cpsc 257: information security in the real worldzoo.cs.yale.edu › classes › cs257 › cs257.2016...
TRANSCRIPT
CPSC 257: Information Securityin the Real World
Ewa Syta
April 7, 2016
CPSC 257 April 7, 2016 1 / 42
1 Malware Cont.
2 Application Security
CPSC 257 Outline April 7, 2016 2 / 42
Malware Cont.
CPSC 257 Malware Cont. April 7, 2016 3 / 42
Ransomware Wikipedia:Ransomware
Ransomware is a type of malware that restricts access to the infectedcomputer system in some way, and demands that the user pays aransom to the malware operators to remove the restriction.
First ransomware: CryptoLocker in 2013.
Ransomware is lately extremely popular.
CPSC 257 Malware Cont. April 7, 2016 4 / 42
Ransomware Wikipedia:Ransomware
Most systematically encrypt files on the system’s hard drive.
• Properly use strong crypto (RSA-2048) so impossible to break.
• Demand payment to receive the encryption key.
• Provide payment instructions and a deadline.
• You can remove ransomware but cannot recover files.
• Defense? Back-up.
Typically propagates as a trojan horse, drive-by-download andphishing emails.
CPSC 257 Malware Cont. April 7, 2016 5 / 42
CryptoWall Image Source:Arstechnica
CryptoWall - a family of file-encrypting ransomware that firstappeared in early 2014.
• Used an AES key further encrypted with a one-time RSA key.
• CryptoWall binary used lots of techniques to prevent AVdetection.
• AV detection using HIPS (Host Intrusion Prevention System)
CPSC 257 Malware Cont. April 7, 2016 6 / 42
CryptoWall Image Source:Arstechnica
Read more: Cryptowall 4.0
CPSC 257 Malware Cont. April 7, 2016 7 / 42
Ransomware Source: NakedSecurity
March 31, 2016: a rate, joint alert by the United States Department of
Homeland Security (DHS) and Canadian Cyber Incident Response Centre
(CCIRC).
CPSC 257 Malware Cont. April 7, 2016 8 / 42
Ransomware Source: MIT Technology Review
Hackers have been targeting businesses and individuals.
Often, they don’t have control over specific entities they infect orthey intentionally choose the most vulnerable entities.
CPSC 257 Malware Cont. April 7, 2016 9 / 42
Ransomware in Hospitals Source: MIT Technology Review
• After ransomware struck Hollywood Presbyterian Hospital in LosAngeles in February, the hospital’s central medical records systemwas largely unusable for 10 days, and some patients had to betransported to other hospitals.
• A hospital in Germany that had medical records locked up byransomware canceled some high-risk surgeries for safety reasons.
CPSC 257 Malware Cont. April 7, 2016 10 / 42
Ransomware
Cryptolocker 3.0, brought in an estimated $325 million in 2015 alone.
44% victims end up paying the ransom.
Victims include hospitals, schools, police department, etc.
We will only see more of ransomware in the future until we employbetter security practices.
CPSC 257 Malware Cont. April 7, 2016 11 / 42
TED Talk
Mikko Hypponen: Fighting viruses, defending the net
https://www.ted.com/talks/mikko_hypponen_fighting_
viruses_defending_the_net
CPSC 257 Malware Cont. April 7, 2016 12 / 42
Application Security
CPSC 257 Application Security April 7, 2016 13 / 42
TCP/IP Model Adapted from Cryptography and Network Security by B. Forouzan
CPSC 257 Application Security April 7, 2016 14 / 42
TCP/IP Model Adapted from Cryptography and Network Security by B. Forouzan
Application
Transport
Network
Data Link
Physical
DNS SMTP FTP HTTP SNMP TELNET
SCTP TCP UDP
IP
ICMP IGMP
ARP RARP
Protocolsdefinedbytheunderlyingnetworks.
Userspace
OS
NICcard
...
SSL/TLS
IPSec
socketlayer
CPSC 257 Application Security April 7, 2016 15 / 42
IPSec and SSL/TLS: Protocols for secure communication
IPSec and SSL/TLS are two popular options for securecommunication.
Internet Protocol Security (IPsec)
• Lives at the network layer (part of the OS).
