Introduction

IS 302: Information Security and TrustWeek 1: Introduction to IST, Security, and

Networks

2010

© Yingjiu Li 2005 2

Introduction to IST


Course Objectives• Security challenges and solutions for a company

SEC

– Financial reports, payroll, business secrets, login database

– Alice, Bob, Mallory

– Concepts, models, algorithms, protocols

– Requirements, constraints, tradeoffs, applications


Course Prerequisite

1. Being familiar with at least one programming language (e.g., Java)

2. Basic knowledge about discrete mathematics, networks, and databases


Basic Modules

Background and Basic Concepts (1 week)Background and Basic Concepts (1 week)

Applied Cryptography

(4 weeks)

Applied Cryptography

(4 weeks)

NW Security(3 weeks)

NW Security(3 weeks)

Access Control(1 week)

Access Control(1 week)

Quiz, invited talk, & project present. (3 week)Quiz, invited talk, & project present. (3 week)

Security in Computing: International EditionAuthor: Charles P. Pfleeger

Shari Lawrence Pfleeger

Edition: 4th edition

ISBN: 9780136012962

Information Security & Trust

Available in your school bookshop!


Course Material

• Teaching material is available at

http://www.mysmu.edu/faculty/yjli/

• Communication in SMU emails– Please make sure that your SMU email is open

and not full. – Please check your SMU emails daily




Grading• Individual Assignment (10%)

– Assignment 1(week 3)– Assignment 2 (week 10)

• Group Project (25%)– Draft due in week 9 (Friday)– Presentation in weeks 12 and 13 (10%)– Final report due in week 14 (15%)

• Midterm Quiz (15%; week 7) • Final Exam (40%; week 15)

– SMU final exam policy: Students are not allowed to reschedule their examination or request for special arrangements of the examination from instructors.

• Participation (10%; subjective)


Policies• Honor code

– No plagiarism or cheating (SMU Code of Student Conduct)

• Due time (assignments, project, quiz, exam)– Strictly enforced

– Points (~10%) deducted for late turn-in

• Excuses– No excuse for project, midterm quiz, and final exam

– Must be approved by the lecturer in other cases


Contact Information• Yingjiu Li

– Phone: 6828 0913– Office: 80-04-049– [email protected] – http://www.mysmu.edu/faculty/yjli/

• TA– Mayank Agarwal ([email protected]) for

G5, G6– Zheng Kaiwen ([email protected]) for

G4, G5– Qiang Yan ([email protected]) for G4,

G6

mailto:[email protected]






Basic Security Concepts


What is information

security?


Classical Security Objectives

INTEGRITYmodification

AVAILABILITYaccess

CONFIDENTIALITYdisclosure


Classical Security Objectives

• Confidentiality (secrecy, privacy)– Information is not exposed to unauthorized

parties.

• Integrity– Information is not modified by unauthorized

parties.

• Availability– Information can be accessed by authorized

parties at proper time.

© Yingjiu Li 2005 R. Sandhu 15

The Fourth Objective

INTEGRITYmodification

AVAILABILITYaccess

CONFIDENTIALITYdisclosure

USAGEmisuse

• electronic commerce, electronic business• DRM, client-side controls


Discussions

• Google and Microsoft plans for online personal health records– http://www.computerworld.com/action/article.d

o?command=viewArticleBasic&articleId=9043038

– What are the confidentiality, integrity, availability, and usage concerns in this scenario?

– How about Singapore Government’s EMR?

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9043038




Threat, Vulnerability and Attacks

• Threat– something bad that could happen

• Vulnerability– weakness in an information system that could

be exploited

• Attack– some action taken by a malicious intruder– Passive Adversary– Active Adversary


Example of ThreatsLogin and identity theft:

– Exposure of 88,000 user logins and passwords at Texas A&M

– Exposure of contact information of 6.3 million Ameritrade customers

– Exposure of credit card numbers for over 94 million shoppers at stores owned by TJX

• http://www.boston.com/business/globe/articles/2007/10/24/court_filing_in_tjx_breach_doubles_toll/

http://www.boston.com/business/globe/articles/2007/10/24/court_filing_in_tjx_breach_doubles_toll/

http://www.boston.com/business/globe/articles/2007/10/24/court_filing_in_tjx_breach_doubles_toll/


How secure are we

now?


