Chapter 15 Computer Security By Shengquan Wang in CPSC 410 Thank - PDF document

Chapter 15 Computer Security By Shengquan Wang in CPSC 410 Thank Dr. Xinwen Fu for contributing Slides 1-16, 19. Thank Dr. Xinwen Fu for contributing Slides 1-16, 19. The rest of them are adopted from the textbook slides The rest of them are adopted from the textbook slides Outline  Security Problems  Security Objectives  Security Solutions 2 1 1

Security Problems  Public, private, and governmental computers have been penetrated by malicious users or programs  Computer Emergency Response Team (CERT) reports a tremendous increase in cracking incidents 3 Number of Incidents Reported from CERT Incident: the act of violating an explicit or implied security policy 137,529 140000 120000 # of Incidents 100000 80000 60000 40000 3,734 20000 1,334 6 0 1988 1993 1998 2003 Year http://www.cert.org/stats/cert_stats.htmlreported 4 2 2

Case: NASA websites defaced with link to Iraq 'image' http://www.zone-h.org/defacements/mirror/id=700181/ 5 Types of Known Attacks  Distributed Denial of Service (DDOS) attacks  February 2000, Yahoo and Amazon, a teenager http://www.iwar.org.uk/comsec/resources/dos/ddos.pdf 6 3 3

Types of Known Attacks (Cont.)  Worm attacks  2004 (variant of Blaster worm), Jeffrey Lee Parson Worm controlled machines 7 Types of Known Attacks (Cont.) Monitoring and capture of network traffic   User IDs, passwords, and other information are often stolen on Internet Data driven attacks (virus)   Importation of malicious or infected code E-Mail forgery  Exploitation of software bugs  Unauthorized access to resources   Disclosure, modification, and destruction of resources Compromised system used as hostile attack  facility Masquerade as authorized user or end system  8 4 4

Contributing Factors  Lack of awareness of threats and risks of information systems  Security measures are often not considered until an computer has been penetrated by malicious users  Wide-open network policies  Many Internet sites (ISPs) allow wide-open Internet access  Vast majority of network traffic is unencrypted  Network traffic can be monitored and captured HUMANS ARE THE WEAK LINK in any corporation's carefully crafted security perimeter 9 Contributing Factors (Cont.)  Lack of security in TCP/IP protocol suite  Most TCP/IP protocols not built with security in mind  Work is actively progressing within the Internet Engineering Task Force (IETF)  Complexity of security management and administration  Exploitation of software (e.g., protocol implementation) bugs  Example: Sendmail bugs ( http://www.outpost9.com/exploits/sendmail.html )  Cracker skills keep improving  http://www.phrack.org/ 10 5 5

Outline  Security Problems  Security Objectives  Security Solutions 11 Security Objectives Confidentiality C (Secrecy) Availability A Integrity I (Denial of Service) 12 6 6

Commercial Example  C Confidentiality — An employee should not  come to know the salary of his manager  I Integrity — An employee should not be  able to modify the employee's own salary  A Availability — Paychecks should be printed  on time as stipulated by law Casey Bob, I love you, Alice Bob, I hate you, Alice Bob Alice 13 Military Example  C Confidentiality — The target coordinates of  a missile should not be improperly disclosed  I Integrity — The target coordinates of a  missile should not be improperly modified  A Availability — When the proper command  is issued the missile should fire 14 7 7

A Fourth Objective  Securing computing resources — Prevent/detect/deter improper use of computing resources (cyber infrastructure) including  Hardware Resources  Software resources  Data resources  Network resources 15 Outline  Security Problems  Security Objectives  Security Solutions 16 8 8

Secure Communication over Insecure Medium 17 Encryption  Encryption algorithm consists of Set of K keys  Set of M Messages  Set of C ciphertexts (encrypted messages)  A function E : K → ( M → C ). That is, for each k ∈ K , E ( k ) is a function  for generating ciphertexts from messages.  Both E and E ( k ) for any k should be efficiently computable functions. A function D : K → ( C → M ). That is, for each k ∈ K , D ( k ) is a function  for generating messages from ciphertexts.  Both D and D ( k ) for any k should be efficiently computable functions.  An encryption algorithm must provide this essential property: Given a ciphertext c ∈ C , a computer can compute m such that E ( k )( m ) = c only if it possesses D ( k ). Thus, a computer holding D ( k ) can decrypt ciphertexts to the  plaintexts used to produce them, but a computer not holding D ( k ) cannot decrypt ciphertexts. Since ciphertexts are generally exposed (for example, sent on the  network), it is important that it be infeasible to derive D ( k ) from the ciphertexts 18 9 9

