Post on 21-Dec-2015
Security
i206 Fall 2010
John Chuang
Some slides adapted from Coulouris, Dollimore and Kindberg; Dave Messerschmidt; Adrian Perrig
John Chuang 2
Security
Bits & BytesBinary Numbers
Number Systems
Gates
Boolean Logic
Circuits
CPU Machine Instructions
Assembly Instructions
Program Algorithms
Application
Memory
Data compression
Compiler/Interpreter
OperatingSystem
Data Structures
Analysis
I/O
Memory hierarchy
Design
Methodologies/Tools
Process
Truth tableVenn DiagramDeMorgan’s Law
Numbers, text,audio, video, image, …
Decimal, Hexadecimal, Binary
AND, OR, NOT, XOR, NAND, NOR,etc.
Register, CacheMain Memory,Secondary Storage
Context switchProcess vs. ThreadLocks and deadlocks
Op-code, operandsInstruction set arch
Lossless v. lossyInfo entropy & Huffman code Adders, decoders,
Memory latches, ALUs, etc.
DataRepresentation
Data
Data storage
Principles
ALUs, Registers,Program Counter, Instruction Register
Network
Distributed Systems Security
Cryptography
Standards & Protocols
Inter-processCommunication
Searching, sorting,Encryption, etc.
Stacks, queues,maps, trees, graphs, …
Big-O
UML, CRC
TCP/IP, RSA, …
ConfidentialityIntegrityAuthentication…
C/S, P2PCaching
sockets
Formal models
Finite automataregex
John Chuang 3
Introduction
What is security? What do we mean by a secure system?
John Chuang 4
Attacks
Eavesdropping - passwords, credit card
numbers, etc. Tampering of data
- Birthday attack Impersonation
- Replay attack- Man-in-the-middle
attack (e.g., IP address spoofing)
- Phishing attack
Unauthorized access- System vulnerabilities- Social engineering (e.g.,
bribe, black-mail)- Password guessing (e.g.,
dictionary attack) Denial-of-Service attack Spam Trojan horses, viruses,
worms …
Wide ranging scope Some common attacks:
John Chuang 5
Security Properties “CIA” and “AAA”
Confidentiality- Prevents eavesdropping
Integrity- Prevents modification of data
Authentication- Proves your identity to another party; prevents
impersonation Accountability (non-repudiation)
- Enables failure analysis; serves as deterrent Authorization
- Prevents misuse Availability
- Safeguards against denial-of-service
John Chuang 6
Cryptography
Cryptographic primitives:- Encryption
-Symmetric-key (e.g., DES, AES) -Asymmetric-key (e.g., RSA)
- Cryptographic hash (message digest)-e.g., MD5, SHA-1
- Digital signature-e.g., PKCS
John Chuang 7
The Principals
Alice Bob Carol …and… Eve (eavesdropper -- passive attacker) Mallory (active attacker -- can intercept, modify, and forward messages)
Trent/Trudy (trusted 3rd party)
John Chuang 8
QuickTime™ and a decompressor
are needed to see this picture.
http://xkcd.com/177/Eve’s Story
John Chuang 9
Encryption
Encryption/decryption algorithms are published Encryption/decryption keys are kept secret Symmetric cryptography
- e-key = d-key- Principals need to share the symmetric key, and keep it secret
Asymmetric (public-key) cryptography- e-key != d-key- One key made public; the other kept private
encryption decryptionplaintext plaintext
e-key d-key
ciphertext
John Chuang 10
Symmetric Cryptography
Many schemes are available: DES, 3DES, AES, RC4, IDEA, …
In general, the strength of an encryption scheme is a function of the key length (because of exhaustive key search)
Moving target as hardware capabilities improve over time- DES (data encryption standard, 1975) uses 56 bit key length; became vulnerable to exhaustive key search
- Replaced in 2002 by AES (advanced encryption standard, 1998) which uses key lengths of 128, 192, or 256 bits
John Chuang 11
Each principal has public key K and private key K-1
K-1 is kept secret, and cannot be deduced from K K is made available to all Encryption and decryption with K and K-1 are commutative: {{D}K-1}K = {{D}K}K-1 = D
Challenge: how to choose K and K-1?
