cs 598 - computer security in the physical world: …...cloud computing security (ijis’14,...

Security & Privacy Research at Illinois (SPRAI)

Professor Adam BatesFall 2016

CS 598 - Computer Security in the Physical World:

Introduction

AdamBatesResearchInterests:➢ TrustworthyProvenance-AwareSystems(CCS’16,

SecDev’16,Security’15,TAPP’15,SENT’14,CODASPY'13)➢ CommunicationsSecurity(NDSS’12,Security’15,JCS’14)➢ EmbeddedDeviceSecurity(ACSAC’15,NDSS’14)➢ MobilePhoneSecurity&Privacy(Security’15)➢ SSL/HTTPSTrustEnhancements(CCS’14,IMC’14)➢ CloudComputingSecurity(IJIS’14,CCSW’13)

CareerHighlights:1. ResearchcoveredbyWallStreet

Journal,PCWorld,MobileWorldLive.

2. 17Peer-Reviewedpublications(8ConferenceMajors)

3. OrganizingCommittee,IEEESP’16,‘17ProgramCommittee,ACSAC(2015)SessionChair,ACMCCS(2015)ProgramCommittee,MCS(2015)

Prov

enan

ce P

lane

Infor

mat

ion Fl

ow P

lanesshd_t

shadow_t

etc_tsyslog_tsysadm_t

Policy USB Mediator

Device ClaimsMNF, Product, Interfaces

User ExpectationsMNF, Product, Features


Course Goals

3

• Exposure to how computer security concepts interact with and inform the ‘real’ world

• Look at impactful applications of security in the literature

• Explore interesting topics related to systems security through

+


Class Logistics

4

• Tuesday & Thursday 3:30 - 4:45

• 1302 Siebel Center

• Website: http://adambates.org/courses/cs598-fa16/

• 14 weeks, each exploring a different topic

• Most sessions will be student-driven, I’m merely here to facilitate

• Emails go to [email protected]

• Start email subject with [CS598] please!


Grading

5

• Paper Summaries (20%)

• Paper Presentations (30%)

• Class Participation (10%)

• Project (40%)


Paper Reviews

6

• Each student must email brief reviews for assigned papers.

• One paragraph summary of paper content, followed by 2-3 criticisms, praises, or confusing points. What makes this approach different/novel?

• Expect approx. 0.5 pages, limit to1 page.

• Structure similar to the first half of a peer review

• Due by 11:59 PM the night before class

• Do this for the 2 papers next lecture.


Paper Presentations

7

• Two discussion leaders/presenters per session

• Responsibilities of the Presenter:

‣ Create a 15-20 minute presentation on the topic to be discussed

‣ Discuss the paper assigned as a jumping off point for the general (20-25 minutes)

‣ Share slides with me at least one day before class (email OK, or stop by office hours).

• Each student will be a presenter for 2-3 papers


How to fail at class

8

• Do a crummy job with your presentation, or skip it altogether

• Do a crummy job with reviews, or skip them altogether

• Show total lack of comprehension indicative of having read the papers before class

• Have three or more unexplained absences (Reasonable absences: attending conference, job interview, etc.).


Course Projects

9

• The course project requires the students execute some original research in security

• Demonstrate applied knowledge

• Don’t try to learn some new non-security field

• Be realistic about what is possible in a one quarter.

• However, the work should reflect real thought and effort.

• The grade will be based on: novelty, depth, correctness, clarity of presentation, and effort.

• 1-3 students per group; single person suggested if you want to work in security.


Deliverables

10

• The chief product of the project will be a 10-15 page conference style paper. There will be several milestones:

• Project Choice (9/06/16)

• Abstract, Background and Related Work (10/04/16)

• Experiment Proposal (10/18/16)

• Project Status Slides (11/08/16)

• Project Presentation (12/08/16)

• Final Project Write-up (TBD during finals week)

• This is a very important factor in your grade!


Project Choice

11

• Due on September 6, 5:00 PM

• Ordered list of projects

• Choose 3 projects in order of interest

• Choose up to 2 collaborators (optional)

• Bigger expectations for bigger groups

• I will (hopefully) resolve all constraints and approve/choose your project and group


Picking a topic

12

• Skim course schedule for ideas

• I will work with you to acquire research equipment

• Be realistic — I’m not buying a car.