Captain Midnight Secret Decoder Rings 19 An Example MERRY CHRISTMAS PHUUB FKULVWPDV 20 10 10

Symmetric Encryption  Same key used to encrypt and decrypt  E ( k ) can be derived from D ( k ), and vice versa  Data Encryption Standard ( DES ) is most commonly used symmetric block- encryption algorithm (created by US Govt)  Triple-DES considered more secure  Advanced Encryption Standard ( AES ), twofish up and coming 21 Asymmetric Encryption Keys must Keys must be different be different 22 11 11

Asymmetric Encryption (cont.)  Public-key encryption based on each user having two keys:  public key – published key used to encrypt data  private key – key known only to individual user used to decrypt data  Must be an encryption scheme that can be made public without making it easy to figure out the decryption scheme  Most common is RSA block cipher  Efficient algorithm for testing whether or not a number is prime  No efficient algorithm is know for finding the prime factors of a number 23 Asymmetric Encryption (Cont.)  Formally, it is computationally infeasible to derive D ( k d , N ) from E ( k e , N ), and so E ( k e , N ) need not be kept secret and can be widely disseminated  E ( k e , N ) is the public key  D ( k d , N ) is the private key  N is the product of two large, randomly chosen prime numbers p and q (for example, p and q are 512 bits each)  Encryption algorithm is E ( k e , N )( m ) = m ke mod N , where k e satisfies k e k d mod ( p − 1)( q − 1) = 1  The decryption algorithm is then D ( k d , N )( c ) = c kd mod N 24 12 12

An Example  For example. make p = 7 and q = 13  We then calculate N = 7 � 13 = 91 and ( p − 1)( q − 1) = 72  We next select k e relatively prime to 72 and < 72, yielding 5  Finally, we calculate k d such that k e k d mod 72 = 1, yielding 29  We how have our keys  Public key, ( k e , N) = (5 , 91)  Private key, ( k d , N) = (29 , 91)  Encrypting the message 69 with the public key results in the cyphertext 62  69 5 mod 91 = 62  Cyphertext can be decoded with the private key  62 29 mod 91 = 69  Public key can be distributed in clear text to anyone who wants to communicate with holder of public key 25 Encryption and Decryption using Asymmetric Cryptography 26 13 13

Symmetric vs. Asymmetric  Symmetric cryptography based on transformations  Asymmetric based on mathematical functions  Asymmetric much more compute intensive  Typically not used for bulk data encryption 27 Authentication  Constraining set of potential senders of a message  Also can prove message unmodified  Algorithm components  A set K of keys  A set M of messages  A set A of authenticators  A function S : K → ( M → A )  That is, for each k ∈ K , S ( k ) is a function for generating authenticators from messages  Both S and S ( k ) for any k should be efficiently computable functions  A function V : K → ( M × A → { true, false } ). That is, for each k ∈ K , V ( k ) is a function for verifying authenticators on messages  Both V and V ( k ) for any k should be efficiently computable functions 28 14 14

Authentication (Cont.)  For a message m , a computer can generate an authenticator a ∈ A such that V ( k )( m, a ) = true only if it possesses S ( k )  Thus, computer holding S ( k ) can generate authenticators on messages so that any other computer possessing V ( k ) can verify them  Computer not holding S ( k ) cannot generate authenticators on messages that can be verified using V ( k )  Since authenticators are generally exposed (for example, they are sent on the network with the messages themselves), it must not be feasible to derive S ( k ) from the authenticators 29 Authentication – Digital Signature  Based on asymmetric keys and digital signature algorithm  Authenticators produced are digital signatures  In a digital-signature algorithm, computationally infeasible to derive S ( k s ) from V ( k v )  V is a one-way function  Thus, k v is the public key and k s is the private key  Consider the RSA digital-signature algorithm  Similar to the RSA encryption algorithm, but the key use is reversed  Digital signature of message S ( k s )( m ) = H ( m ) ks mod N  The key k s again is a pair d, N , where N is the product of two large, randomly chosen prime numbers p and q  Verification algorithm is V ( k v )( m, a ) ≡ ( a kv mod N = H ( m ))  Where k v satisfies k v k s mod ( p − 1)( q − 1) = 1 30 15 15