Outline Authentication and Identity Management Authentication - - PDF document

SLIDE 1

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Computer Security: Security at Work

Bart Jacobs

Institute for Computing and Information Sciences – Digital Security Radboud University Nijmegen

Version: fall 2010

Bart Jacobs Version: fall 2010 Computer Security 1 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Outline

Authentication and Identity Management Authentication Identity management Kerberos, and derivatives Operating System and Network Security Security models A very brief look at operating systems Network security basics Cyber war and terrorism Cyber war Terrorism Conclusions

Bart Jacobs Version: fall 2010 Computer Security 2 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Human to computer authentication

Recall: identification = saying who you are; authentication = proving who you are. The three basic human-to-computer authentication mechanisms are based on:

1 something you have, like a (physical) key, or card

Risk? theft, copying

2 something you know, like a password or PIN

Risk? eavesdropping (shoulder-surfing), brute-force trials, forgetting (how secure is the recovery procedure?), social engineering, multiple use, fake login screens (use wrong password first!)

3 something you are, ie. biometrics, like fingerprints or iris

Risk? imitation (non-replaceability), multiple use

Bart Jacobs Version: fall 2010 Computer Security 4 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

More about passwords

It is common wisdom that at least a 64 bit string is needed to be secure against password guessing. These 64 bit amount to:

• 11 characters, randomly chosen
• 16 characters, computer generated but pronounceable
• 32 characters, user-chosen

With modern brute force and rule-based techniques, passwords can be broken easily. A well-known system to do so is Crack

Heuristics

Reasonably good passwords come from longer phrases, eg. as first letters of the words in a sentence: they are relatively easy to remember, and reasonably arbitrary (with much entropy). It is then still wise to filter on bad passwords. An alternative is to use one-time passwords, distributed via an independent channel (eg. via a generator, via GSM or TAN-lists).

Bart Jacobs Version: fall 2010 Computer Security 5 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Password change policies

Does it make sense to force users to change their passwords periodically (say every 3 months)?

• Pro: compromised passwords are usable for only a relatively

short amount of time

• Against: lot’s of things:
• the cause of a password compromise (if any) is ignored, and

may be re-exploited

• users get annoyed, and use escape techniques:
• insecure variations: passwd1, passwd-2010 etc.
• writing passwords down

(so that they become ‘something you have’)

Bart Jacobs Version: fall 2010 Computer Security 6 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Password recovery

What to do when a user forgets his/her password? This happens

• frequently. Hence recovery procedures should not be too

complicated (or expensive). What to do? Some options:

• self service password reset, by supplying answers to previously

set security questions, like “where was your mother born?” “what’s your first pet’s name?” etc.

Often, answers can be obtained by social engineering, phishing or simple research (recall the Sarah Palin mailbox incident in 2008)

• Provide a new password via a different channel
• face-to-face transfer is best, but not always practical
• ING bank provides new password via SMS

(recall: GSM (esp. SMS) is now broken)

• force re-registration (like DigiD does in NL)

Bart Jacobs Version: fall 2010 Computer Security 7 / 58

SLIDE 2

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometrics: intro

Biometrics refers to the use of physical characteristics or deeply ingrained behaviour or skills to identify a person.

• Physical characteristics: facial features, fingerprints, iris,

voice, DNA, and the shape of hands or even ears.

• Behaviour or skill: handwritten signature, but also someone’s

gait, or the rhythm in which someone types on a keyboard. Different types of biometrics have important differences in:

• accuracy (percentage of false matches/non-matches)
• how easy they are to fake
• which population groups they discriminate against
• how much information they reveal about us, and how sensitive

this information is (eg. your DNA may reveal health risks of

interest to insurance companies)

Bart Jacobs Version: fall 2010 Computer Security 8 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometrics: intentional or unintentional

Important difference between types of biometrics:

• necessarily intentional and conscious production, like with

signature

(except under extreme coercion)

• possibly unintentional production: people leave copies of their

fingerprints and samples of their DNA wherever they go.