• Encryption, integrity, authentication, etc.
• Extremely complex!
• OS must be aware, but not applications.
• Applications can be automatically secured by IPsec at the IPlayer.
• Only IPsec protects all application traffic over an IP network.
• IPSec often used in VPNs (secure tunnel).
CPSC 257 Application Security April 7, 2016 16 / 42
SSL/TLS
Secure Sockets Layer (SSL) and IEEE standard known as TransportLayer Security (TLS)
• Lives at socket layer (part of user space).
• Encryption, integrity, authentication, etc.
• Relatively simple and elegant specification.
• Applications must be aware, but not OS.
• Built into the Web early on (Netscape).
• Most popular option for application security.
CPSC 257 Application Security April 7, 2016 17 / 42
Socket Layer
Socket “Layer”
• Not a real layer
• Socket: IP address and portnumber
• Ports associated withprotocols (80 for HTTP, 21for FTP)
• Application layer protocols“layered” on top of SSL.
• SSL usually between HTTPand TCP
Data Link
Physical
Network
Transport
Application
Socket “layer”
CPSC 257 Application Security April 7, 2016 18 / 42
SSL
SSL is the protocol of choice for the vast majority of securetransactions over the Internet.
• Web browsing
• Instant messaging
• Voice-over-IP (VoIP)
• and more.
CPSC 257 Application Security April 7, 2016 19 / 42
SSL
What does SSL provide?
Assume you want to buy a book at amazon.com.
• You want to be sure you are dealing with Amazon(authentication).
• Your credit card information must be protected in transit(confidentiality and/or integrity).
• As long as you have money, Amazon does not really care who youare so authentication does not have to be mutual (but might be).
CPSC 257 Application Security April 7, 2016 20 / 42
SSL
How are secure connections achieved?
• Use asymmetric crypto to authenticate the parties (or one ofthem) attempting to communicate and exchange a symmetrickey.
• Use symmetric crypto to secure the communication within thesession using a session key.
SSL takes advantage of public-key and symmetric crypto.
CPSC 257 Application Security April 7, 2016 21 / 42
Simple SSL-like Protocol
Alice Bob
I’d like to talk to you securely
Here’s my certificate
{K}Bob
protected HTTP
• Is Alice sure she’s talking to Bob? Is Bob sure he’s talking toAlice?
• Bob doesn’t know who he is talking to. Alice knows who she’stalking to only after she decrypts some messages.
CPSC 257 Application Security April 7, 2016 22 / 42
Simplified but reasonably complete SSL-like Protocol
Alice Bob
Can we talk?, cipher list, RA Certificate, cipher, RB
{S}Bob, E(h(msgs,CLNT,K), K)
Data protected with key K h(msgs,SRVR,K)
• S is the pre-master secret.
• K = h(S ,RA,RB)
• “msgs” means all previous messages.
• CLNT and SRVR are constants/
CPSC 257 Application Security April 7, 2016 23 / 42
SSL Keys
6 “keys” derived from K = h(S ,RA,RB)
• 2 encryption keys: client and server
• 2 integrity keys: client and server
• 2 IVs: client and server
• Why different keys in each direction?
Q: Why is h(msgs,CLNT ,K ) encrypted?
CPSC 257 Application Security April 7, 2016 24 / 42
SSL Authentication
Alice authenticates Bob, not vice-versa
• How does client authenticate server?
• Why would server not authenticate client?
Mutual authentication is possible.
• Bob sends certificate request in message 2.
• Client must have a valid certificate
• Server might also use passwords for client authentication.
CPSC 257 Application Security April 7, 2016 25 / 42
SSL Man in the Middle Attack?
Alice Bob
RA
certificateT, RB
{S1}Trudy,E(X1,K1)
E(data,K1)h(Y1,K1)
Trudy
RA
certificateB, RB
{S2}Bob,E(X2,K2)
E(data,K2)h(Y2,K2)
Q: What prevents this MiM “attack”?A: Bob’s certificate must be signed by a certificate authority (CA).
There is more to SSL security than just its design. Certificates playan extremely important role. We will talk about it shortly.