Hardware and Software Grow

• Moore’s law– Processing power doubles every 18 months

• Gates’ law – Software grows to use all available memory

and processing power• Multics 1970: ~55k lines of code

• Windows 2000: ~55M lines of code


Number of Vulnerabilities

• Neumann’s law– Number of bugs increases as square of code

size– Number of vulnerabilities is approximately

linear in the number of program bugs


Security Risk

• Metcalfe’s law– Value of a network is square of number of users– Internet 1970: ~10K users– Internet 2005: ~1B users

• Evan’s Law– Security risk is the product of the number of

vulnerabilities and the value of network


Attack Easy, Defense Hard

– An intruder only needs to find one vulnerability

– Defender needs to control all possible vulnerabilities

Principle of Easiest Penetration

An Intruder can exploit any vulnerability to launch a penetration or attack


What can we do

about security?


How to Achieve Security (Control)

• Policy– What we are trying to protect

• Mechanism– How to enforce the security

policy

• Assurance– How well the security

mechanism enforces the policy

Policy

Mechanism

Assurance

Security


Security Tradeoffs

• Security is not free

Security

Functionality Ease of use

Cost


Discussion

• Good-Enough Security– http://www.list.gmu.edu/journals/ic/03-sandhu-

good.pdf– Why good enough always beat perfect?– What is really hard?– How to achieve good enough security?– How frequent should SMU password be

updated?

http://www.list.gmu.edu/journals/ic/03-sandhu-good.pdf

http://www.list.gmu.edu/journals/ic/03-sandhu-good.pdf


Introduction to Networks


Where do you live

and where do you

go?


Address

• IP Address: An Internet identifier for each network interface– Example: 202.161.41.246

• Hostname: An Internet identifier of a host.– Example: www.smu.edu.sg

• Domain name: An identifier of a domain, which is a network of associated hosts.– Example: smu.edu.sg


Network Diagram


Example: Campus Network


Router

• The postman in the Internet– store and forward

• On arrival of an IP packet, it makes a routing decision based on the packet’s destination IP address.

• Routing decision: to choose the next router to forward the packet


Router Architecture Overview

Two key router functions:

• run routing algorithms/protocol (RIP, OSPF, BGP)• forwarding datagrams from incoming to outgoing link


Getting A Datagram from Source to Destination

IP datagram:

Src Addr Des Addr Data

• each host and router has a routing table

• datagram remains unchanged, as it travels from source to destination


Getting a datagram from source to destination

223.1.1.1 223.1.1.3 Data

Starting at A, given IP datagram addressed to B:• look up net address of B• find B is on same net as A• link layer will send datagram directly to B inside link layer frame - A and B are directly connected



223.1.1.1 223.1.2.2 Data

Starting at A, dest. E• look up net address of E• find E on different network - A and E not directly attached• routing table: next hop router to E is 223.1.1.4 • link layer sends datagram to router 223.1.1.4 inside link layer frame• datagram arrives at 223.1.1.4• continued …



223.1.1.1 223.1.2.2 Data

Arriving at 2231.1.4, destined for 223.1.2.2• look up net address of E• find E on the same net as router’s interface 223.1.2.9 - router and E directly attached• link layer sends datagram to 223.1.2.2 inside link layer frame through interface 223.1.2.9• datagram arrives at 223.1.2.2!


Domain Name System (DNS)

• A service to translate “Names” to “IP” addresses

your laptop

www.google.com

local DNS serverns01.staff.smu.edu.sg

1

2

authoritative DNS serverdns.google.com

3

4


How do you talk to

each other?


Transport services and protocols• provide logical communication

between app processes running on different hosts

• transport protocols run in end systems

– send side: breaks app messages into segments, passes to network

– rcv side: reassembles segments into messages, passes to applications

• more than one transport protocol available to apps

– Internet: TCP and UDP

application

transportnetworkdata linkphysical

application


networkdata linkphysical



networkdata linkphysicalnetwork

data linkphysical

logical end-end transport


Internet transport-layer protocols

• reliable, in-order delivery (TCP)– connection setup

• unreliable, unordered delivery: UDP

• services not available: – delay guarantees

– bandwidth guarantees

application


application





networkdata linkphysicalnetwork

data linkphysical

logical end-end transport


Port and TCP• Port: an identity of application• IP address + port number can uniquely identify an

application running in a host in the Internet.• Well-known Port numbers:

– Web: TCP port 80– Email Transportation: TCP port 25– Email Retrieval: TCP port 110– DNS: UDP port 53

• Both the client and the server need to specify their port numbers for data transmission.


