Introduction Professor Adam Bates Fall 2016 Security & Privacy - - PowerPoint PPT Presentation

Security & Privacy Research at Illinois (SPRAI)

Professor Adam Bates Fall 2016

CS 598 - Computer Security in the Physical World:

Introduction

Adam Bates

Research Interests: ➢ Trustworthy Provenance-Aware Systems (CCS’16,

SecDev’16, Security’15, TAPP’15, SENT’14, CODASPY'13)

➢ Communications Security (NDSS’12, Security’15, JCS’14) ➢ Embedded Device Security (ACSAC’15, NDSS’14) ➢ Mobile Phone Security & Privacy (Security’15) ➢ SSL/HTTPS Trust Enhancements (CCS’14, IMC’14) ➢ Cloud Computing Security (IJIS’14, CCSW’13) Career Highlights:

• 1. Research covered by Wall Street

Journal, PC World, Mobile World Live.

• 2. 17 Peer-Reviewed publications

(8 Conference Majors)

• 3. Organizing Committee, IEEE SP ’16, ‘17

Program Committee, ACSAC (2015) Session Chair, ACM CCS (2015) Program Committee, MCS (2015)

Provenance Plane Information Flow Plane

Policy

USB Mediator

Device Claims MNF , Product, Interfaces User Expectations MNF , Product, Features

Security & Privacy Research at Illinois (SPRAI)

Course Goals

3

• Exposure to how computer security concepts interact

with and inform the ‘real’ world

• Look at impactful applications of security in the

literature

• Explore interesting topics related to systems security

through

+

Security & Privacy Research at Illinois (SPRAI)

Class Logistics

4

• Tuesday & Thursday 3:30 - 4:45
• 1302 Siebel Center
• Website: http://adambates.org/courses/cs598-fa16/
• 14 weeks, each exploring a different topic
• Most sessions will be student-driven, I’m merely here

to facilitate

• Emails go to batesa@illinois.edu
• Start email subject with [CS598] please!

Security & Privacy Research at Illinois (SPRAI)

Grading

5

• Paper Summaries (20%)
• Paper Presentations (30%)
• Class Participation (10%)
• Project (40%)

Security & Privacy Research at Illinois (SPRAI)

Paper Reviews

6

• Each student must email brief reviews for assigned

papers.

• One paragraph summary of paper content,

followed by 2-3 criticisms, praises, or confusing

• points. What makes this approach different/novel?
• Expect approx. 0.5 pages, limit to1 page.
• Structure similar to the first half of a peer review
• Due by 11:59 PM the night before class
• Do this for the 2 papers next lecture.

Security & Privacy Research at Illinois (SPRAI)

Paper Presentations

7

• Two discussion leaders/presenters per session
• Responsibilities of the Presenter:
• Create a 15-20 minute presentation on the topic to be

discussed

• Discuss the paper assigned as a jumping off point for the

general (20-25 minutes)

• Share slides with me at least one day before class (email

OK, or stop by office hours).

• Each student will be a presenter for 2-3 papers

Security & Privacy Research at Illinois (SPRAI)

How to fail at class

8

• Do a crummy job with your presentation, or skip it

altogether

• Do a crummy job with reviews, or skip them

altogether

• Show total lack of comprehension indicative of having

read the papers before class

• Have three or more unexplained absences (Reasonable

absences: attending conference, job interview, etc.).

Security & Privacy Research at Illinois (SPRAI)

Course Projects

9

• The course project requires the students execute

some original research in security

• Demonstrate applied knowledge
• Don’t try to learn some new non-security field
• Be realistic about what is possible in a one quarter.
• However, the work should reflect real thought and effort.
• The grade will be based on: novelty, depth, correctness,

clarity of presentation, and effort.

• 1-3 students per group; single person suggested if you

want to work in security.

Security & Privacy Research at Illinois (SPRAI)

Deliverables

10

• The chief product of the project will be a 10-15 page

conference style paper. There will be several milestones:

• Project Choice (9/06/16)
• Abstract, Background and Related Work (10/04/16)
• Experiment Proposal (10/18/16)
• Project Status Slides (11/08/16)
• Project Presentation (12/08/16)
• Final Project Write-up (TBD during finals week)
• This is a very important factor in your grade!

Security & Privacy Research at Illinois (SPRAI)

Project Choice

11

• Due on September 6, 5:00 PM
• Ordered list of projects
• Choose 3 projects in order of interest
• Choose up to 2 collaborators (optional)
• Bigger expectations for bigger groups
• I will (hopefully) resolve all constraints and approve/

choose your project and group

Security & Privacy Research at Illinois (SPRAI)

Picking a topic

12

• Skim course schedule for ideas
• I will work with you to acquire research equipment
• Be realistic — I’m not buying a car.
• I *can* potentially connect you to IoT, CPS, Medical,

and Mobile devices.

• Realistically, we can make any topic from OS

security or NetSec (feat. Layer 2 or below) fit.

• Picking a topic is very important, and should almost

certainly involve an area you already know well.

