Dr. Jelena Mirkovic University of Southern California Information Sciences Institute

 If you wish to enroll and do not have D clearance yet, send an to with: o Your name o Which prerequisites you have completed o A phone number o Request to receive a D clearance  I will let you know within a day or two

 o Syllabus o Assignments o News o Lecture notes (also on DEN)  Keep checking it!

 o 1 of the 4 units o Instructor is David Morgan o Instruction 4 – 4:50 Fridays in RTH105  WebCast via DEN  Hands on work in the lab – exercising the theoretical knowledge from class  Some labs will be done remotely using DETER testbed

 Four reports, due as noted online  Each discusses a paper of your choice from a few top security conferences/journals o Summary of the paper and its critique o Your ideas on the topic o 2-4 pages, submitted via DEN o You can submit reports early if you like  One report from each student will be chosen for presentation in class  Total 20% of your grade, 4% each

 4 quizzes o Done before each DETER exercise o Repeated after the exercise o You MUST take each quiz  Total 5% of your grade

 Class (TA and  Instructor o Dr. Jelena Mirkovic o Office hours Fri 12:30-1:30pm or by appt in SAL 234 o Contact via (on class web page)  TA o Melina Demertzi o Office hours Tu and We am o Contact via (on class web page)

 Grading: o Paper reports/presentations: 20% o Lab: 20% o Quizzes: 5% o Participation: 5% o Midterm Exam: 20% o Final Exam: 30%  Grades assigned using an absolute curve: AA-B+BB-C+CC-D+DD

 DEN system will host the class discussion board o To gain access and log in o Contact if you have difficulty with the o I will check the discussion board once daily but if you want a reliable response from me me directly

 Class participation is important o Ask and answer questions in class o Ask, answer, participate on-line  Class participation carries 5% of your grade o If I don’t remember you from class, I look in the web discussion forum to check participation  Did you ask good questions  Did you provide good answers  Did you make good points in discussions o For DEN students, discussion board is the primary means of class participation  You can also call into the class if you like

 What is and is not OK o I encourage you to work with others to learn the material but everyone must DO their work ALONE o Do not to turn in the work of others o Do not give others your work to use as their own o Do not plagiarize from others (published or not) o Do not try to deceive the instructors  See the Web site o More guidelines on academic integrity o Links to university resources o Don’t just assume you know what is acceptable.

 No one should be able to: o Break into my house o Attack me o Steal my TV o Use my house to throw water balloons on people o Damage my furniture o Pretend to be my friend Bob and fool me o Waste my time with irrelevant things o Prevent me from going to my favorite restaurant o Destroy my road, bridge, city..

 No one should be able to: o Break into my computer o Attack my computer o Steal my information o Use my computer to attack others o Damage my computer or data o Use my resources without my permission o Mess with my physical world  I want to talk to Alice o Pretend to be Alice or myself or our computers o Prevent me from communicating with Alice

 An isolated computer has a security risk? o Computer security aims to protect a single, connected, machine  Networking = communication at all times and in all scenarios!!! o Network security aims to protect the communication and all its participants  Security = robustness or fault tolerance? Computer security Network security

 Breaking into my computer o Hackers  Break a password or sniff it off the network  Exploit a vulnerability  Use social engineering  Impersonate someone I trust o Viruses and worms A vulnerability is a bug in the software that creates unexpected computer behavior when exploited, such as enabling access without login, running unauthorized code or crashing the computer. An exploit is an input to the buggy program that makes use of the existing vulnerability.

 Attacking my computer o Denial-of-service attacks o Viruses and some worms A virus is a self-replicating program that requires user action to activate such as clicking on , downloading an infected file or inserting an infected floppy, CD, etc.. A worm is a self-replicating program that does not require user action to activate. It propagates itself over the network, infects any vulnerable machine it finds and then spreads from it further. A DOS attack aims to disrupt a service by either exploiting a vulnerability or by sending a lot of bogus messages to a computer offering a service

 Stealing my information o From my computer or from communication o I will use cryptography!  There are many ways to break ciphers  There are many ways to divulge partial information (e.g. who do you talk to) o I would also like to hide who I talk to and when  I will use anonymization techniques  Anonymization hinders other security approaches that build models of normal traffic patterns

 Using my machine to attack others o viruses o Worms o Denial-of-service attacks (including reflector attacks) o Spam, phishing

 Damaging my computer or data o I have to prevent break-ins o I will also use cryptography to detect tampering o I must replicate data to recover from tampering o Denial-of-service attacks and worms can sometimes damage computers

 Taking up my resources with irrelevant messages o Denial-of-service attacks o Spam mail (takes time to read and fills space) o Malicious mail (may contain a virus) o Viruses and worms

 Messing up with my physical world o Cyber-physical attacks or collateral victims o Power systems, traffic control, utilities o Travel agencies o Medical devices o Smart vehicles

 Pretending to be Alice or myself or our computers o I want to be sure who I am talking to (authentication and digital signatures) o It is hard to impersonate a computer in two- way communication, such as TCP  But it has been done o Plain IP spoofing seems an extremely hard problem to solve IP spoofing means putting a fake IP address in the sender field of IP packets.