Data Transmission Using TCPClient

Server

Seq=42, ACK=79, client data

Seq=79, ACK=43, server data

time

SYN

SYN, ACK

1. connection setup

2. data transmission

3. connection close

FIN

FIN

Listening to a TCP port, e.g. TCP port 80


How do you surf

web?


Web and HTTP• Web page consists of objects• Object can be HTML file, JPEG image, Java

applet, audio file,…• Web page consists of base HTML-file which

includes several referenced objects• Each object is addressable by a URL• Example URL:

www.someschool.edu/someDept/pic.gif

host name path name


HTTP overview

HTTP: hypertext transfer

protocol

• Web’s application layer protocol

• client/server model

– client: browser that requests,

receives, “displays” Web

objects

– server: Web server sends

objects in response to requests

• HTTP 1.0: RFC 1945

• HTTP 1.1: RFC 2068

PC runningExplorer

Server running

Apache Webserver

Mac runningNavigator

HTTP request

HTTP request

HTTP response

HTTP response

Server:• always on• fixed address

HTTP has nothing to do with how a web page is interpretedHTTP has nothing to do with how a web page is interpreted


HTTP overview (continued)Uses TCP:• client initiates TCP

connection to server, port 80• server accepts TCP

connection from client• HTTP messages

(application-layer protocol messages) exchanged between browser (HTTP client) and Web server (HTTP server)

• TCP connection closed

HTTP is “stateless”• server maintains no

information about past client requests


User-server state: cookiesMany major Web sites use

cookies

Four components:1) cookie header line of

HTTP response message

2) cookie header line in HTTP request message

3) cookie file kept on user’s host, managed by user’s browser

4) back-end database at Web site

Example:– Susan access Internet

always from same PC

– She visits a specific e-commerce site for first time

– When initial HTTP requests arrives at site, site creates a unique ID and creates an entry in backend database for ID


Cookies: keeping “state” (cont.)

client server

usual http request msgusual http response

+Set-cookie: 1678

usual http request msg

cookie: 1678usual http response

msg

usual http request msg

cookie: 1678usual http response msg

cookie-specificaction

cookie-spectificaction

servercreates ID

1678 for user

entry in backend

database

access

acce

ss

Cookie file

amazon: 1678ebay: 8734

Cookie file

ebay: 8734

Cookie file

amazon: 1678ebay: 8734

one week later:


Cookies (continued)

What cookies can bring:

• authorization

• shopping carts

• recommendations

• user session state (Web e-mail)

Cookies and privacy:• cookies permit sites to

learn a lot about you

• you may supply name and e-mail to sites

aside

How to keep “state”:• Protocol endpoints: maintain

state at sender/receiver over multiple transactions

• cookies: http messages carry state


How do you send

email?


Electronic MailThree major components: • user agents

• mail servers

• simple mail transfer protocol: SMTP

User Agent• a.k.a. “mail reader”

• composing, editing, reading mail messages

• e.g., Eudora, Outlook, elm, Netscape Messenger

• outgoing, incoming messages stored on server

user mailbox

outgoing message queue

mailserver

useragent

useragent

useragent

mailserver

useragent

useragent

mailserver

useragent

SMTP

SMTP

SMTP


Electronic Mail: mail servers

Mail Servers • mailbox contains incoming

messages for user

• message queue of outgoing (to be sent) mail messages

• SMTP protocol between mail servers to send email messages

– client: sending mail server

– “server”: receiving mail server

mailserver

useragent

useragent

useragent

mailserver

useragent

useragent

mailserver

useragent

SMTP

SMTP

SMTP


• uses TCP to reliably transfer email message from client to server, port 25

• direct transfer: sending server to receiving server

• three phases of transfer

– handshaking (greeting)

– transfer of messages

– closure

• command/response interaction

– commands: ASCII text http://www.asciitable.com/

– response: status code and phrase

• messages must be in 7-bit ASCII

Electronic Mail: SMTP [RFC 2821]

http://www.asciitable.com/


Scenario: Alice sends message to Bob

1) Alice uses UA to compose message and “to” [email protected]

