security i206 fall 2010 john chuang some slides adapted from coulouris, dollimore and kindberg; dave...
Post on 21-Dec-2015
224 views
TRANSCRIPT
![Page 1: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/1.jpg)
Security
i206 Fall 2010
John Chuang
Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig
![Page 2: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/2.jpg)
John Chuang 2
Security
Bits & BytesBinary Numbers
Number Systems
Gates
Boolean Logic
Circuits
CPU Machine Instructions
Assembly Instructions
Program Algorithms
Application
Memory
Data compression
Compiler/Interpreter
OperatingSystem
Data Structures
Analysis
I/O
Memory hierarchy
Design
Methodologies/Tools
Process
Truth tableVenn DiagramDeMorgan’s Law
Numbers, text,audio, video, image, …
Decimal, Hexadecimal, Binary
AND, OR, NOT, XOR, NAND, NOR,etc.
Register, CacheMain Memory,Secondary Storage
Context switchProcess vs. ThreadLocks and deadlocks
Op-code, operandsInstruction set arch
Lossless v. lossyInfo entropy & Huffman code Adders, decoders,
Memory latches, ALUs, etc.
DataRepresentation
Data
Data storage
Principles
ALUs, Registers,Program Counter, Instruction Register
Network
Distributed Systems Security
Cryptography
Standards & Protocols
Inter-processCommunication
Searching, sorting,Encryption, etc.
Stacks, queues,maps, trees, graphs, …
Big-O
UML, CRC
TCP/IP, RSA, …
ConfidentialityIntegrityAuthentication…
C/S, P2PCaching
sockets
Formal models
Finite automataregex
![Page 3: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/3.jpg)
John Chuang 3
Introduction
What is security? What do we mean by a secure system?
![Page 4: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/4.jpg)
John Chuang 4
Attacks
Eavesdropping - passwords, credit card
numbers, etc. Tampering of data
- Birthday attack Impersonation
- Replay attack- Man-in-the-middle
attack (e.g., IP address spoofing)
- Phishing attack
Unauthorized access- System vulnerabilities- Social engineering (e.g.,
bribe, black-mail)- Password guessing (e.g.,
dictionary attack) Denial-of-Service attack Spam Trojan horses, viruses,
worms …
Wide ranging scope Some common attacks:
![Page 5: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/5.jpg)
John Chuang 5
Security Properties “CIA” and “AAA”
Confidentiality- Prevents eavesdropping
Integrity- Prevents modification of data
Authentication- Proves your identity to another party; prevents
impersonation Accountability (non-repudiation)
- Enables failure analysis; serves as deterrent Authorization
- Prevents misuse Availability
- Safeguards against denial-of-service
![Page 6: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/6.jpg)
John Chuang 6
Cryptography
Cryptographic primitives:- Encryption
-Symmetric-key (e.g., DES, AES) -Asymmetric-key (e.g., RSA)
- Cryptographic hash (message digest)-e.g., MD5, SHA-1
- Digital signature-e.g., PKCS
![Page 7: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/7.jpg)
John Chuang 7
The Principals
Alice Bob Carol …and… Eve (eavesdropper -- passive attacker) Mallory (active attacker -- can intercept, modify, and forward messages)
Trent/Trudy (trusted 3rd party)
![Page 8: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/8.jpg)
John Chuang 8
QuickTime™ and a decompressor
are needed to see this picture.
http://xkcd.com/177/Eve’s Story
![Page 9: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/9.jpg)
John Chuang 9
Encryption
Encryption/decryption algorithms are published Encryption/decryption keys are kept secret Symmetric cryptography
- e-key = d-key- Principals need to share the symmetric key, and keep it secret
Asymmetric (public-key) cryptography- e-key != d-key- One key made public; the other kept private
encryption decryptionplaintext plaintext
e-key d-key
ciphertext
![Page 10: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/10.jpg)
John Chuang 10
Symmetric Cryptography
Many schemes are available: DES, 3DES, AES, RC4, IDEA, …
In general, the strength of an encryption scheme is a function of the key length (because of exhaustive key search)
Moving target as hardware capabilities improve over time- DES (data encryption standard, 1975) uses 56 bit key length; became vulnerable to exhaustive key search
- Replaced in 2002 by AES (advanced encryption standard, 1998) which uses key lengths of 128, 192, or 256 bits
![Page 11: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/11.jpg)
John Chuang 11
Each principal has public key K and private key K-1
K-1 is kept secret, and cannot be deduced from K K is made available to all Encryption and decryption with K and K-1 are commutative: {{D}K-1}K = {{D}K}K-1 = D
Challenge: how to choose K and K-1?