• With the increased use of surveillance cameras we also leave
• ur facial image and gait in many places. This is what enables

such biometrics to be used in law enforcement

• It also makes fingerprint information more valuable to the
• wner, and to potential attackers, as fake fingerprints could be

planted at a crime scene.

Bart Jacobs Version: fall 2010 Computer Security 9 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometric systems in operation

A biometric system works in several steps

1 its sensors capture a presented biometric 2 this input signal is then processes to extract features from it 3 these features are compared to previously recorded and stored

biometric information

4 it is decided if there is a match or not

Ideally, not the raw biometric information is stored, but a template with crucial info about features extracted from the raw data

Fingerprint example

• raw information: image of the fingerprint (stored eg. in e-passport)
• template: so-called minutiae, bifurcations and endpoints of ridges,

which most fingerprint recognition systems use Storing such templates goes some way towards preventing abuse, assuming that fingerprints cannot be reconstructed from the templates.

Bart Jacobs Version: fall 2010 Computer Security 10 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometrics for verification or identification

Biometrics can be used in two completely separate ways:

• Verification: a person is matched with one particular stored

biometric (template), eg. the fingerprint on his e-passport, to check that someone has a certain claimed identity

• Identication: a person is matched with a large collection of

stored biometrics, for example to see if he occurs in a database of known criminals, or has not already applied for a passport under a different name

(Clearly, this is more error-prone than one-to-one matches, since in

• ne-to-many matches errors accumulate)

e-Passport example in NL

• originally proposed for verification only (against look-alike fraud)
• function creep happened in the form of central storage of all

biometrics: now usable for identification and law enforcement

Bart Jacobs Version: fall 2010 Computer Security 11 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometric systems are not perfect

• False match: the system reports a match when in fact the

stored biometric comes from someone else Example: innocent person barred from boarding a plane

• False non-match: the system reports that the two don’t

match, even though both are from the same person Example: Bin Laden gets on board

Note on terminology

False matches are often called false accepts, and false non-matches false rejects. This can be confusing: if a database of biometrics is used to check that known terrorists do not enter the country, then a false non-match leads to a false accept (into the country), not a false reject

Bart Jacobs Version: fall 2010 Computer Security 12 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometrics performance

• Exact rates of false (non-)matches depend on the type of

biometric used and the particulars of the system (eg. verification or identification).

• There is a trade-off between the false match and non-match

rates: by turning up the precision required for a match, the false non-match rate of a system can be decreased at the expense of a higher false match rate.

Tuning the system for a good balance

• what is the purpose: do you prefer a higher false non-match rate or

a higher false match rate?

• who controls the tuning: entry guards hate false matches because of

the hassle (angry customers). Hence they minimise false non-matches, leading possibly to a greater risk of false matches (terrorist entering the building)

Bart Jacobs Version: fall 2010 Computer Security 13 / 58

SLIDE 3

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometrics performance studies

NL passport fingerprint study (2005, 15.000 participants)

• At enrollment phase, 3.2% of fingerprints could not be recorded
• 1.9% impossible to record two fingerprints
• 1.3% only possible to record one
• In verification phase, in 4.3% one finger could not be verified;

in 2.9% neither finger

US-VISIT study (2004, 6.000.000 in database)

• false match rate of 0.31% (1 in 300 hassle for innocent travellers)
• changing operational parameters:
• false match rate reduced to 0.08%
• false non-match rate rise to 4% to 5%

Bart Jacobs Version: fall 2010 Computer Security 14 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometrics usage

For identification Useful, with error margins

• basis for usage in surveillance systems

For authentication Problematic, since it assumes that:

• only you are the source of fresh biometric measurements
• freshness of such measurements can be recognised
• you provide input to these fresh measurements intentionally

and consciously For non-repudiation Unsuitable: same spoofing problems

• biometrics not suitable as signatures in payment systems

How about biometrics for access to secure facilities

• only rarely used type of biometrics, like hand-palm or iris
• spoofing/transfer is more difficult

