![Page 1: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/1.jpg)
Class 19Wrap-up and Review
CIS 755: Advanced Computer SecuritySpring 2014
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S14/
![Page 2: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/2.jpg)
Administrative stuff
• No class during the last week of the semester (May 6th and 8th)–No office hours either – I’m out of town–No presentations
• Remember exam on Thursday– Study guide is up on the class web page
• No office hours this Friday – email to meet• Focus on your projects and reports
![Page 3: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/3.jpg)
The most important slide of the class
• What are the take-away messages?– Think like an adversary–Kerckhoffs’ principle and Shannon’s maxim–Be able to search for solutions–Read papers–Reuse, reuse, reuse (correctly!)– State assumptions (be sure they hold)–Be able to admit “I don’t know” – not everyone
can engineer every solution
![Page 4: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/4.jpg)
Things to remember
• What does “secure” mean?• Who is the adversary, and why?• There is such a thing as too much
security• If too hard to use, users will bypass security
• Attacks only get better
![Page 5: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/5.jpg)
Some things to remember
• Theoretical to practical in ~10 years–Chosen ciphertext attack–HDMI–CBC chosen plaintext attack
• Attacks only get better– Look at history of MD5– Look at history of SHA (e.g. SHA-0)
• Some things are a bad idea in the first place, e.g. “trusted” hardware
![Page 6: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/6.jpg)
NEVER BUILD YOUR OWN WHEN
SOLUTION EXISTS!!!
NEVER COMPOSE YOUR OWN WHEN LIBRARY EXISTS!!!
![Page 7: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/7.jpg)
Safety vs. security
• Think like an adversary!• Random → malicious faults• Engineering for security:
“What’s the worst that can happen?”Assume it will…
• Always, always, ALWAYS state your assumptions!
![Page 8: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/8.jpg)
Security: Fundamental differences
• Real world: physical, intuitive–Risk assessment• People are not even good at this in the real world!
–Trusted vs. trustworthy– Forensics, physical evidence• Forgery
– Fail “evident,” e.g. theft– Scale of failures
![Page 9: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/9.jpg)
More basics
• Trusted vs. trustworthy– e.g. the recent SSL Certificate Authority fiasco
• Risk, hazard, vulnerability–Adversary, ROI, scale
• Assurance levels– “Rainbow” book series, Common Criteria
• Method of returning to secure states• Fail-closed/secure or fail-open/insecure?
![Page 10: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/10.jpg)
Basic cryptographic primitives
• Confidentiality (encryption)– Symmetric (e.g. AES)– Asymmetric (e.g. RSA)
• Hash functions (e.g. SHA1)• Integrity and authentication– Symmetric (message authentication codes)– Asymmetric (signatures)
• Key agreement• Random numbers
![Page 11: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/11.jpg)
Block cipher modes of operation
• ECB, CBC, OFB, CTR, CFB, GCM, XEX, XTS• Differences, i.e. why do we care?– Some are parallelizable (GCM)• Also provides authentication!
– Some are self-synchronizing (CFB)
• Trick question: Block ciphers vs. stream ciphers vs. pseudorandom number generators (PRNG)?
![Page 12: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/12.jpg)
Security (strength)
• Key size*
–Commonly 2256 for AES, 22048 for RSA–What is a [good] key?
• Underlying cryptosystem/primitives
• Composition• e.g. MAC with broken underlying hash function may
not itself be broken
![Page 13: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/13.jpg)
Modes of operation (ECB)
Images borrowed from Wikipedia :)
![Page 14: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/14.jpg)
Modes of operation (CBC)
Images borrowed from Wikipedia :)
![Page 15: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/15.jpg)
Recall: MACs
• “Keyed hash” (MAC from a cryptographically-secure hash function)–Hash Block cipher (CBC or CFB) MAC
• Hybrid modes e.g. CBC-MAC– Secrecy plus authenticity (2-party)
• Remember to use different keys for MAC and encryption… why?
![Page 16: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/16.jpg)
Modes of operation (CFB)
Images borrowed from Wikipedia :)
![Page 17: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/17.jpg)
Modes of operation (CTR)
Images borrowed from Wikipedia :)
VS. ECB
![Page 18: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/18.jpg)
Giving, storing and wiping secrets
• Credentials• Password security• Storage security• Input security–Ctrl-Alt-Del
• Forgetfulness security– Encryption?–https://citp.princeton.edu/research/memory/
![Page 19: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/19.jpg)
Access control
• Authentication → access• No authentication → no access
• What are we protecting?• Who is our adversary?– Threat model
• Who is trusted?• Where does enforcement occur?
