lecture5
DESCRIPTION
Security Concepts and Web Security for ITTRANSCRIPT
Security Concepts AndSecurity Concepts And Web Security
IT1 Course Slide
Web SecurityIT1 Course Slide
Instructor:
Majid Taghiloo
What will we cover in this course?What will we cover in this course?
I t d ti t C t k• Introduction to Computer Security – IT Environment, Threats and Goals of Computer and Network Security
• Secure Sockets Layer
• IP Security
• Virtual Private Networksand Network Security • Encryption and Cryptography• Symmetric Encryption Algorithms
Virtual Private Networks
• Malicious Programs, Viruses and Virus Protection Strategies
– DES • Asymmetric Encryption
Algorithms – RSA
• Fault Tolerance and RAID and UPS Systems
• Data Backups• Digital Signatures and Message
Authentication • Pseudo‐random Number
Data Backups
• Email Security
• Firewalls Pseudo random Number Generation and its Computational Complexity – CSPRNG
• Windows NT Security
• UNIX/Linux Security
2
What is Computer Security?What is Computer Security?
• The protection afforded to an automated information system in order to attain the yapplicable objectives of preserving the integrity availability and confidentiality ofintegrity, availability and confidentiality of information system resources (includes hardware software firmwarehardware, software, firmware, information/data, and telecommunications) is called Computer Security.
3
What is Computer Security?What is Computer Security?
• For some Computer Security is controlling access to• For some Computer Security is controlling access to hardware, software and data of a computerized system.
• A large measure of computer security is simply keeping the computer system's information securecomputer system s information secure.
• In broader terms, computer security can be thought of as the protection of the computer and its resources against accidental or intentional disclosure of confidential dataaccidental or intentional disclosure of confidential data, unlawful modification of data or programs, the destruction of data, software or hardware. C t it l i l d th d i l f f ’• Computer security also includes the denial of use of one’s computer facilities for criminal activities including computer related fraud and blackmail.
• Finally, computer security involves the elimination of weaknesses or vulnerabilities that might be exploited to cause loss or harm.
4
Let us start with a storyLet us start with a story…
• The Story of New Jersey Bankers is a famous one.
• It shows how naive people are about security issuesissues.
5
The Need for Computer SecurityThe Need for Computer Security
• Why the need for Computer Security?– The value of computer assets and servicesp
• What is the new IT environment?N k d di ib d li i / i– Networks and distributed applications/services
– Electronic Commerce (E‐commerce, E‐business)
6
The Value of Computer Assets and Services
• Most companies use electronic information extensively to support their daily business processes.
• Data is stored on customers, products, contracts, financial results, accounting etc.financial results, accounting etc.
• If this electronic information were to become available to competitors or to become corrupted false orto competitors or to become corrupted, false or disappear, what would happen? What would the consequences be? Could the business still function?consequences be? Could the business still function?
7
Network Security IssuesNetwork Security Issues
“Th t k i th t ”• “The network is the computer”• Proliferation of networks has increased security risks
much moremuch more.• Sharing of resources increases complexity of system.• Unknown perimeter (linked networks) unknown• Unknown perimeter (linked networks), unknown
path.• Many points of attackMany points of attack.• Computer security has to find answers to network
security problems.y p• Hence today the field is called Computer and
Network Security.
8
Is there a Security Problem in Computing?Is there a Security Problem in Computing?
$• Computer fraud in the U.S. alone exceeds $3 billion each year.
• Less than 1% of all computer fraud cases are detectedover 90% of all computer crime goes unreported.
• “Although no one is sure how much is lost to EFT crime annually, the consensus is that the losses run in the billions of dollars. Yet few in the financial community are paying any heed.”
• Average computer bank theft amounts to $1.5 million.
9
Computer CrimesComputer Crimes ...
O 25% f ll F 500 i h b• Over 25% of all Fortune 500 corporations have been victimized by computer crime with an average loss of $2‐10 million10 million.
• Total estimated losses due to computer crime range from $300 million to $500 billion per year$300 million to $500 billion per year.
• Computer‐related crime has been escalating at a dramatic rate.dramatic rate.