Bart Jacobs Version: fall 2010 Computer Security 15 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Privacy issues in biometrics

1 biometric measurements may contain much more information

than is strictly needed for identification

• eg. DNA contains your genetic build up (and of subsequent

generations)

• also claimed for eyes, by irisscopists

2 when improperly stored (as original measurements and not as

abstract templates) and protected, biometrics may actually increase the risk of identity fraud

3 biometric information may be used for tracing people, either

• penly, for instance via public security cameras, or covertly

Bart Jacobs Version: fall 2010 Computer Security 16 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Biometrics, conclusions

• biometrics are often proposed as solution to the security

problems associated with passwords

• however, they are problematic themselves (highly overrated)
• always the same, in every application
• not replaceable (after compromise)
• entangled error rates associated with false (non-)matches
• errors accumulate in one-to-many comparisons
• really useful only for identification, and not for authentication

(or non-repudiation)

Bart Jacobs Version: fall 2010 Computer Security 17 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

What is Identity Management (IdM)?

Allowing many services via a limited number of access / authentication checks. It is a collection of mechanisms for

• identity synchronisation
• single-sign-on
• access management

So-called federated IdM is IdM between different organisations.

Possible functions of IdM

• Authentication, esp. via single-sign-on
• Autorisation, via access controle lists (ACLs) at objects, or based
• n capabilities/roles at subjects, supported by credentials
• Personalisation, service adjustment to individual preferences
• Provisioning, i.e. automatic propagation of changes in identity data

Bart Jacobs Version: fall 2010 Computer Security 18 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Advantages & disadvantages of IdM

Advantages of IdM

• centralisation of control, administration and policy
• ease for users
• structuring of roles and responsabilities within organisations
• cost reduction

Disadvantages of IdM

• possible reliability reduction, via single point of failure;
• increased linking of activities, harming privacy.

Bart Jacobs Version: fall 2010 Computer Security 19 / 58

SLIDE 4

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Examples of IdM systems

• Kerberos
• OpenId
• DigiD
• Eduram
• . . .

Bart Jacobs Version: fall 2010 Computer Security 20 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Key Distribution Center (KDC)

• A KDC shares a secret key KX with each participant X
• Naive usage: let all communication, say between A and B, go

via the KDC who decrypts and re-encrypts in the middle

• More efficiently: let the KDC provide a session key, to be used

by A and B directly, like in: A

I want to talk to B

KDC

A KDC

KA{KAB,ticket} ticket=KB{A,KAB}

• A

Hi let’s talk, via: ticket

B

• These first steps must be followed by a standard mutual

authentication between A and B, using the session key KAB.

• The KDC does not send the ticket itself to B, but lets A do

this, in order to limit its load.

Bart Jacobs Version: fall 2010 Computer Security 21 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

KDC issues

Disadvantages of a KDC

• It is a single point of failure because it must always be online
• The KDC can read all traffic (since it knows the keys KAB)
• The KDC can impersonate everyone
• The KDC may be a performance bottleneck

So far, there is no identification of runs

• not for A, in the link between the initial request and answer from

the KDC

• not for B, in the link between the ticket and the request of A: an
• ld ticket might be re-used.

Bart Jacobs Version: fall 2010 Computer Security 22 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Using tickets via a Key Distribution Center (KDC)

Basis for Kerberos comes from Needham-Schroeder (1978), A

I want to talk to B,NA KDC

A KDC

KA{NA,KAB,ticket} ticket=KB{A,KAB}

• A

ticket,KAB{N1}

B

A B

KAB{N1−1,N2}

• A

KAB{N2−1}

B

Note that the ticket may still be reused in the (exceptional) situation when an attacker manages to get hold of either:

• the session key KAB
• the shared key KA (even if A changes to a new key K ′

A)