2) Alice’s UA sends message to her mail server; message placed in message queue

3) Client side of SMTP opens TCP connection with Bob’s mail server

4) SMTP client sends Alice’s message over the TCP connection

5) Bob’s mail server places the message in Bob’s mailbox

6) Bob invokes his user agent to read message

useragent

mailserver

mailserver user

agent

1

2 3 4 56


Demo

• Motivation for email security


Project – Part A• Project (25%) consists of part A (15%) and part B (10%)• Teaming: 10 random teams per class.• References: internet, textbook• • Part A: Open-ended investigation into a security-related topic (each team chooses a

different topic)• Students are given a list of security-related topics such as cell phone security, RFID

system security, and EMR system security• Grading: 5% presentation + 10% project report (5% breadth, 5% depth)• Deliverables: Each team will write a project report on their findings, and deliver an oral

presentation. The report will be within 10~15 pages, using 11pt font, single column and single space format. The oral presentation will be delivered in 20 minutes including Q&A.

• Requirements: In both report and presentation, each team should:• a) Describe the background of the related topic• b) Evaluate major/certain security problem(s) in the field• c) Present solutions to the problem(s)• d) Analyze the possible impact/benefits of deploying the solutions in one or more

business sectors, and provides a simple case study where appropriate


Project – Part B• Part B: prototype simulation and demo of a secure RFID system• Background: Company SEC decides to implement RFID technology to increase the efficiency and

visibility of tracking its products. However, security is a major concern since SEC does not want any of its competitors to be able to collect its RFID information (e.g., its inventory level, where, when, and what products are processed) via the wireless communication channel from a distance. Therefore, it decides to implement a secure RFID communication protocol so that an adversary, without knowing tag secret keys, will not be able to identify or track any tags.

• Setting: there are 1000 RFID tags and one reader. Each of the tags is assigned with a random key of 96 bits, and equipped with a pseudorandom number generator and a hash function (e.g., MD5 or SHA1). The reader maintains a database of the keys for all 1000 tags.

• Protocol: the protocol is run between the reader and any tag. To authenticate or identify the tag, the reader first generates a random number C1 of at least 80 bits, and sends it to the tag. Upon receiving C1, the tag generates another random number C2, computes R=Hash(K,C1,C2), and sends (C2, R) back to the reader, where K is the key of this tag. Upon receiving (C2, R), the reader will search in its database to find out the correct key K which will produce the same R as received from the tag. The reader will output the serial number of this key K in its database as the tag’s ID.

• Requirements: the students are required to simulate the protocol in programming (e.g., Java, or OpenSSL). The input of the protocol is any tag (whose key is taken from the reader’s database). The output should be the correct serial number of the tag’s key in the reader’s database, as well as the exact time that is spent by the reader in identifying the tag in the protocol. Additional requirement (optional) is to simulate the memory of EPC tag in protocol running.

• Deliverables: the students should demo their simulation of the protocol within 10 minutes in their presentations (in week 13). In addition, they need to write a report within 5 pages on their designs, and attach their codes. In the report, the students should analyze why this protocol is secure.

• Grading: 10% based on both demo and report (4% correctness, 3% security, 3% efficiency and quality).


Project – Due Time• The project outline/draft within 5 pages on

both part A and part B (hardcopy) is due before or during the class in week 9.

• The presentations will be in week 12 and demo in week 13.

• The final report is due on Monday in week 14.


Project – Topics • 10 random teams (mod 10); each team chooses a different

topic from the following list1. Single sign-on and/or identity management, 2. RFID system security/privacy, 3. Trusted computing platform module (TPM), 4. Digital rights management (DRM), 5. anti-virus and/or firewall and/or intrusion detection systems6. anti-phishing and/or anti-spam, 7. privacy of personal information in database or data publication 8. risk analysis, 9. Electronic medical record (EMR) system security10. Cell phone security/privacy


Review Questions1. Security objectives include

a) Confidentiality, integrity, and availabilityb) Policy, mechanism, and assurancec) Functionality, ease of use, and cost

2. Assume that a software system increases 10 times in terms of code size and the number of its users doubles during the past fives, how many times the security risk increases?

a) 40 b) 400 c) 2003. Which protocol is designed for the purpose of

web browsing?a) TCP b) HTTP c) SMTP

Introduction

Documents

Transcript of Introduction