• Computer crimes continue to grow and plague companies.companies.
• Computer crime is almost inevitable in any organization unless adequate protections are put in place.
10
q p p p
Data From Real WorldData From Real World
• The following figures are included (source: Datapro Research) as example, to give an idea
h t i i i th l ldwhat is going on in the real world. • Common Causes of damage: Human Error 52%, Dishonest
people 10% Technical Sabotage 10% Fire 15% Water 10%people 10%, Technical Sabotage 10%, Fire 15%, Water 10% and Terrorism 3%.
• Who causes damage? Current employees 81%, Outsiders g p y ,13%, Former employees 6%.
• Types of computer crime: Money theft 44%, Damage of software 16% Theft of information 16% Alteration of datasoftware 16%, Theft of information 16%, Alteration of data 12%, Theft of services 10%, Trespass 2%.
11
Computer VirusesComputer Viruses
% f d h ff d l f• 53% of BYTE readers have suffered losses of data that cost an average of $14,000 per occurrence.
• There are over 3000 viruses with new ones developed daily.
• A survey of over 600 companies andA survey of over 600 companies and government agencies in the U.S. and Canada shows that 63% found at least one virus onshows that 63% found at least one virus on their PCs last year.
12
Natural Disasters Another DimensionNatural Disasters – Another Dimension
Milli f d ll f d lt d f th 1989• Millions of dollars of damage resulted from the 1989 San Francisco earthquake.
• The fire at Subang International Airport knocked out• The fire at Subang International Airport knocked out the computers controlling the flight display system. A post office near the Computer Room was also affected by the soot which decommissioned the post office counter terminals. According to the caretaker, the computers were not burnt but crashed becausethe computers were not burnt but crashed because soot entered the hard disks.
• Fire, Earthquakes, Floods, Electrical hazards, etc.Fire, Earthquakes, Floods, Electrical hazards, etc.• How to prevent?
13
Negligence The Human FactorNegligence ‐ The Human Factor
• Over 85% of the destruction of valuable computer data involves inadvertent acts.p
• How to prevent?P t i i– Proper user training
– Idiot proofing
14
Computer Security RequirementsComputer Security Requirements
• Secrecy
• IntegrityIntegrity
• Availability
• Authenticity
• Non‐repudiationNon repudiation
• Access control
15
Secrecy (Confidentiality)Secrecy (Confidentiality)
• Secrecy requires that the information in a computer system only be accessible for p y yreading by authorized parties.
• This type of access includes:• This type of access includes:– Printing
– Displaying
– Other forms of disclosure, including simply , g p yrevealing the existing of an object
16
IntegrityIntegrity
i i h h• Integrity requires that the computer system asset can be modified only by authorized parties.
• Modification includes:– Writing– ChangingChanging– Changing status
Deleting and– Deleting and – Creating
17
More About IntegrityMore About Integrity
• Integrity: In lay usage, information has integrity when it is timely, accurate, complete, and consistent. However, computers are
bl t id t t ll f th liti Th f iunable to provide or protect all of these qualities. Therefore, in the computer security field, integrity is often discussed more narrowly as having two data integrity and system integritynarrowly as having two data integrity and system integrity.
• “Data integrity is a requirement that information and programs are changed only in a specified and authorized manner.” g y p
• System integrity is a requirement that a system “performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.”
• The definition of integrity has been, and continues to be, the
18
subject of much debate among computer security experts.
AvailabilityAvailability
• Availability requires that computer system assets are available to authorized parties.p
• Availability is a requirement intended to assure that systems work promptly andassure that systems work promptly and service is not denied to authorized users.
19
Security of DataSecurity of Data
Data Data Data
Confidentiality Integrity Availability
Data
20 Secure Data
AuthenticityAuthenticity
h i i h i i• Authenticity means that parties in a information services can ascertain the identity of parties trying to access information services.
• Also means that the origin of the message is certain.
• Therefore two types:Principal Authentication– Principal Authentication
– Message Authentication
21
Non repudiationNon‐repudiation
O i i t f i ti ’t d it• Originator of communications can’t deny it later.Wi h di i ld l• Without non‐repudiation you could place an order for 1 million dollars of equipment online and then simply deny it laterand then simply deny it later.