Asymmetric Cryptography
encryption
private key public key
document D document Ddecryption
encryption
private keypublic key
document D document Ddecryption
John Chuang 12
RSA
Algorithm by Rivest, Shamir, Adleman (1977) for generating K and K-1 based on the fact that factoring is hard
RSA key generation:- Choose n, e, d such that:
- n=p*q where p and q are two large and distinct prime numbers
- e*d = k(p-1)(q-1)+1 where k is a positive integer Public key: {n,e}; Private key: {n,d}
- RSA key lengths 1024 bits or 2048 bits (256 or 512 bits no longer secure)
- n and e are published; p, q, and d are kept private
Given document D:- encryption: ciphertext = c = D e (mod n)- decryption: plaintext = D = c d (mod n)
John Chuang 13
Performance
Asymmetric cryptography 3-5 orders of magnitude slower than symmetric cryptography
Use asymmetric cryptography to exchange symmetric key; data encrypted using symmetric cryptography:
A B: {KAB}KB, {D}KAB
Asymmetric cryptography has other important uses as well …
John Chuang 14
Authentication
Based on one or more of the following:- Something you are (e.g., fingerprint, pattern on iris, DNA sample)
- Something you know (e.g., password, PIN, mother’s maiden name)
- Something you have (e.g., ATM card, Driver’s License, private key K-1)
John Chuang 15
Digital Signature (Version 0.1)
Alice signs document by encrypting it with her own private key
A B: {D}KA-1
Bob verifies the signature by decrypting it using A’s public key, i.e., compute D = {{D}KA
-1 }KA
Two outcomes: - digital signature provides non-repudiation (accountability)
- Alice is authenticated to Bob. (How?) There is another problem -- performance
encryption
private key public key
Document D Document Ddecryption
John Chuang 16
Cryptographic Hash/ Message Digest
Digest function maps arbitrary length message D to fixed length digest H(D)-MD5 (128 bit digest) and SHA-1 (160 bit digest) are commonly used
One-way function: given H(D), can't find D
Collision-free: infeasible for attacker to generate D and D' such that H(D) = H(D')-Otherwise vulnerable to the birthday attack
message
digest
John Chuang 17
Birthday Attack
Alice prepares two contracts D (fair) and D’ (fraudulent) that produce the same hash, i.e., H(D) = H(D’)
Alice asks Bob to sign D, takes Bob’s signature and attach it to D’
The “birthday paradox”:- Need 183 persons in a room to have a 50% chance that someone has the same birthday as you
- But only need 23 persons in a room to have a 50% chance that two persons share the same birthday
Implication: digest length has to be much longer than 8-9 bits
John Chuang 18
Digital Signature (Version 1.0)
A B: D, {H(D)}KA-1
Bob:- Computes hash of message, H(D)- “Decrypts” signature: {{H(D)}KA
-1 }KA
- Verifies H(D) = {{H(D)}KA-1 }KA
signature
Sender: Alice
Alice's Private Key Alice's Public Key
verifysignature
computesignature
computedigest
computedigest
Receiver: Bob
D D
signature
John Chuang 19
Public Key Management
How does Bob know that KA is really the public key of Alice?
John Chuang 20
Public Key Certificate
A binding of key to identity, signed by a certificate authority (CA)
A, KA, {H(A, KA)}KCA
-1
PKI (public key infrastructure) provides support for certificate hierarchy with root certificate at the top of the tree
CA signature
Alice’s certificate
John Chuang 21
Summary
So, what have we achieved with digital signatures?- Authentication- Integrity- Non-repudiation (accountability)
Can combine with encryption to provide:- Confidentiality
John Chuang 22
Security Properties “CIA” and “AAA”
Confidentiality- Prevents eavesdropping
Integrity- Prevents modification of data
Authentication- Proves your identity to another party; prevents
impersonation Accountability (non-repudiation)
- Enables failure analysis; serves as deterrent Authorization
- Prevents misuse Availability
- Safeguards against denial-of-service
John Chuang 23
Availability
Denial-of-Service (DoS) Attack: - Making a computer resource or service unavailable to users by overwhelming the computational and/or communication resources of the victim system
DoS statistics (Moore et al., Usenix 2001): - Prevalence: 13,000 DoS attacks recorded in 3 weeks
- Duration: an attack can last for hours- Intensity: 600,000 packets per second
2008 ISP Infrastructure Security Report (Arbor, 2008)- Largest DDoS attack peak traffic volume of 40Gbps
John Chuang 24
TCP SYN Flood Attack
TCP session establishment- A B: SYN- B A: SYN + ACK- A B: ACK
B has to keep state for every half-open connection, and an idle connection is closed only after long timeout
An attacker sends many SYN messages (with spoofed source IP addresses) to victim B
Legitimate clients cannot establish TCP session with B
Process A Process B
SYN3-Way handshake to establish TCP session
SYN + ACK
Conversation
ACK
Teardown
FIN
FIN + ACK
ACK
Data + ACK
Data + ACK
John Chuang 25
Distributed DoS (DDoS) Attack
Attacker takes over machines via viruses or Trojan horses and launches DoS attack from these “zombies” or “bots”
No effective defense:- No direct cryptographic solution- Approaches: filtering, traceback
Misaligned incentives- Individuals not motivated to patch their machines
John Chuang 26
Botnets
A network of bots (Trojan horses) under the command & control of botnet operator
Botnet operators may control millions of machines and use them to launch DDoS attacks, send spam, perform keylogging, commit click fraud,…- Estimate: 70-90% of spam come from botnets
Underground market for botnet service- e.g., $500 for a DDoS attack using 10K bots- e.g., sites asked to pay $10-50k in extortion
Sou
rce:
Cis
co