Bart Jacobs Version: fall 2010 Computer Security 23 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Better include nonce as session-binder in a ticket

A

hi, I’m A, let’s talk

B

A B

KB{A,NB}

• A

I’m A & want B,NA,KB{A,NB} KDC

A KDC

KA{NA,KAB,ticket} ticket=KB{A,KAB,NB}

• A

ticket,KAB{N1}

B

A B

KAB{N1−1,N2}

• A

KAB{N2−1}

B

Bart Jacobs Version: fall 2010 Computer Security 24 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Kerberos intro

• Kerberos is a secret key based authentication service in a

network

• developed at MIT in 1980s
• now used in Windows & Linux (and elsewhere)
• Kerberos splits Key Distribution Center (KDC) into two roles:
• Authentication Server (AS)

Each user X (including the TGS) shares a key KX with the AS.

• Ticket-Granting Server (TGS).
• Kerberos’ aim: let Alice access servers after she has

authenticated herself once:

• by decrypting a secret from the AS
• at her own workstation
• by only locally using her password KA

Subsequently, Alice uses a session key KS.

Bart Jacobs Version: fall 2010 Computer Security 25 / 58

SLIDE 5

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Kerberos 4, protocol

A

I’m A, get me a session key for TGS AS

A AS

KA{KS,ticketTGS} ticketTGS=KTGS{A,KS,validity}

• A

ticketTGS,B,KS{timestamp}

TGS

A TGS

KS{B,KAB},ticketB ticketB=KB{A,KAB}

• A

ticketB,KAB{timestamp}

B

A B

KAB{timestamp+1}

• A and B can communicate under cover of KAB; B trusts that

anyone knowing KAB is acting on behalve of A

• A can use ticketTGS at multiple service providers (for some time)

Bart Jacobs Version: fall 2010 Computer Security 26 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

DigiD intro

• DigiD is central authentication service for government services
• tax, local authorities, social benefits, etc
• operational since 2005
• Citizen identification based on BSN (Burger Service Nummer)
• BSN can be used by all government services
• use in commercial sector not allowed (except in special

mandatory circumstances)

• DigiD has three levels/strengths of authentication
• login + password
• one-time password via SMS
• smart card based (currently not implemented)
• DigiD is based on A-select, which is based on Kerberos

Bart Jacobs Version: fall 2010 Computer Security 27 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

DigiD protocol essentials

Let U = User, PS = Public Service, DS = DigiD Server in the following messages (protected eg. via SSL) U

service request

PS

U PS

rid,level=ℓ

(rid is session identifier)

• rid,level=ℓ

DS

U

rid

DS

U

authenticate, at level ℓ

DS

U DS

ticket = {rid, BSNU, level = ℓ, validity, PS}dDS

• U

ticket

PS

U

service, based on BSNU

PS

Bart Jacobs Version: fall 2010 Computer Security 28 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

OpenId

• Open (standard) framework for Single-Sign On (SSO), used
• eg. by MicroSoft, Google, Yahoo
• Main parties involved:
• Relaying Party (RP), eg. website where authentication is

required

• User (U), who wishes to use some online service from a RP
• Identity Provider (IP), providing authentication, for multiple

RPs.

• In practice, RP = IDP, since no RP trusts other IdP
• Basic mechanisms via redirects:

U − → RP − → U − → IP − → U − → RP

• Focus on usability, not security (eg. ssl is not mandatory)

Bart Jacobs Version: fall 2010 Computer Security 29 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Access control basics

• Terminology: “subjects” can perform “actions” on “objects”
• Two basic access control approaches:

1 list per object who can do what, via “access conrol lists” 2 list per subject (or group, or role) what can be done to which

• bjects, via “capability lists”
• These two can be combined in an access control matrix:
• bj1
• bj2
• bj3

subj1 read read, write read subj2 write write subj2 exec read, exec exec

• The mechanism that checks such permissions is usually called

the reference monitor

Bart Jacobs Version: fall 2010 Computer Security 31 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Slicing things up

