Weeks 1-2 Lectures.pdf
Transcript
Foundations of Computer Security Week 2 Agenda ▪ Definitions ▪ Security strategies – Prevention – detection – reaction ▪ Security objectives – Confidentiality – integrity – availability – Accountability – non-repudiation – authentication ▪ Sec...
Foundations of Computer Security Week 2 Agenda ▪ Definitions ▪ Security strategies – Prevention – detection – reaction ▪ Security objectives – Confidentiality – integrity – availability – Accountability – non-repudiation – authentication ▪ Security Threats www.wiley.com/go/gollmann 2 Where is security a concern? ▪ Business environment: cash flow, commercial image and shareholder confidence, intellectual property ▪ Military environment: exclusive access to and effectiveness of weapons, communications secrecy ▪ Medical environment: confidentiality and integrity of patient records, equipment safety ▪ Households: privacy, correct billing, security alarms ▪ Society at large: utility services, communications, transport,... Security is Interdisciplinary 5 ▪ Draws on all areas of CS – Theory – Networking – Programming languages/compilers – Operating systems – Databases – AI and data mining – Computer architecture / hardware – HCI, psychology What This Course is About 6 ▪ Introduction to information security and privacy ▪ Main themes of the course – Learn about attacks (Don’t use this knowledge illegally) – Learn about preventing attacks ▪ Lectures on related topics – Cryptography – Software security – Operating system security – Network security (Brief introduction) – Web security and privacy Cryptography 7 Talking to Talking to Bob Alice Alice Secret key establishment: Bob attacker??? k m1 k Secure communication: m2 confidentiality and integrity Software Security 8 ▪ Attacker’s goal: – Take over target machine Execute arbitrary code on target by hijacking application control flow ▪ Buffer overflow attacks ▪ Format string vulnerabilities ▪ Malware ▪ Possible solutions Operating system security 9 OS Attacker Controls malicious files and applications Alice Network Security 10 people Remote login, email application TCP transport IP network 802.11 data link RF physical Only as secure as the single weakest layer… Network Security 11 people Remote login, email application SSH, PGP TCP transport TLS/SSL IP network IPSec 802.11 data link WEP, WPA2 RF physical Physical layer security Only as secure as the single weakest layer… Web security and privacy 12 System Web Attacker Sets up malicious site visited by victim; no control of network Alice Aspects of Security ▪ Distributed systems: computers connected by networks ▪ Communications (network) security: addresses security of the communications links ▪ Computer security: addresses security of the end systems; today, this is the difficult part ▪ Application security: relies on both to provide services securely to end users ▪ Security management: how to deploy firewall security technologies www.wiley.com/go/gollmann 13 Insider Fraud ▪ Programmer writing code for a bank made the program ignore overdrafts on his account. ▪ Discovered when the computer broke down and accounts were processed manually. ▪ Suspended sentence (money repaid). ▪ Fired, but re-hired as contractor. 1966 From: A.R.D. Norman: Computer Insecurity, Chapman & Hall, 1983 www.wiley.com/go/gollmann 14 Espionage – Identity Fraud ▪ Setting: competitors A and B with a common customer C; communication by phone to secret (unlisted) phone numbers. ▪ Employee of A finds out about the secret number C uses to call B (displayed over a terminal). ▪ Uses this number to ring B pretending to be C. ▪ Searches the filesystem, requests code to be sent to his terminal and punched cards to be sent. ▪ Discovered when B asks C about the cards and C knows nothing about it. ▪ Believed to be the first case where a warrant was used to search computer memory. 1971 From: A.R.D. Norman: Computer Insecurity, Chapman & Hall, 1983 www.wiley.com/go/gollmann 15 Password Sniffing ▪ Student wrote program for time-sharing system and left it on disk for curious users. ▪ On execution the program would “crash” and then ask for username and password. ▪ Username and password were collected and later used to delete the victims’ files. 