Security & Privacy Research at Illinois (SPRAI)

• Locks, Keys
• Financial Security
• USB Security
• Mobile Security
• Data Provenance
• Smart Grid
• Cyber Physical
• Internet of Things
• Medical Devices
• Voting Systems
• Telephony
• Network Infrastructure
• Wiretapping
• Automotive

Tentative Topic List

Security & Privacy Research at Illinois (SPRAI)

Ethics Statement

14

This course considers topics involving personal and public privacy and

• security. As part of this investigation we will cover technologies whose

abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention

• f existing security or privacy measurements for any purpose, or the

dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity

• utside the letter or spirit of these guidelines will be reported to the proper

authorities and may result in dismissal from the class. When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/

• r under any circumstances unless you have received explicit permission

from Professor Bates.

Security & Privacy Research at Illinois (SPRAI)

Next Class

15

• USB Security — 2 conference papers
• Reviews due by the end of the day tomorrow
• Assignments and paper links available at

http://adambates.org/courses/cs598-fa16

(Note: This is easily reachable from adambates.org)

Security & Privacy Research at Illinois (SPRAI)

Reading Papers

16

• Why do we read papers?
• How do you read papers?
• What should you get out of a paper?
• Did you read the paper for today?

Security & Privacy Research at Illinois (SPRAI)

Understanding Papers

17

• What is the central idea expressed in this paper?
• Where do you find this information?
• What is the context of this paper?
• Related work, details pertinent details and justifies paper
• What is the methodology?
• Proofs, experiments, simulation, rhetoric
• What are the claimed results?
• New scientific discovery, if it is not novel it is not research
• What do you need to remember about this work?

Security & Privacy Research at Illinois (SPRAI)

Thompson Paper

18

• What is the contribution?
• Related Work?
• Methodology?
• Results?
• Takeaway?

Security & Privacy Research at Illinois (SPRAI)

Sample Summary

19

• Contribution: Ken Thompson shows how hard it is to trust the security of software in

this paper. He describes an approach whereby he can embed a Trojan horse in a compiler that can insert malicious code on a trigger (e.g., recognizing a login program).

• Related Work: This approach is an example of a Trojan horse program. A Trojan horse is a

program that serves a legitimate purpose on the surface, but includes malicious code that will be executed with it (e.g., Sony/BMG rootkit).

• Methodology: The approach works by generating a malicious binary that is used to compile
• compilers. Since the compiler code looks OK and the malice is in the binary compiler

compiler, it is difficult to detect.

• Results: The resulting system identifies construction of login programs and miscompiles the

command to accept a particular password known to the attacker.

• Take Away: Thompson states the “obvious” moral that “you cannot trust code that you

did not totally create yourself.” We all depend on code, but constructing a basis for trusting it is very hard, even today.

Security & Privacy Research at Illinois (SPRAI)

How to Read a Paper

20

• Prepare your environment
• Decide what to read
• Read in generalities (10-20 minutes)
• Skim intro, headings, figures, definitions, conclusions, related

work, references.

• Read in depth (1-4+ hours)
• Consider methodology, challenge arguments, examine

assumptions/methods, become invested in the work!

• Make notes, mark up a copy, summarize paper

Security & Privacy Research at Illinois (SPRAI)

Systems Security Papers

21

• What is the security model?
• threat model, trust model, participants/adversaries
• What is the environment and the resulting constraints?
• e.g., resource-constrained devices, patrolling security guards
• What is the solution?
• how are the threats addressed? how is the solution evaluated?
• What is the key idea that drives the design?
• should be a concept, not an engineering detail
• Takeaway: Why should someone care about this work?

Security & Privacy Research at Illinois (SPRAI)

Presenting a Paper

22

• Requires the technical preparation necessary for

writing a summary, but also much more!

• Audience engagement is vital
• Construct a narrative
• Engage the audience
• Identify an insight
• Argue a point
• Extend an argument
• Relate what you’ve learned, and what strikes you about

the work: be engaged with the content

Security & Privacy Research at Illinois (SPRAI)

Presentation Advice

23

• Keep your points simple and repeat key insights
• Know the jargon that you will be using
• Present a narrative - tell a story
• Pace the talk so that you’re not rushing or dragging
• Think about the goals of your presentation
• Leave audience with the high points in their head
• Practice and prepare!
• Read http://pages.cs.wisc.edu/~markhill/conference-

talk.html

Security & Privacy Research at Illinois (SPRAI)

Professor Adam Bates Fall 2016

CS 598 - Computer Security in the Physical World:

Locks & Keys

Security & Privacy Research at Illinois (SPRAI)

Security Traditions*

2

cypherpunks phone freaks

* Note: Extremely reductive taxonomy presented on this slide

Security & Privacy Research at Illinois (SPRAI)

Lock Picking in Com Sci?