• Or you could send an email inviting a friend to the dinner and then disclaim it laterthe dinner and then disclaim it later.
• Non‐repudiation associates the identity of the i i t ith th t ti ioriginator with the transaction in a non‐
deniable way.
22
Access ControlAccess Control
h i d k f h• Unauthorized users are kept out of the system.• Unauthorized users are kept out of places on the
system/disk.• Typically makes use of Directories or Access yp y
Control Lists (ACLs) or Access Control Matrix• Objects: Resources that need to be protectedObjects: Resources that need to be protected• Subjects: Entities that need access to resources• Rights: Permissions• Rights: Permissions• Each entry is a triple <subject, object, rights>
23
Access Control MatrixAccess Control Matrix
OBJECT 1 OBJECT 2 OBJECT 3 OBJECT 4
SUBJECT 1 ORW ORW R X
SUBJECT 2 R RW R R
SUBJECT 3 X X ORW ORW
SUBJECT 4 R R R RW
SUBJECT N X R R X
24
Multiple Access ControlsMultiple Access Controls
25
Security Requirements are often Combined
• For example:
• User a thentication Confidentiality• User authentication used for access
y
authorization control purposes in p pconfidentiality.
• Non repudiation is AvailabilityIntegrity• Non‐repudiation is combined with
h
AvailabilityIntegrity
26
authentication.
Type of Attacks/Threats in Computer Systems
A th t i d hi h ld ff t th• A threat is a danger which could affect the security (confidentiality, integrity, availability) of assets, leading to a potential loss or damage.
• Interruption• Interruption
• Interception
• Modification
• Fabrication• Fabrication
27
Type of Attacks in Computer SystemsType of Attacks in Computer Systems
28
Normal Flow of InformationNormal Flow of Information
29
InterruptionInterruption
f h i d d• An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on the availability.
• Examples include destruction of a piece of p phardware, such as a hard disk, the cutting of a communication link, or the disabling of the file , gmanagement system.
• DOS ‐ Denial of Service Attacks have become• DOS ‐ Denial of Service Attacks have become very well known.
30
InterruptionInterruption
31
InterceptionInterception
f i di l /i f i l k• Information disclosure/information leakage• An unauthorized party gains access to an p y g
asset. • This is an attack on confidentialityThis is an attack on confidentiality. • The unauthorized party could be a person, a
program or a computerprogram, or a computer. • Examples include:
– wiretapping to capture data in a network– the illicit copying of files or programs
32
py g p g
InterceptionInterception
33
ModificationModification
• Modification is integrity violation.
• An unauthorized party not only gains access toAn unauthorized party not only gains access to but tampers with an asset.
Thi i k h i i• This is an attack on the integrity.
• Examples include changing values in a data p g gfile, altering a program so that it performs differently and modifying the content of adifferently, and modifying the content of a message being transmitted in a network.
34
ModificationModification
35
FabricationFabrication
• An unauthorized party inserts counterfeit objects into the system. This is an attack on j ythe authenticity.
• Examples include the insertion of spurious• Examples include the insertion of spurious messages in a network or the addition of
f lrecords to a file.
36
FabricationFabrication
37
Classification of AttacksClassification of Attacks
• Computer Security attacks can be classified into two broad categories:g– Passive Attacks can only observe communications
or data.or data.
– Active Attacks can actively modify communications or data Often difficult tocommunications or data. Often difficult to perform, but very powerful. Examples include
• Mail forgery/modification• Mail forgery/modification
• TCP/IP spoofing/session hijacking
38
Passive Attacks and Active AttacksPassive Attacks and Active Attacks
39
Passive Attacks andPassive Attacks and Active AttacksActive Attacks
40
Passive AttacksPassive Attacks
• Eavesdropping on or monitoring of transmission.
• The goal of the opponent is to obtain information that is being transmittedinformation that is being transmitted.