CPSC 257 Application Security April 7, 2016 26 / 42
Secure Web
CPSC 257 Application Security April 7, 2016 27 / 42
Secure Web
HTTPS is the main way to achieve secure connections betweenclients and web servers. HTTPS stands for:
• HTTP over TLS
• HTTP over SSL
• HTTP Secure
Netscape Communications created HTTPS in 1994 for its NetscapeNavigator web browser.
HTTPS basically layers HTTP on top of SSL/TLS.
CPSC 257 Application Security April 7, 2016 28 / 42
Main motivations for HTTPS
Authentication of visited websites.
• So you know precisely who you’re talking to.
• Protection against MinM attacks.
• Again, normally only clients authenticate web servers.
Protection of the confidentiality and integrity of the exchanged data.
• Bidirectional encryption between a client and server.
• Protects against eavesdropping and tampering with and/orforging data by third parties.
• Provides privacy for clients.
CPSC 257 Application Security April 7, 2016 29 / 42
HTTPS Security
How secure is HTTPS?
The security of HTTPS is that of TLS/SSL.
• Authentication, key exchange, and encryption algorithms.
• Implementation and deployment.
Remember, certificates are important.
CPSC 257 Application Security April 7, 2016 30 / 42
HTTPS in practice
CPSC 257 Application Security April 7, 2016 31 / 42
HTTPS in practice
CPSC 257 Application Security April 7, 2016 32 / 42
HTTPS in practice
CPSC 257 Application Security April 7, 2016 33 / 42
Use of HTTPS
Historically, HTTPS connections were primarily used for paymenttransactions, sensitive e-mail and transactions in corporate systems.
In the late 2000s and early 2010s, HTTPS began to see widespreaduse on all types of websites, securing accounts and keeping usercommunications, identity and web browsing private.
CPSC 257 Application Security April 7, 2016 34 / 42
HTTPS at Google: Across Google Image Source: Google HTTPS Transparency Report
Percentage of requests to Google’s servers that used encryptedconnections.
CPSC 257 Application Security April 7, 2016 35 / 42
HTTPS at Google: By Product Image Source: Google HTTPS Transparency Report
Encrypted traffic by product.
CPSC 257 Application Security April 7, 2016 36 / 42
HTTPS at Google: By Country Image Source: Google HTTPS Transparency Report
Top 10 countries by percent of traffic that Google receives.
CPSC 257 Application Security April 7, 2016 37 / 42
Symantec Report Source: Symantec Press Release1
According to Roxane Divol, senior vice president and general managerof Website Security, Symantec.
“There are almost a billion web sites today, yet only about3% of those sites are encrypted”.
1One of Symantec’s products is Encryption Everywhere. They also partner withhosting providers to offer free certificates.
CPSC 257 Application Security April 7, 2016 38 / 42
Georgia Tech Report Source:“Online Privacy and ISPs”2
“Today, all of the top 10 web sites either encrypt by defaultor upon user log-in, as do 42 of the top 50 sites.
Based on analysis of one source of Internet backbone data,the HTTPS portion of total traffic has risen from 13% to49% just since April 2014.
An estimated 70% of traffic will be encrypted by the end of2016. ”
2The report argues that ISP access to consumer data is limited and often lessthan access by others. The report was partially funded by Broadband for America,a group that represents many ISPs (Comcast, Cox, Time Warner Cable, etc.).
CPSC 257 Application Security April 7, 2016 39 / 42
Let’s Encrypt!3
3https://letsencrypt.org/
CPSC 257 Application Security April 7, 2016 40 / 42
Let’s Encrypt!4
Let’s Encrypt, a new certificate authority, is:
• Free: no charge for certificates
• Automatic: installation, configuration and renewal
• Secure: committed to best practices
• Transparent: records and makes available all issued certificates
• Open: will publish its model as an open standard
• Cooperative: multi-stakeholder organization to benefit thecommunity
As of March 9, they issued more than 1 million digital certificates.
4ZDNet, “Will Let’s Encrypt threaten commercial certificate authorities?”
CPSC 257 Application Security April 7, 2016 41 / 42
Let’s Encrypt!5
5https://letsencrypt.org/
CPSC 257 Application Security April 7, 2016 42 / 42