3

• Mechanical locks influenced the foundation of

computer security (e.g., crypto secrets are “keys”)

• People who break open digital systems also like

breaking open analog systems (e.g., locks, telephony)

• Physical locks remain a useful metaphor for thinking

about computer security, and vice versa

Security & Privacy Research at Illinois (SPRAI)

Pin Tumbler Locks

4

Animations via http://toool.us

Key Pins Plug Driver Pins Shear Point Keyway

• Common to cylinder locks
• n pins inserted in plug
• pins cut in two at various

heights

• without correct key, plug

cannot rotate (i.e., locked)

• when correct key is

inserted, gaps in pins line up with shear point, allowing plug to rotate

Security & Privacy Research at Illinois (SPRAI)

Pin Tumbler Locks

5

• Common to cylinder locks
• n pins inserted in plug
• pins cut in two at various

heights

• without correct key, plug

cannot rotate (i.e., locked)

• when correct key is

inserted, gaps in pins line up with shear point, allowing plug to rotate

Animations via http://toool.us

Key Pins Plug Driver Pins Shear Point Keyway

Security & Privacy Research at Illinois (SPRAI)

Pin Tumbler Locks

6

Animations via http://toool.us

Shear Point

• Common to cylinder locks
• n pins inserted in plug
• pins cut in two at various

heights

• without correct key, plug

cannot rotate (i.e., locked)

• when correct key is

inserted, gaps in pins line up with shear point, allowing plug to rotate

Security & Privacy Research at Illinois (SPRAI)

View from side:

7

Animations via http://toool.us

Pin Tumbler Locks

Security & Privacy Research at Illinois (SPRAI)

Enter Lock Picking

8

Animations via http://toool.us

In an ideal world, pins would fit into the plug like this:

(wrong key)

Security & Privacy Research at Illinois (SPRAI)

Enter Lock Picking

9

Animations via http://toool.us

In the real world, pins fit into the plug like this:

(wrong key)

Security & Privacy Research at Illinois (SPRAI)

Reality

Real Plug Real Pins

Enter Lock Picking

Expectation

Security & Privacy Research at Illinois (SPRAI)

Enter Lock Picking

11

Animations via http://toool.us

Mechanical imperfections make lock picking possible:

Security & Privacy Research at Illinois (SPRAI) 12

• Tension wrench applies (gentle) torque to the cylinder
• This causes one pin to stop the cylinder from turning.
• Pushing that one pin up causes the cylinder to turn

slightly, “setting” that pin.

• Repeat until all pins are set.

Enter Lock Picking

Security & Privacy Research at Illinois (SPRAI)

Cryptanalysis of Locks

13

Shared Secret / Password Oracle Attack Brute Force Attack Keying of Lock (or the key) Try all possible keys (or kick door down?) Mechanical imperfection reduces search space (i.e., lock picking)

Security & Privacy Research at Illinois (SPRAI)

• Info. Theoretic Security

14

• What are the security parameters?
• Number of Pins (Pin Stacks), P
• Number of key bitting depths, D
• Consider an ideal world (i.e., unpickable) 5 pin lock

with 4 bitting depths. How large is the key space?

• D^P = 4^5 = 1024
• Consider an real world (i.e., pickable) 5 pin lock

with 4 bitting depths. How large is the search space?

• If you’re good, approximately linear with D?

Security & Privacy Research at Illinois (SPRAI)

Real World Security

15

• Caveats
• Lock picking is conspicuous, intruder is unlikely to

have authorized access to area

• Lock picking takes time, at least on the order of

seconds

• Security Theater: Locks deter, create the perception
• f security
• There are many other lock picking techniques not

covered here (e.g., shims, bump keys, rakes) which vary in use-case and covertness.

Security & Privacy Research at Illinois (SPRAI)

Master-Keyed Locks

16

• Easiest way to make a master key?

Photo via http://united-locksmith.net

Security & Privacy Research at Illinois (SPRAI)

• Info. Theoretic Security

17

• Master keys necessarily reduce security. Why?
• Introduce single point of failure
• Cross Keying / Key Interchange attack
• Consider a real world (i.e., pickable) master-keyed 5

pin lock with 4 bitting depths. How large is the key space?

• D^P - 2^P = 4^5 - 2^5 = 992
• Security reduced, but not too bad… right?

Security & Privacy Research at Illinois (SPRAI)

Adaptive Oracle Attack

18

• Change Key is 11111, Master Key is 44444
• 2^5 keys open the lock: 14111, 11411, etc.
• For each pin position, prepare D-1 test keys (all bitting

except for known bitting of the change key).

• Try all test keys for p=1. The bitting of the test key that
• pens the door corresponds to the master key bitting.
• Repeat for all pin positions.
• Note: Number of required test keys can be reduced from

P(D-1) to P by filing keys down in real time.

Security & Privacy Research at Illinois (SPRAI)

Countermeasures?

19

• Master Ring Locks
• Drawbacks: Uncommon, more vuln. to lock picking
• Control distribution of blank keys
• Drawbacks: Impractical, many 3rd party vendors
• Obfuscate TMK with more cuts
• Add one cut, 2^P different possible TMK’s per lock
• Drawback: Reduces key space s.t. key interchange

attacks are easier, creates sub-masters, impractical for small locks.

Security & Privacy Research at Illinois (SPRAI)

Why did we read this?

20

• Cautionary Tale: Computer Security and the physical

world interact in complex and unexpected ways.

• Here, cryptanalytic techniques trivially expose a

systemic vuln. in the world’s #1 security mechanism.

• Problems only become more complex as we enter the

cyber physical domain.