data - Io Use my resources without my permission – Ao Mess with my physical world – I, A
I want to talk to Aliceo Pretend to be Alice or myself or our computers – C, Io Prevent me from communicating with Alice - A
What Does Security Mean?… wrt Computers and Nets
PolicyoDeciding what confidentiality, integrity and
availability meanMechanismoImplementing the policy
Orthogonal Aspects
Your security frequently depends on othersoTragedy of commons
A good solution must oHandle the problem to a great extentoHandle future variations of the problem, toooBe inexpensiveoHave economic incentiveoRequire a few deployment pointsoRequire non-specific deployment points
What Are the Challenges?
Fighting a live enemyo Security is an adversarial fieldo No problem is likely to be completely solved o New advances lead to improvement of attack
techniqueso Researchers must play a double game
What Are the Challenges?
Attack patterns changeOften there is scarce attack dataTesting security systems requires
reproducing or simulating legitimate and traffico No agreement about realistic traffic patterns
No agreement about metricsThere is no standardized evaluation
procedureSome security problems require a lot of
resources to be reproduced realistically
What Are the Challenges?
Risk analysis and risk managementoHow important it is to enforce a policyoWhich threats matteroLegislation may play a role
The role of trustoAssumptions are necessary
Human factorsoThe weakest link
Practical Considerations
MotivationoBragging RightsoProfit (Spam, Scam, Phishing, Extortion)oRevenge / to inflict damageoTerrorism, politics
Risk to the attackeroUsually smalloCan play a defensive role
In The Shoes of an Attacker
Buggy codeProtocol design failuresWeak cryptoSocial engineering/human factorInsider threatsPoor configurationIncorrect policy specificationStolen keys or identitiesMisplaced incentives (DoS, spoofing, tragedy
of commons)
Why We Aren’t Secure
Policy defines what is allowed and how the system and security mechanisms should act
Policy is enforced by mechanism which interprets and enforces it, e.g.oFirewallsoIDSoAccess control lists
Implemented asoSoftware (which must be implemented correctly
and without vulnerabilities)
The Role Of Policy
EncryptionChecksumsKey managementAuthenticationAuthorizationAccountingFirewalls
Some Security Mechanisms VPNs Intrusion Detection Intrusion Response Virus scanners Policy managers Trusted hw
Most deployment of security services today handles the easy stuff, implementing security at a single point in the network, or at a single layer in the protocol stack:oFirewalls, VPN’soIPSecoSSLoVirus scannersoIntrusion detection
Today’s Security Deployment
Unfortunately, security isn’t that easy. It must be better integrated with the application.oAt the level at which it must ultimately be
specified, security policies pertain to application level objects, and identify application level entities (users).
A More Difficult Problem
Security is made even more difficult to implement since today’s systems lack a central point of control.oHome machines unmanagedoNetworks managed by different organizations.oA single function touches machines managed by
different parties. Clouds
oWho is in control?
Loosely Managed Systems
Cryptography
What Is Cryptography?Goal: Protect private communication in the
public worldAlice and Bob are shouting messages in a
crowded roomEveryone can hear what they are saying
but no one can understand (except them)We have to scramble the messages so they
look like nonsense or alternatively like innocent text
Only Alice and Bob know how to get the real messages out of the scramble
Cryptography Is Also Useful For …Authentication
o Bob should be able to verify that Alice has created the message
Integrity checkingo Bob should be able to verify that message
has not been modified
Non-repudiationo Alice cannot deny that she indeed sent the
message
Exchanging a secret with someone you have never met, shouting in a room full of people
Proving to someone you know some secret without giving it away
Sending secret messages to any m out of n people so only those m can retrieve messages and the rest n-m cannot
Sending a secret message so that it can be retrieved only if m out of n people agree to retrieve it
Cryptography Is Also Useful For …
So, How Do We Scramble Messages?
Good cryptography assumes knowledge of algorithm by anyone, secret lies in a key!!!
Alice could give a message covertly “Meeting at the old place”oDoesn’t work for arbitrary messages and oDoesn’t work if Alice and Bob don’t know
each otherAlice could hide her message in some
other text – steganographyAlice could change the message in a
secret wayoBob has to learn a new algorithmoSecret algorithms can be broken by bad
guys
Sample Crypto Scheme: Ceasar’s CipherSubstitute each letter with a letter
which is 3 letters later in the alphabetoHELLO becomes KHOOR
Instead of using number 3 we could use n [1,25]. n would be our key
How can we break this cipher? Can you decipher this: Bpqa kzgxbwozixpg ammua zmit miag. Em eivb uwzm!
Sample Crypto Scheme: Ceasar’s CipherWe can also choose a mapping for each
letter:(H is A, E is M, L is K, O is Y). This mapping would be our key. This is monoalphabetic cipher.oHELLO becomes AMKKY
How can we break this cipher?
Types Of Cryptographic Functions
Symmetric key crypto: one keyoWe will call this secret key or shared keyoBoth Alice and Bob know the same key
Asymmetric key crypto: two keysoAlice has public key and private keyoEveryone knows Alice’s public key but only
Alice knows her private keyoOne can encrypt with public key and
decrypt with private key or vice versaHash functions: no key
oOutput depends on input in non-linear fashion