1978 From: A.R.D. Norman: Computer Insecurity, Chapman & Hall, 1983 www.wiley.com/go/gollmann 16 TCP Session Hijacking ▪ Predict challenge to send messages that appear to come from a trusted host. SYN x SYN ACK x+1, y ACK y+1, x+1 TCP handshake First warning 1984 www.wiley.com/go/gollmann 17 Denial of Service ▪ TCP SYN flooding: exhaust responder’s resources by creating half-open TCP connection requests. SYN x SYN x y SYN ACK x+1,y y SYN ACK x+1,y SYN x’ ACK y+1, x+1 y’ SYN ACK x’+1,y’... TCP handshake SYN flooding attack www.wiley.com/go/gollmann 18 Definitions ▪ A computing system is a collection of hardware, software, storage media, and data that an organisation uses to perform computing tasks. ▪ A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. ▪ A vulnerability is a weakness of a system that could be accidentally or deliberately exploited. ▪ Computer Security is the protection of any computing system from threats. ▪ An attacker is anyone who poses a threat to an organization (sometimes called hacker/cracker). 19 Definitions ▪ An error is a human mistake in performing some software activity. ▪ A Security policy is a set of rules and practices that specify or regulate how a system or an organization provides security services to protect sensitive and critical system resources. ▪ Assets are information or resources that have value to an organization or person. Applications, systems and networks are counted as assets. ▪ An exploit is a piece of software or technique that takes advantage of a security vulnerability to violate an explicit or implicit security policy. (Virus, worms) 20 Security Strategies ▪ Prevention: take measures that prevent your assets from being damaged. ▪ Detection: take measures so that you can detect when, how, and by whom an asset has been damaged. ▪ Reaction: take measures so that you can recover your assets or to recover from a damage to your assets. ▪ The more you invest into prevention, the more you have to invest into detection to make sure prevention is working. www.wiley.com/go/gollmann 21 Example – E-Commerce ▪ Prevention: encrypt your orders, rely on the merchant to perform checks on the caller, don’t use the Internet (?) … – Cryptography, firewalls, IPS systems. ▪ Detection: an unauthorized transaction appears on your credit card statement. – Anti-virus scanners and IDS systems. ▪ Reaction: complain, ask for a new card number, etc. – Updating of security procedures. www.wiley.com/go/gollmann 22 Security Objectives ▪ Confidentiality: prevent unauthorised disclosure of information ▪ Integrity: prevent unauthorised modification of information ▪ Availability: prevent unauthorised withholding of information or resources ▪ Authenticity: “know whom you are talking to” ▪ Accountability (non-repudiation): prove that an entity was involved in some event ▪ Access Control: Restricting access to resources to privileged entities. www.wiley.com/go/gollmann 23 Confidentiality ▪ Prevent unauthorised disclosure of information (prevent unauthorised reading). ▪ Secrecy: protection of date belonging to an organisation. ▪ Historically, security and secrecy were closely related; security and confidentiality are sometimes used as synonyms. ▪ Do we want to hide the content of a document or its existence? – Traffic analysis in network security. – Anonymity, unlinkability www.wiley.com/go/gollmann 24 Integrity ▪ Prevent unauthorised modification of information (prevent unauthorised writing). ▪ Data Integrity - The state that exists when computerized data is the same as that in the source document and has not been exposed to accidental or malicious alteration or destruction. (Integrity synonymous for external consistency.) ▪ Detection (and correction) of intentional and accidental modifications of transmitted data. www.wiley.com/go/gollmann 25 Integrity continued ▪ No user of the system, even if authorized, may be permitted to modify data items in such a way that assets or accounting records of the company are lost or corrupted. ▪ Integrity is a prerequisite for many other security services; operating systems security has a lot to do with integrity. www.wiley.com/go/gollmann 26 Availability ▪ The property of being accessible and usable upon demand by an authorised entity. ▪ Denial of Service (DoS): The prevention of authorised access of resources or the delaying of time-critical operations. ▪ Maybe the most important aspect of computer security, but few methods are around. ▪ Distributed denial of service (DDoS) receives a lot of attention; systems are now designed to be more resilient against these attacks. www.wiley.com/go/gollmann 27 Denial of Service Attack (smurf) ▪ Attacker sends ICMP echo requests to a broadcast address, with the victim’s address as the spoofed sender address. ▪ The echo request is distributed to all nodes in the range of the broadcast address. ▪ Each node replies with an echo to the victim. ▪ The victim is flooded with many incoming messages. ▪ Note the amplification: the attacker sends one message, the victim receives many. www.wiley.com/go/gollmann 28 Denial of Service Attack (smurf) attacker A sends echo request to broadcast address A with victim as source A victim echo replies A to victim www.wiley.com/go/gollmann 29 Accountability ▪ At the operating system level, audit logs record security relevant events and the user identities associated with these events. ▪ If an actual link between a user and a “user identity” can be established, the user can be held accountable. ▪ In distributed systems, cryptographic non- repudiation mechanisms can be used to achieve the same goal. www.wiley.com/go/gollmann 30 Non-repudiation ▪ Non-repudiation services provide unforgeable evidence that a specific action occurred. ▪ Non-repudiation of origin: protects against a sender of data denying that data was sent. ▪ Non-repudiation of delivery: protects against a receiver of data denying that data was received. www.wiley.com/go/gollmann 31 Non-repudiation ▪ Typical application: signing emails; signatures in S/MIME secure e-mail system. ▪ Are such signatures analogous to signing a letter by hand? ▪ In the legal system, hand written signatures (on contracts) indicate the intent of the signer. www.wiley.com/go/gollmann 32 Security Threats Threats can be categorized by what they can do: ▪ Interception: Access to some system to which they are not allowed. (confidentiality) ▪ Interruption: Disrupt a service and prevent it from functioning. (DDoS). (Availability) ▪ Modification: An attacker actively tampers with a system once they have access. Change in balance. (Integrity) ▪ Fabrication: An attacker may try to create a false record in the system. (fraud) Phishing attack. (Integrity) P33 Threats and Attacks ▪ Eavesdropping: the interception of information intended for someone else during its transmission over a communication channel. Alice Bob Eve Threats and Attacks ▪ Alteration: unauthorized modification of information. – Example: the man-in-the-middle attack, where a network stream is intercepted, modified, and retransmitted. ciphertext C Communication Sender Recipient channel encrypt decrypt plaintext M′ plaintext M ciphertext C′ shared shared secret secret Attacker key (intercepting) key Threats and Attacks ▪ Denial-of-service: the interruption or degradation of a data service or information access. – Example: email spam, to the degree that it is meant to simply fill up a mail queue and slow down an email server. Alice What They Violate ? ▪ Eavesdropping ▪ Alteration ▪ Denial of service ▪ Masquerading What They Violate ? ▪ Eavesdropping: Confidentiality ▪ Alteration: Data integrity ▪ Denial of service: Availability ▪ Masquerading: Origin integrity Security Threats Very often individual attacks will follow the same five step1 pattern: 1. Reconnaissance (Surveying, examination) The is the preparation phase where the attacker seeks to learn all they can about the target organization. 2. Scanning Scanning describes the pre-attack phase where the attacker scans the target network for specific information, typically vulnerabilities based on the results of the reconnaissance. Tools at an attacker’s disposal include port scanners, network mapping tools, vulnerability scanners. P39 1. Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defense by Edward Skoudis Security Threats 3. Gain access This step is the actual penetration of the target system. The attacker exploits a vulnerability to gain access. 4. Maintain access This is the phase where the attacker delivers the desired payload. They have gained unauthorized access and now wish to exploit it. This can mean anything from obtaining files/data, planting spyware, cause damage directly, setup zombie machines, install backdoor, etc. 5. Cover tracks This is how an attacker hides the evidence of his actions. Log files need to be modified. P40