If you wish to restrict access, there are two basic forms:

• Horizontal divisions into security levels

top secret secret confidential public ✤ ✣ ✜ ✢ ✛ ✚ ✘ ✙

This may be used both for confiden- tiality and for in- tegrity

• Vertical divisions into security compartments

project 1 project 2 project 3 project 4 ✗ ✖ ✔ ✕ ✓ ✒ ✏ ✑

“Need to know”

• r “Chinese wall”

approach These two approaches can also be combined

Bart Jacobs Version: fall 2010 Computer Security 32 / 58

SLIDE 6

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Operational rules for horizontal slicing

• For confidentiality (most common)
• No read up: you are not allowed to read material of higher

classification than you have (obviously)

• No write down: this may reveal “higher” material to lower

classifications

This is the essence of the so-called Bell-LaPadula (BLP) model; rules may be enforced via “data diodes”

• For integrity
• No write up: if your classification says “can write reliably up-to

level n”, writing higher may spoil integrity there

• No read down: it may spoil your mind, so that you make

mistakes when writing higher up (at your level)

In practice these rules are very restrictive (eg. in multilevel

• perating systems)

Bart Jacobs Version: fall 2010 Computer Security 33 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

OS security issues

• OS security tasks include: identification, authentication,

access control (authorisation), and auditing

• preferably these (sensitive) tasks are concentrated in a small

trusted computing base (TCB)

• small security “micro” kernels recent development, especially

as basis for virtualisation

• Security failures often based on programming errors
• encryption etc. does not help much against them
• ordinary OSs are highly complex & dynamic; they require

constant updating

• problematic for certification
• updates may break consistency in larger systems
• risks from update postponement/neglect and zero-day exploits
• update process itself may also be vulnerable
• (alien) driver software in kernel is problematic

Bart Jacobs Version: fall 2010 Computer Security 34 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Example: Unix/Linux security essentials

• Long history: Unix started as multi-user OS in network, scaled

up to servers, and scaled down to PCs (esp. Linux)

• Originally developed for friendly environments (research labs
• r universities), with weak security mechanisms
• security controls are add-ons, not part of architecture
• Basic philosophy: security is managed by skilled administrator,

not by average user.

• Basic set-up:
• Users have user and group identities (UID, GID); Users can

belong to multiple groups; no security checks for “root” user

• Objects (resources) are files, directories, devices; permission is
• ctal number (like 654) or rw-r-xr--, for owner-group-other
• Processes has several identities (real, effective, saved)

Bart Jacobs Version: fall 2010 Computer Security 35 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Network security, in general

• Being connected is a mixed blessing
• Internet protocols have been designed for robustness, not for

security (benign environment assumed)

• sometimes attacks are shockingly simple
• Security focus on access control (including firewalls), intrusion

detection, and resilience

• Programming errors main source of problems
• keeping up-to-date with security warnings is full-time job
• reporting itself is delicate: responsible disclosure means:

informing manufacturer first, and publishing after some delay

• zero-day exploits valuable (eg. stuxnet used 4!)

Bart Jacobs Version: fall 2010 Computer Security 36 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Basic internet protocols

Layering of protocols:

application (HTTP, FTP, etc) transport (TCP) network/routing (IP) link

• IP = Internet Protocol: routes packets between (multiple)

machines, each with 32 bit address (192.168.1.1 notation)

• TCP = Transmission Control Protocol: reliable, delivers a

stream of bytes between two machines; IP packets can be lost, duplicated, or delivered out of order, but TCP detects these problems, requests retransmission of lost data, rearranges out-of-order data etc.