 Preventing me from communicating with Alice o Alice could be attacked o Routers could be overloaded or tampered with o DNS servers could be attacked

 Confidentiality (C) o Keep data secret from non-participants  Integrity (I) o Aka “authenticity” o Keep data from being modified o Keep it functioning properly  Availability (A) o Keep the system running and reachable

 No one should be able to: o Break into my computer – A, C, I o Attack my computer – A, C, I o Steal my information - C o Use my computer to attack others – I? o Damage my computer or data - I o Use my resources without my permission – A o Mess with my physical world – I, A  I want to talk to Alice o Pretend to be Alice or myself or our computers – C, I o Prevent me from communicating with Alice - A

 Policy o Deciding what confidentiality, integrity and availability mean  Mechanism o Implementing the policy

 Your security frequently depends on others o Tragedy of commons  A good solution must o Handle the problem to a great extent o Handle future variations of the problem, too o Be inexpensive o Have economic incentive o Require a few deployment points o Require non-specific deployment points

 Fighting a live enemy o Security is an adversarial field o No problem is likely to be completely solved o New advances lead to improvement of attack techniques o Researchers must play a double game

 Attack patterns change  Often there is scarce attack data  Testing security systems requires reproducing or simulating legitimate and traffic o No agreement about realistic traffic patterns  No agreement about metrics  There is no standardized evaluation procedure  Some security problems require a lot of resources to be reproduced realistically

 Risk analysis and risk management o How important it is to enforce a policy o Which threats matter o Legislation may play a role  The role of trust o Assumptions are necessary  Human factors o The weakest link

 Motivation o Bragging Rights o Profit (Spam, Scam, Phishing, Extortion) o Revenge / to inflict damage o Terrorism, politics  Risk to the attacker o Usually small o Can play a defensive role

 Buggy code  Protocol design failures  Weak crypto  Social engineering/human factor  Insider threats  Poor configuration  Incorrect policy specification  Stolen keys or identities  Misplaced incentives (DoS, spoofing, tragedy of commons)

 Policy defines what is allowed and how the system and security mechanisms should act  Policy is enforced by mechanism which interprets and enforces it, e.g. o Firewalls o IDS o Access control lists  Implemented as o Software (which must be implemented correctly and without vulnerabilities)

 Encryption  Checksums  Key management  Authentication  Authorization  Accounting  Firewalls  VPNs  Intrusion Detection  Intrusion Response  Virus scanners  Policy managers  Trusted hw

 Most deployment of security services today handles the easy stuff, implementing security at a single point in the network, or at a single layer in the protocol stack: o Firewalls, VPN’s o IPSec o SSL o Virus scanners o Intrusion detection

 Unfortunately, security isn’t that easy. It must be better integrated with the application. o At the level at which it must ultimately be specified, security policies pertain to application level objects, and identify application level entities (users).

 Security is made even more difficult to implement since today’s systems lack a central point of control. o Home machines unmanaged o Networks managed by different organizations. o A single function touches machines managed by different parties.  Clouds o Who is in control?

 Goal: Protect private communication in the public world  Alice and Bob are shouting messages in a crowded room  Everyone can hear what they are saying but no one can understand (except them)  We have to scramble the messages so they look like nonsense or alternatively like innocent text  Only Alice and Bob know how to get the real messages out of the scramble

 Authentication o Bob should be able to verify that Alice has created the message  Integrity checking o Bob should be able to verify that message has not been modified  Non-repudiation o Alice cannot deny that she indeed sent the message

 Exchanging a secret with someone you have never met, shouting in a room full of people  Proving to someone you know some secret without giving it away  Sending secret messages to any m out of n people so only those m can retrieve messages and the rest n-m cannot  Sending a secret message so that it can be retrieved only if m out of n people agree to retrieve it

Good cryptography assumes knowledge of algorithm by anyone, secret lies in a key!!!  Alice could give a message covertly “Meeting at the old place” o Doesn’t work for arbitrary messages and o Doesn’t work if Alice and Bob don’t know each other  Alice could hide her message in some other text – steganography  Alice could change the message in a secret way o Bob has to learn a new algorithm o Secret algorithms can be broken by bad guys

 Substitute each letter with a letter which is 3 letters later in the alphabet o HELLO becomes KHOOR  Instead of using number 3 we could use n  [1,25]. n would be our key  How can we break this cipher? Can you decipher this: Bpqa kzgxbwozixpg ammua zmit miag. Em eivb uwzm!

 We can also choose a mapping for each letter: (H is A, E is M, L is K, O is Y). This mapping would be our key. This is monoalphabetic cipher. o HELLO becomes AMKKY  How can we break this cipher?

 Symmetric key crypto: one key o We will call this secret key or shared key o Both Alice and Bob know the same key  Asymmetric key crypto: two keys o Alice has public key and private key o Everyone knows Alice’s public key but only Alice knows her private key o One can encrypt with public key and decrypt with private key or vice versa  Hash functions: no key o Output depends on input in non-linear fashion