• Two types:– Release‐of‐message contents
– Traffic AnalysisTraffic Analysis
41
Release of message ContentsRelease‐of‐message Contents
• Opponent finds out the contents or the actual messages being transmitted.g g
• How to protect?E ti– Encryption
– Steganography
42
Traffic AnalysisTraffic Analysis
• More subtle than release‐of‐message contents.
• Messages may be kept secret by masking or g y p y gencryption but …
• The opponent figures out information being• The opponent figures out information being carried by the messages based on the frequency
d ti i f thand timings of the message.
• How to protect?– Data/Message Padding
– Filler Sequences
43
q
Passive Attacks ProblemsPassive Attacks Problems
• Difficult to detect because there is no modification of data.
• Protection approach should be based on prevention rather than detectionprevention rather than detection.
44
Active AttacksActive Attacks
• Active attacks involve some sort of modification of the data stream or the creation of a false stream.
• Four sub categories:• Four sub‐categories:– Masquerade
– Replay
– Modification of Messagesg
– Denial of service
45
MasqueradeMasquerade
• An entity pretends to be another.
• For the purpose of doing some other form ofFor the purpose of doing some other form of attack.
E l l i i IP dd b• Example a system claims its IP address to be what it is not, IP spoofing.
• How to protect?Principal/Entity Authentication– Principal/Entity Authentication
46
ReplayReplay
i i f d d h i• First passive capture of data and then its retransmission to produce an unauthorized effect.
• Could be disastrous in case of critical messages such as authentication sequences, even if the password were encrypted.p yp
• How to protect?Time stamps– Time stamps
– Sequence Numbers
47
Modification of MessagesModification of Messages
• Some portion of a legitimate message is altered or messages are delayed or reordered g yto produce an unauthorized effect.
• How to protect?• How to protect?– Message Authentication Codes
– Chaining
48
Denial of Service DOSDenial of Service ‐ DOS
P t th l t f• Prevents the normal use or management of communication facilities.S h k h b• Such attacks have become very common on the Internet especially against web servers.
h l l d h k• On the Internet remotely located hackers can crash the TCP/IP software by exploiting known vulnerabilities in various implementationsvulnerabilities in various implementations.
• One has to constantly look out for software d t d it t h t t tupdates and security patches to protect
against these attacks.
49
Problems with Active AttacksProblems with Active Attacks
• Easy to detect but difficult to prevent.
• Efforts are directed to quickly recover fromEfforts are directed to quickly recover from disruption or delays.
G d hi i h d i ill h• Good thing is that detection will have a deterrent effect.
50
How Threats Affect Computer SystemsHow Threats Affect Computer Systems
HARDWARE
Interception (Theft)
Interruption (Denial of Service)
SOFTWARE
Interception (Theft)
Interruption (Deletion)
ModificationModification (Malicious Code)
Interception (Eavesdropping)
Interruption (Loss)
51
DATA( pp g)(Loss)
FabricationModification
A Model for Network SecurityA Model for Network Security
52
Security ProtocolsSecurity Protocols
A l i i f i l i• A protocol is a series of steps, involving two or more parties, designed to accomplish a task.
E i l d i t l t k th t l– Every one involved in a protocol must know the protocol and all of the steps to follow in advance.
– Everyone involved in the protocols must agree to follow itEveryone involved in the protocols must agree to follow it.– The protocol must be unambiguous; each step must be
well defined and there must be no chance of misunderstanding.
– The protocol must be complete; there must be a specified action for every possible situationaction for every possible situation.
– It should not be possible to do more or learn more than what is specified in the protocol.