☛ ✡ ✟ ✠

Security mechanisms can be implemented at different layers

Bart Jacobs Version: fall 2010 Computer Security 37 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Other internet protocols

• DNS = Domain Name System: translates domain names

meaningful to humans into the IP addresses

• lookup: dig porthos.science.ru.nl yields

131.174.30.39 (among others)

• reverse lookup: dig -x 131.174.30.38 yields

poly.science.ru.nl

• SNMP = Simple Network Management Protocol
• used for configuring machines in the network
• originally without security
• ICMP = Internet Control Message Protocol
• used for error & status messages
• includes eg. ping

Bart Jacobs Version: fall 2010 Computer Security 38 / 58

SLIDE 7

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Typical network protocol (attack)

• First, note: on the internet it is easier to send a message with

a forged sender address than to intercept a message

• used for address- (instead of crypto-) based authentication
• Three-way handshake is used for setting up TCP connections,

with ‘SYN’ and ‘ACK’ as message types

• Simple exchange of 32 bit nonces:

1. A − → B : A, SYN(NA) 2. B − → A : ACK(NA + 1), SYN(NB) 3. A − → B : ACK(NB + 1)

• easy to forge 1, but difficult to intercept 2, so attacker does

not see NB and does not know how to reply

• however, in many (old) implementations NB is predictable
• eg. by setting up a proper connection with B first
• Once message 3 is accepted, the attacker can request services

from B, masqueraded as A: “blind connection forgery”

Bart Jacobs Version: fall 2010 Computer Security 39 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Another attack (DOS)

DOS attacks are popular these days, eg. Anonymous group using LOIC (Low Orbit Ion Cannon) network stress test tool

• SYN-flooding
• A sends many SYN(NA) packets (message 1), without

responding to the second message

• B reserves some memory for NB, with each (expected)

connection

• B runs out of memory, at some stage, and falls over
• Crypto-based defence (by Dan Bernstein, see http://cr.yp.to)
• make NB = K{NA}
• as result, B need not keep state
• implemented in Linux

Bart Jacobs Version: fall 2010 Computer Security 40 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

More DOS attackes, via amplification

• A broadcast ip address reaches many machines
• it can be abused for a smurf DOS attack:
• send a ping message to such a broadcase address
• put the victim’s address as (forged) source of this ping
• this victim will receive ping-replies from all machines reachable

via the broadcast address

• Most routers have now been reconfigured to obstruct such

attacks

• A fraggle attack is similar, but uses UDP packets

Bart Jacobs Version: fall 2010 Computer Security 41 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Security at different layers

• Hardening the infrastructure
• Ideally invisible to the user
• IPSec (often used for VPNs), DNSsec
• End-to-end security:
• op top of (insecure) infrastructure
• can be built into applications, but often requires explicit action
• SSL/TLS, ssh/scp/sftp, PGP, S/Mime, Tor, etc.

Bart Jacobs Version: fall 2010 Computer Security 42 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Protocol example: Pretty Good Privacy (PGP)

• PGP provides:
• confidentiality, via symmetric (IDEA) encryption with session

key

• integrity, authenticit and non-repudiation via (RSA) signature
• As single protocol line, for plaintext m

A − → B : {K}eB, K{zip(m, [hash(m)]dA)}

• Recent unsigned data injection vulnerability found by Verheul
• due to sloppy parsing by PGP Desktop (versions 8-10)
• see paper on the web for more details
• demonstrates that critical review of open source software can

take a long time . . .

Bart Jacobs Version: fall 2010 Computer Security 43 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Protocol example: Secure Socket Layer (SSL)

• SSL was introduced in the Netscape browser in 1995
• became an open (slightly different and incompatible) standard

“TLS” but is still most frequently used as SSL.