![Page 20: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/20.jpg)
Implementation considerations
• Kerckhoffs’ principle and Shannon’s maxim– Especially tempting to violate in case of “dirty”
code – I’ve been there!
• Watch your (unstated) assumptions– Example: Unsanitized (untrustworthy) input
• Adversaries• Side-channels• Performance
![Page 21: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/21.jpg)
More considerations
• Correct tool for the job– Requirements (before, not after) – spend time on this
• Correct usage of the tool• Documentation!• Weakest links• Pay attention to potential non-cryptographic issues
such as side/covert channels–But you can never eliminate them: PROVABLE
• Think / test like an adversary
![Page 22: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/22.jpg)
Current state of symmetric encryption
• DES is too weak (56-bit key)• 3DES is weak (168-bit keys but only 2112
security – meet-in-the-middle attack)
• Recent weaknesses in AES:–AES-256 (2254.4) AES-192 (2189.7) AES-128 (2126.1)
http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf
![Page 23: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/23.jpg)
Current state of hash functions
• MD5 is broken– http://www.win.tue.nl/hashclash/
• SHA-1 is known to be weak– http://theory.csail.mit.edu/~yiqun/shanote.pdf (269)– http://eprint.iacr.org/2004/304 (2106, generalizable)
– SHA-256 (variant) is even weaker
• SHA-3 currently in “development” (NIST)–We have a winner: all hail Keccak (SHA-3)!– http://csrc.nist.gov/groups/ST/hash/sha-3/
![Page 24: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/24.jpg)
Problems: Side channels
• Side-channel attacks VERY damaging–Power– Timing– Error messages• Different errors in SSH leak information
(mismatch between implementation and specification of CBC block cipher mode):
http://portal.acm.org/citation.cfm?id=586112
![Page 25: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/25.jpg)
Distributed systems: Security
• Eliminating a single point of failure–Denial of service protection (robustness)
• Eliminating a single point of trust–What if your boss is malicious?
• If we want to reap benefits of distributed system designs, we have to take care of the “maybes”
• How?
![Page 26: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/26.jpg)
Distributed systems: Privacy
• Local system – local information• Distributed system – more access to
potentially private information• Privacy vs. authentication• Sometimes privacy is not a security
requirement, sometimes it is• Are there other potential security
requirements related to privacy?
![Page 27: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/27.jpg)
Source routing with capabilities
B, dataS3S2S1 B
S3
S2
S1
A
![Page 28: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/28.jpg)
eCash
Broker
WitnessClient
Merchant
![Page 29: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/29.jpg)
Chaum MixesBob
Alice
Output in lexographic order
![Page 30: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/30.jpg)
Global AdversaryBob
Alice
![Page 31: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/31.jpg)
Tor
A
B
C
TCP over TCP (UGH!)
![Page 32: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/32.jpg)
Tor hidden services
A
B
C
D
E
F
![Page 33: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/33.jpg)
Global adversary vs. TorBob
Alice
Entire Tor
network
Entire Tor
network
![Page 34: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/34.jpg)
Tor network positioning attack
A
B
C
M
![Page 35: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/35.jpg)
Tor linkability attack
A
B
C
![Page 36: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/36.jpg)
Tor selective DoS attack
A
B
C
![Page 37: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/37.jpg)
Tor and bridges
![Page 38: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/38.jpg)
Enumerating Freenet
Run a Freenet node; wait for nodes to contact you
Or just query random “locations”
![Page 39: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/39.jpg)
ISPISP
Anonymity
ISPISPAS1AS1
AS2AS2
Anonymizing Network
![Page 40: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/40.jpg)
ISPISP
Censorship resistance
ISPISPAS1AS1
AS2AS2
Anonymizing Network
MembershipConcealingNetwork
![Page 41: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/41.jpg)
secretsecret Covert auth.!!
Hi? Hi!
XX
Hi? ??
![Page 42: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/42.jpg)
Steganographic embedding
Linux 2.6 TCP SYN packet header with embedded MAC
![Page 43: Class 19 Wrap-up and Review CIS 755: Advanced Computer Security Spring 2014](https://reader033.vdocuments.us/reader033/viewer/2022051620/5681323c550346895d98a6cd/html5/thumbnails/43.jpg)
Questions?
Reading discussion