53
p p
The Actors in Security ProtocolsThe Actors in Security Protocols
l ll h l• Alice First participant in all the protocols• Bob Second participant in all the protocols
l h d f l• Carol Participant in three‐ and four‐party protocols• Dave Participant in four‐party protocols
d• Eve Eavesdropper• Mallory Malicious active intruder
d bi• Trent Trusted arbitrator• Victor VerifierP P• Peggy Prover
• Walter Warden; he’ll be guarding Alice and Bob in some protocols
54
some protocols
Security Protocol Trent
TypesA bi d P l BobAlice• Arbitrated Protocols
• Adjudicated Protocols
BobAlice
• Self Enforcing Protocols
(a) Arbitrated Protocol
Bob TrentAlice
• Example Protocols– Key Exchange Protocols– Authentication
ProtocolsTime stamping Service (b) Adjudicated Protocol
Evidence Evidence(After the fact)
– Time stamping Service– Digital Cash
(b) Adjudicated ProtocolBobAlice
55(c) Self-enforcing Protocol
SecurityApplication ApplicationEmail - S/MIME
Security Protocol
Presentation Presentation
LayersThe further
Session
Transport
Session
Transport
SSL
The further down you go, the more
Transport
Network
Transport
NetworkIPSec
the more transparent it is Datalink DatalinkPPP - ECP
The further up you go the
Physical Physical
you go, the easier it is to deploy
PHYSICAL NETWORKEncryptingNIC
EncryptingNIC
56
deploy
Security Services Provided by Security Protocols
A t l P t t i t th i d• Access control: Protects against unauthorized use.A h i i P id f• Authentication: Provides assurance of someone's identity.
fid i li d l• Confidentiality: Protects against disclosure to unauthorized identities.
• Integrity: Protects from unauthorized data alteration.
• Non‐repudiation: Protects against originator of communications later denying it.
57
Security MechanismsSecurity Mechanisms
Th b i b ildi bl k d• Three basic building blocks are used:– Encryption is used to provide confidentiality, can
provide authentication and integrity protectionprovide authentication and integrity protection.– Digital signatures are used to provide
authentication integrity protection and non‐authentication, integrity protection, and nonrepudiation.
– Checksums/hash algorithms are used to provide / g pintegrity protection, can provide authentication.
• One or more security mechanisms are ycombined to provide a security service/protocol.
58
Services Mechanisms AlgorithmsServices, Mechanisms, Algorithms
i l i l id• A typical security protocol provides one or more security services (authentication, secrecy, integrity, etc.)
• Services are built from mechanisms.• Mechanisms are implemented using
algorithms S ialgorithms.SSL
Services (Security Protocols)
Signatures Encryption Hashing Mechanisms
59
DSA RSA RSA DES SHA1 MD5 Algorithms
Services Mechanisms AlgorithmsServices, Mechanisms, Algorithms
Security Protocols (Services)Standards-based Security Protocols Proprietary Security
ProtocolsProtocols
SSL IPSec PrivateWire Big Brother
Mechanisms
Encryption Signature Hashing Key E hyp g g Exchange
AlgorithmsSymmetr
icAsymmet
ricAsymmetr
icSymmetri
c MD-5SHA-1
Diffie-HellmanDES RSA DSA DESMA
60
SHA 1 HellmanDESAES
RSAECC
DSARSA
DESMAC
Encryption and SecurityEncryption and Security
• Encryption is a key enabling technology to implement computer security.p p y
• But Encryption is to security like bricks are to buildingsbuildings.
• In the next module we will study encryption in detail.
61
Network Access Security ModelNetwork Access Security Model
Firewalls and Security Gateways are based on thisGateways are based on this
model
62
Computer security is based on eight major elements:
1. Computer security should support the mission of the organization.
2 Computer security is an integral element of sound2. Computer security is an integral element of sound management.
3. Computer security should be cost‐effective.p y4. Computer security responsibilities and accountability
should be made explicit.S h i ibili i5. System owners have computer security responsibilities outside their own organizations.
6 Computer security requires a comprehensive and6. Computer security requires a comprehensive and integrated approach.
7. Computer security should be periodically reassessed.
63
8. Computer security is constrained by societal factors.
Usability and SecurityUsability and Security
∝ Determine where on this
Convenience
line your organization
needs lieConvenience / Usability
Security064
∝Security0
Typical Security Solutions and Technologies
Ph i l i U h i i• Physical security• Encryption
l
• User authentication• Passwords and
h• Access control• Automatic call back
passphrases• Challenge‐response
• Node authentication• Differentiated access
i ht
systems• Token or smart cards
rights• Antivirus software
P bli K I f t t
• Exchange of secret protocol
• Public Key Infrastructure• Firewalls
• Personal characteristics ‐ Biometrics
65