• SSL builds a secure connection between two sockets, including

1 Parameter negotiation between client and server 2 One-way (by server) or two-way authentication 3 confidentiality & integrity

• SSL consists of two subprotocols:
• establishing a secure connection
• using it

Bart Jacobs Version: fall 2010 Computer Security 44 / 58

SLIDE 8

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

One-way Client-Server SSL-authentication

C

m1=[SSL version, preferences,NC ]

S

C S

m2=[SSL version, choices,NS,X.509 certificate, session id]

• C

m3=[{PMK}eS , h(MK, m1m2C)] where MK=f (PMK,NC ,NS)

S

C S

h(MK,m1m2S)

• C

data protected with keys derived from MK

S

• Preferences are of the form ‘SSH2-3des-cbc-hmac-sha1’
• PMK is 384 bit PreMaster Key, generated by C; MK is Master Key
• session id is used for resuming (web) connections

Bart Jacobs Version: fall 2010 Computer Security 45 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Cyber war

• Title of a recent book (2010), by Richard Clarke:
• former top counter-terrorism advisor under President Clinton
• cybersecurity czar under President Bush
• Several cyberwar incidents:
• Iraqi military officers received US warning/advise email on

their military accounts before the 2003 gulf war started

• Estonia (2007), several weeks under DOS attack after moving

a sensitive Russian statue; wake-up call for NATO

• Georgia (2008) DOS attack preceded Russian invasion
• DOS attack on US and South-Korean computers at the time
• f several North-Korean (test) missile launches
• Many countries have cyberwar capabilities. US is not leading:
• its offensive capabilities may be strong(est)
• US is most vulnerable to attacks (compared to possible

adversaries)

Bart Jacobs Version: fall 2010 Computer Security 47 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Clarke’s 21 questions

1 What do we do if we wake up one day and find the western

half of the U.S. without electrical power as the result of a cyber attack?

2 Is the advent of cyber war a good thing, or does it place us at

a disadvantage?

3 Do we envision the use of cyber war weapons only in response

to the use of cyber war weapons against us?

4 Are cyber weapons something that we will employ routinely in

both small and large conflicts? Will we use them early on in a conflict because they give us a unique advantage in seeking

• ur goals, such as maybe effecting a rapid end to the conflict?

5 Do we think we want to have plans and capabilities to

conduct “stand-alone” cyber war against another nation? And will we fight in cyberspace even when we’re not shooting at the other side in physical space?

Bart Jacobs Version: fall 2010 Computer Security 48 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Clarke’s 21 questions, ctd

6 Do we see cyberspace as another domain (like the sea,

airspace, or outer space) in which we must be militarily dominant and in which we will engage an opponent while simultaneously conducting operations in other domains?

7 How surely do we have to identify who attacked us in

cyberspace before we respond? What standards will we use for these identifications?

8 Will we ever hide the fact that it was us who attacked with

cyber weapons?

9 Should we be hacking into other nations’ networks in

peace-time? If so, should there be any constraints on what we would do in peace-time?

10 What do we do if we find that other nations have hacked into

• ur networks in peacetime? What if they have left behind

logic bombs in our infrastructure networks?

Bart Jacobs Version: fall 2010 Computer Security 49 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Clarke’s 21 questions, ctd

11 Do we intend to use cyber weapons primarily or initially

against military targets only? How do we define military targets?

12 Or do we see the utility of these weapons being their ability to

inflict disruption on the economic infrastructure or on the society at large?

13 What is the importance of avoiding collateral damage with

• ur cyber weapons? How might avoiding it limit our use of

the weapons?

14 If we are attacked with cyber weapons, under what

circumstances would, or should, we respond with kinetic weapons? How much of the answer to this question should be publicly known in advance?

Bart Jacobs Version: fall 2010 Computer Security 50 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Clarke’s 21 questions, ctd

15 What kind of goals specific to the employment of cyber

weapons would we want to achieve if we conducted cyber war, either in conjunction with kinetic war or as a stand-alone activity?

16 Should the line between peace and cyber war be brightly

delineated, or is there an advantage to us in blurring that distinction?

17 Would we fight cyber war in a coalition with other nations,

helping to defend their cyberspace and sharing our cyber weapons, tactics, and targets?

18 What level of command authority should authorize the use of

cyber weapons, select the weapons, and approve the targets?

Bart Jacobs Version: fall 2010 Computer Security 51 / 58

SLIDE 9

Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Clarke’s 21 questions, ctd

19 Are there types of targets that we believe should not be

attacked using cyber weapons? Do we attack them anyway if similar U.S. facilities are hit first by cyber or other weapons?