Asymmetric Cryptography
encryption
private key public key
document D document Ddecryption
encryption
private keypublic key
document D document Ddecryption
![Page 12: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/12.jpg)
John Chuang 12
RSA
Algorithm by Rivest, Shamir, Adleman (1977) for generating K and K-1 based on the fact that factoring is hard
RSA key generation:- Choose n, e, d such that:
- n=p*q where p and q are two large and distinct prime numbers
- e*d = k(p-1)(q-1)+1 where k is a positive integer Public key: {n,e}; Private key: {n,d}
- RSA key lengths 1024 bits or 2048 bits (256 or 512 bits no longer secure)
- n and e are published; p, q, and d are kept private
Given document D:- encryption: ciphertext = c = D e (mod n)- decryption: plaintext = D = c d (mod n)
![Page 13: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/13.jpg)
John Chuang 13
Performance
Asymmetric cryptography 3-5 orders of magnitude slower than symmetric cryptography
Use asymmetric cryptography to exchange symmetric key; data encrypted using symmetric cryptography:
A B: {KAB}KB, {D}KAB
Asymmetric cryptography has other important uses as well …
![Page 14: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/14.jpg)
John Chuang 14
Authentication
Based on one or more of the following:- Something you are (e.g., fingerprint, pattern on iris, DNA sample)
- Something you know (e.g., password, PIN, mother’s maiden name)
- Something you have (e.g., ATM card, Driver’s License, private key K-1)
![Page 15: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/15.jpg)
John Chuang 15
Digital Signature (Version 0.1)
Alice signs document by encrypting it with her own private key
A B: {D}KA-1
Bob verifies the signature by decrypting it using A’s public key, i.e., compute D = {{D}KA
-1 }KA
Two outcomes: - digital signature provides non-repudiation (accountability)
- Alice is authenticated to Bob. (How?) There is another problem -- performance
encryption
private key public key
Document D Document Ddecryption
![Page 16: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/16.jpg)
John Chuang 16
Cryptographic Hash/ Message Digest
Digest function maps arbitrary length message D to fixed length digest H(D)-MD5 (128 bit digest) and SHA-1 (160 bit digest) are commonly used
One-way function: given H(D), can't find D
Collision-free: infeasible for attacker to generate D and D' such that H(D) = H(D')-Otherwise vulnerable to the birthday attack
message
digest
![Page 17: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/17.jpg)
John Chuang 17
Birthday Attack
Alice prepares two contracts D (fair) and D’ (fraudulent) that produce the same hash, i.e., H(D) = H(D’)
Alice asks Bob to sign D, takes Bob’s signature and attach it to D’
The “birthday paradox”:- Need 183 persons in a room to have a 50% chance that someone has the same birthday as you
- But only need 23 persons in a room to have a 50% chance that two persons share the same birthday
Implication: digest length has to be much longer than 8-9 bits
![Page 18: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/18.jpg)
John Chuang 18
Digital Signature (Version 1.0)
A B: D, {H(D)}KA-1
Bob:- Computes hash of message, H(D)- “Decrypts” signature: {{H(D)}KA
-1 }KA
- Verifies H(D) = {{H(D)}KA-1 }KA
signature
Sender: Alice
Alice's Private Key Alice's Public Key
verifysignature
computesignature
computedigest
computedigest
Receiver: Bob
D D
signature
![Page 19: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/19.jpg)
John Chuang 19
Public Key Management
How does Bob know that KA is really the public key of Alice?
![Page 20: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/20.jpg)
John Chuang 20
Public Key Certificate
A binding of key to identity, signed by a certificate authority (CA)
A, KA, {H(A, KA)}KCA
-1
PKI (public key infrastructure) provides support for certificate hierarchy with root certificate at the top of the tree
CA signature
Alice’s certificate
![Page 21: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/21.jpg)
John Chuang 21
Summary
So, what have we achieved with digital signatures?- Authentication- Integrity- Non-repudiation (accountability)
Can combine with encryption to provide:- Confidentiality
![Page 22: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/22.jpg)
John Chuang 22
Security Properties “CIA” and “AAA”
Confidentiality- Prevents eavesdropping
Integrity- Prevents modification of data
Authentication- Proves your identity to another party; prevents
impersonation Accountability (non-repudiation)
- Enables failure analysis; serves as deterrent Authorization
- Prevents misuse Availability
- Safeguards against denial-of-service
![Page 23: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/23.jpg)
John Chuang 23
Availability
Denial-of-Service (DoS) Attack: - Making a computer resource or service unavailable to users by overwhelming the computational and/or communication resources of the victim system
DoS statistics (Moore et al., Usenix 2001): - Prevalence: 13,000 DoS attacks recorded in 3 weeks
- Duration: an attack can last for hours- Intensity: 600,000 packets per second
2008 ISP Infrastructure Security Report (Arbor, 2008)- Largest DDoS attack peak traffic volume of 40Gbps
![Page 24: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/24.jpg)
John Chuang 24
TCP SYN Flood Attack
TCP session establishment- A B: SYN- B A: SYN + ACK- A B: ACK
B has to keep state for every half-open connection, and an idle connection is closed only after long timeout
An attacker sends many SYN messages (with spoofed source IP addresses) to victim B
Legitimate clients cannot establish TCP session with B
Process A Process B
SYN3-Way handshake to establish TCP session
SYN + ACK
Conversation
ACK
Teardown
FIN
FIN + ACK
ACK
Data + ACK
Data + ACK
![Page 25: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/25.jpg)
John Chuang 25
Distributed DoS (DDoS) Attack
Attacker takes over machines via viruses or Trojan horses and launches DoS attack from these “zombies” or “bots”
No effective defense:- No direct cryptographic solution- Approaches: filtering, traceback
Misaligned incentives- Individuals not motivated to patch their machines
![Page 26: Security i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig](https://reader035.vdocuments.us/reader035/viewer/2022062407/56649d6c5503460f94a4bd4d/html5/thumbnails/26.jpg)
John Chuang 26
Botnets
A network of bots (Trojan horses) under the command & control of botnet operator
Botnet operators may control millions of machines and use them to launch DDoS attacks, send spam, perform keylogging, commit click fraud,…- Estimate: 70-90% of spam come from botnets
Underground market for botnet service- e.g., $500 for a DDoS attack using 10K bots- e.g., sites asked to pay $10-50k in extortion
Sou
rce:
Cis
co