• I *can* potentially connect you to IoT, CPS, Medical, and Mobile devices.

• Realistically, we can make any topic from OS security or NetSec (feat. Layer 2 or below) fit.

• Picking a topic is very important, and should almost certainly involve an area you already know well.


• Locks, Keys

• Financial Security

• USB Security

• Mobile Security

• Data Provenance

• Smart Grid

• Cyber Physical

• Internet of Things

• Medical Devices

• Voting Systems

• Telephony

• Network Infrastructure

• Wiretapping

• Automotive

Tentative Topic List


Ethics Statement

14

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Bates.


Next Class

15

• USB Security — 2 conference papers

• Reviews due by the end of the day tomorrow

• Assignments and paper links available at

http://adambates.org/courses/cs598-fa16

(Note: This is easily reachable from adambates.org)


Reading Papers

16

• Why do we read papers?

• How do you read papers?

• What should you get out of a paper?

• Did you read the paper for today?


Understanding Papers

17

• What is the central idea expressed in this paper?

• Where do you find this information?

• What is the context of this paper?

• Related work, details pertinent details and justifies paper

• What is the methodology?

• Proofs, experiments, simulation, rhetoric

• What are the claimed results?

• New scientific discovery, if it is not novel it is not research

• What do you need to remember about this work?


Thompson Paper

18

• What is the contribution?

• Related Work?

• Methodology?

• Results?

• Takeaway?


Sample Summary

19

• Contribution: Ken Thompson shows how hard it is to trust the security of software in this paper. He describes an approach whereby he can embed a Trojan horse in a compiler that can insert malicious code on a trigger (e.g., recognizing a login program).

• Related Work: This approach is an example of a Trojan horse program. A Trojan horse is a program that serves a legitimate purpose on the surface, but includes malicious code that will be executed with it (e.g., Sony/BMG rootkit).

• Methodology: The approach works by generating a malicious binary that is used to compile compilers. Since the compiler code looks OK and the malice is in the binary compiler compiler, it is difficult to detect.

• Results: The resulting system identifies construction of login programs and miscompiles the command to accept a particular password known to the attacker.

• Take Away: Thompson states the “obvious” moral that “you cannot trust code that you did not totally create yourself.” We all depend on code, but constructing a basis for trusting it is very hard, even today.


How to Read a Paper

20

• Prepare your environment

• Decide what to read

• Read in generalities (10-20 minutes)

• Skim intro, headings, figures, definitions, conclusions, related work, references.

• Read in depth (1-4+ hours)

• Consider methodology, challenge arguments, examine assumptions/methods, become invested in the work!

• Make notes, mark up a copy, summarize paper


Systems Security Papers

21

• What is the security model?• threat model, trust model, participants/adversaries

• What is the environment and the resulting constraints?• e.g., resource-constrained devices, patrolling security guards

• What is the solution?• how are the threats addressed? how is the solution evaluated?

• What is the key idea that drives the design?• should be a concept, not an engineering detail

• Takeaway: Why should someone care about this work?


Presenting a Paper

22

• Requires the technical preparation necessary for writing a summary, but also much more!

• Audience engagement is vital• Construct a narrative

• Engage the audience

• Identify an insight

• Argue a point

• Extend an argument

• Relate what you’ve learned, and what strikes you about the work: be engaged with the content


Presentation Advice

23

• Keep your points simple and repeat key insights

• Know the jargon that you will be using

• Present a narrative - tell a story

• Pace the talk so that you’re not rushing or dragging

• Think about the goals of your presentation

• Leave audience with the high points in their head

• Practice and prepare!

• Read http://pages.cs.wisc.edu/~markhill/conference-talk.html


Professor Adam BatesFall 2016

CS 598 - Computer Security in the Physical World:

Locks & Keys


Security Traditions*

2

cypherpunks

phone freaks

* Note: Extremely reductive taxonomy presented on this slide


Lock Picking in Com Sci?