20 How do we signal our intention with regard to cyber weapons

in peacetime and in crisis? Are there ways that we can use

• ur possession of cyber weapons to deter an opponent?

21 If an opponent is succesful in launching a widespread,

disabling attack on our military or on our economic infrastructure, how does that affect our other military and political strategies?

Bart Jacobs Version: fall 2010 Computer Security 52 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Terrorism, in general

• What is terrorism in the first place?
• definition strongly dependent on one’s own political/historical

views

• eg. are WWII resistance fighters terrorists?
• what about Palestinians fighting Israeli occupation?
• Very general description of terrorism:

politically or ideologically motivated threatening or use of violence (often by small groups aimed at the public at large)

• Actual number of casualties is really limited
• eg. in comparison to road casualties
• Still, authorities react strongly and introduce profound

changes in order to combat terrorism

• laws enabling non-selective surveillance of the population
• stricter security measures in public places
• tasks for intelligence services & special forces

Bart Jacobs Version: fall 2010 Computer Security 53 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Bob de Graaff’s 20 points

Bob de Graaff is professor of (counter)terrorism at Den Haag; the list of observations below comes from a NISA lecture (10/9/10)

1 Difference between national and international threats

diminishes, so nations feel more free to interfere in other nations’ internal affairs

2 Difference between what is public and private diminishes, so

nations feel more free to interfere in people’s private lives

3 Difference between public and private tasks diminishes, eg. in

hiring private security contractors (with little public supervision/control)

4 Under pressure to act, authorities have little time to think and

take decisions based on instincts and gut feelings

5 Iterative intelligence cycles (direction, collection, processing,

analysis, dissemination, feedback) become parallel and less systematic

Bart Jacobs Version: fall 2010 Computer Security 54 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Bob de Graaff’s 20 points, ctd

6 Intelligence relies more on open sources and data mining;

everyone is a suspect and is under constant surveillance

7 Policy makers do their own intelligence analysis, leading to

• either: frustration among intelligence professionals
• or: intelligence to please

8 Intelligence services become more public, and (thus) under

expectation pressure

9 Difference between military and civil intelligence diminishes 10 Difference between intelligence analysis and operations

diminishes

11 Difference between intelligence and covert operations (often

more controversial) diminishes

12 Difference between intelligence and policing diminishes 13 Vaguer boundaries between different forms of conflict: war,

terrorism, guerrilla, insurgency; the approaches become similar

Bart Jacobs Version: fall 2010 Computer Security 55 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

Bob de Graaff’s 20 points, ctd

14 An integrated approach to countering terrorism undermines

historically grown separations among state institutions

15 Self-defensive and pre-emptive action become synonimous;

hence states adopt terrorist methods themselves

16 Difference between war and peace diminishes 17 Dependence on non-western intelligence agencies increases,

with their own norms, possibly leading to moral problems

18 Difference between suspicion and proof diminishes (eg. in

Cheney doctrine: If there’s a 1% chance of a nuclear weapon threat, we have to treat it as a certainty in terms of our response)

19 Authorities judge people increasingly on ideas and intentions

than on their acts (leading to societal distrust and threat of a thought-police)

20 Difference between state of law and dictatorship diminishes

Bart Jacobs Version: fall 2010 Computer Security 56 / 58 Authentication and Identity Management Operating System and Network Security Cyber war and terrorism Conclusions

Radboud University Nijmegen

What this course tried to achieve

• Insight both in:
• basic computer security mechanisms
• design & usage issues, in organisations and in society
• Expected competences on-the-job:
• computer scientists should master technicalities
• information scientists should be able to translate & exploit the

relevance of these technicalities for the business/organisation

(there is greatest need for people who can do this)

• But ideally, you should be able to do both!

Bart Jacobs Version: fall 2010 Computer Security 58 / 58