3

• Mechanical locks influenced the foundation of computer security (e.g., crypto secrets are “keys”)

• People who break open digital systems also like breaking open analog systems (e.g., locks, telephony)

• Physical locks remain a useful metaphor for thinking about computer security, and vice versa


Pin Tumbler Locks

4

Animations via http://toool.us

Key Pins

Plug

Driver Pins

Shear Point

Keyway

• Common to cylinder locks

• n pins inserted in plug

• pins cut in two at various heights

• without correct key, plug cannot rotate (i.e., locked)

• when correct key is inserted, gaps in pins line up with shear point, allowing plug to rotate


Pin Tumbler Locks

5







Key Pins

Plug

Driver Pins

Shear Point

Keyway


Pin Tumbler Locks

6


Shear Point







View from side:

7


Pin Tumbler Locks


Enter Lock Picking

8


In an ideal world, pins would fit into the plug like this:

(wrong key)


Enter Lock Picking

9


In the real world, pins fit into the plug like this:

(wrong key)


Reality

Real Plug

Real Pins

Enter Lock PickingExpectation


Enter Lock Picking

11


Mechanical imperfections make lock picking possible:

Security & Privacy Research at Illinois (SPRAI) 12

• Tension wrench applies (gentle) torque to the cylinder

• This causes one pin to stop the cylinder from turning.

• Pushing that one pin up causes the cylinder to turn slightly, “setting” that pin.

• Repeat until all pins are set.

Enter Lock Picking


Cryptanalysis of Locks

13

SharedSecret / Password

OracleAttack

Brute Force Attack

Keying of Lock (or the key)

Try all possible keys (or kick door down?)

Mechanical imperfection reduces search space

(i.e., lock picking)


Info. Theoretic Security

14

• What are the security parameters?

• Number of Pins (Pin Stacks), P

• Number of key bitting depths, D

• Consider an ideal world (i.e., unpickable) 5 pin lock with 4 bitting depths. How large is the key space?

• D^P = 4^5 = 1024

• Consider an real world (i.e., pickable) 5 pin lock with 4 bitting depths. How large is the search space?

• If you’re good, approximately linear with D?


Real World Security

15

• Caveats

• Lock picking is conspicuous, intruder is unlikely to have authorized access to area

• Lock picking takes time, at least on the order of seconds

• Security Theater: Locks deter, create the perception of security

• There are many other lock picking techniques not covered here (e.g., shims, bump keys, rakes) which vary in use-case and covertness.


Master-Keyed Locks

16

• Easiest way to make a master key?

Photo via http://united-locksmith.net


Info. Theoretic Security

17

• Master keys necessarily reduce security. Why?

• Introduce single point of failure

• Cross Keying / Key Interchange attack

• Consider a real world (i.e., pickable) master-keyed 5 pin lock with 4 bitting depths. How large is the key space?

• D^P - 2^P = 4^5 - 2^5 = 992

• Security reduced, but not too bad… right?


Adaptive Oracle Attack

18

• Change Key is 11111, Master Key is 44444

• 2^5 keys open the lock: 14111, 11411, etc.

• For each pin position, prepare D-1 test keys (all bitting except for known bitting of the change key).

• Try all test keys for p=1. The bitting of the test key that opens the door corresponds to the master key bitting.

• Repeat for all pin positions.

• Note: Number of required test keys can be reduced from P(D-1) to P by filing keys down in real time.


Countermeasures?

19

• Master Ring Locks

• Drawbacks: Uncommon, more vuln. to lock picking

• Control distribution of blank keys

• Drawbacks: Impractical, many 3rd party vendors

• Obfuscate TMK with more cuts

• Add one cut, 2^P different possible TMK’s per lock

• Drawback: Reduces key space s.t. key interchange attacks are easier, creates sub-masters, impractical for small locks.


Why did we read this?

20

• Cautionary Tale: Computer Security and the physical world interact in complex and unexpected ways.

• Here, cryptanalytic techniques trivially expose a systemic vuln. in the world’s #1 security mechanism.

• Problems only become more complex as we enter the cyber physical domain.

cs 598 - computer security in the physical world: …...cloud computing security (ijis’14,...

Documents