Lecture 5 – Getting Physical Security Computer Science Tripos part 2 Ross Anderson.

Slides:

Advertisements

Similar presentations

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Advertisements

IT: Communication and Impacts

GCSE ICT Networks & Security..

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

The Cloud is Safe Pract The Facts. Backround: The recent hacking of the Cloud poses many issues with respect to Internet security. Just recently a hacker.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Computers in Society Encryption. Representing Sensory Experience Some objects correspond to human sensory experience – these representations are created.

Chapter 9 Banking and Book keeping Protecting yourself from you.

Lecture 6 – Psychology: From Usability and Risk to Scams Security Computer Science Tripos part 2 Ross Anderson.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

Lecture 11 Reliability and Security in IT infrastructure.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

1 INTRUSION ALARM TECHNOLOGY LOCAL VS. MONITORING.

Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.

Programming Satan’s Computer

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

Chapter 2 What is an Alarm System? Alarms: The First Line of Defense

Networks and Hackers Copyright © Texas Education Agency, All rights reserved. 1.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Anderson School of Management University of New Mexico.

Security and backups GCSE ICT.

1 An Introduction to the future of the Internet (part 1) David Clark MIT CSAIL July 2012.

Identity Theft What is Identity Theft?  Identity theft is a serious crime. Identity theft happens when someone uses information about you without your.

The Protection of Information in Computer Systems Part I. Basic Principles of Information Protection Jerome Saltzer & Michael Schroeder Presented by Bert.

SECURITY ENGINEERING 2 April 2013 William W. McMillan.

Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.

System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.

Do pictures always give truthful information? Can publishing it be hurtful??

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

Chapter Eight CBIS and Checklists. General Controls 12 controls Planning, controls, standards, security Continuous updating –e.g., C&L 66% of firms inadequate.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Viruses Hackers Backups Stuxnet Portfolio Computer viruses are small programs or scripts that can negatively affect the health of your computer. A.

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Security CS Introduction to Operating Systems.

Add name of trust / organisation in box 1 and name of trainer in box 2. Delete THIS box.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Bailey Ryan.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.

Physical security Dr.Talal Alkharobi.

Society & Computers PowerPoint

Why Cryptosystems Fail R. Anderson, Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993 Reviewed by Yunkyu Sung

Protecting Your Assets By Preventing Identity Theft 1.

Computer Networks. Computer Network ► A computer network is a group of computers that are linked together.

Safety in your Home and at School

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

What you will learn in this session 1.The characteristics of fire, smoke and toxic fumes 2.Fire hazards involved in the working environment 3.Significant.

Access Control Jeff Wicklund Computer Security Fall 2013.

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

AUTOMATING HOME SECURITY RYAN C. KRAUSE. BACKGROUND: HOME SECURITY Many providers including, self-building kits ADT, Gaurdian, Xfinity, LifeShield, Protection.

Protection of Data 31 Protection of Data 31. Protection of Data 31 Having looked at threats, we’ll now look at ways to protect data: Physical Barriers.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

EN Lecture Notes Spring 2016 ASSURANCE AND EVALUATION.

3-5 Lesson c: secret agent savings The big savings mistakes

Risk management.

Lecture 18 Case Study: Misuse of oxygen concentrators

Online Safety! By: Michelle Deng.

How to build a good reputation online

Security in the Workplace: Information Assurance

Outline Introduction Characteristics of intrusion detection systems

Martus Account Set Up Benetech is a non-profit organization that develops and supports Martus, a secure information management software for human rights.

Lesson 16-Windows NT Security Issues

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Presentation transcript:

Lecture 5 – Getting Physical Security Computer Science Tripos part 2 Ross Anderson

Availability Policies Until recently, researchers ignored availability, but it’s where the money goes Good example: alarms! researchindustry confidentiality90%1% integrity/authenticity9% availability1%90%

The Physical Security Revolution IT security is rooted in the physical variety (for server rooms, crypto boxes etc) Old model: firms like Chubb with proprietary fire / burglar alarm systems; locks with master-keying systems New model: sensors, striker plates, sensors run off ethernet like everything else We should be able to do better than metal systems Should be much easier to manage too – but many tensions (manageability, dependability)

Lock Bumping

Lock Bumping (2) Cut a key down to the (0,0,0,0,0,0) bitting Put it in the keyway, apply torque, and tap Pins bounce up to shear line and cylinder turns

Lock Bumping (3) With fancy locks, like sidebar here: break that separately first pick it, or steal or photograph a key Enthusiasts have now defeated most mechanical locks

Burglar Alarms Good example of a service where availability matters! –If there’s a burglar in my vault I want the alarm company to be told! –Not bothered about confidentiality: you can tell other people too –Nor about authenticity: I don’t care who tells them Wide range of systems: homes – supermarkets – jewelry stores – banks – nuclear facilities Wide range of standards, from Underwriters’ Labs to the IAEA

How to Steal a Painting (1) Hollywood idea of art theft: cut through roof, climb down rope, grab painting without stepping on pressure mat (i.e. sensor defeat), get girl… –Response to this perceived threat is more, fancier sensors –There are limits: set by false alarm rates and environmental conditions –Critical science: the Receiver Operating Characteristic (ROC) curve –Multisensor data fusion is really hard! But most high-grade attacks don’t defeat sensors

How to Steal a Painting (2) More common type of art theft: hide in broom cupboard, come out at midnight, grab the Rembrandt and head for the fire exit –Understand the service you’re supplying: deter – detect – alarm – delay – response –Don’t rely on tech too much: ‘Titanic effect’ Or just toss in a smoke grenade. The fire alarm turns off the burglar alarm. Dash in and grab the Rembrandt –If caught, claim you were passing by and dashed in to save the national heritage

How to Steal a Painting (3) Wait for a dark and stormy night, when false alarms will be common. Create several (fence rattling). Wait till guards stop responding –Typical police force blacklists a property after 3–4 false alarms –Fix: multiple sensors, e.g. CCTV inside –Problem: we want best sensors on the outside for delay, but on the inside for low false alarm rate This is the standard way for professionals to do a bank vault!

How to Steal a Painting (4) Cut the wire from the sensor to the controller Connect a bogus controller to the phone line Cut the communications to the controller Cut the communications to many controllers –E.g. Holborn explosion –LPC: 2 independent channels for risks over £20m –Armed response force on premises for plutonium Insurance companies would like resilient anonymous communications to make service denial hard

Alarms – Lessons Learned Dealing with service denial is becoming more important, and harder Trade–off between false alarm rate and missed alarm rate is central You need to be clear what the service you’re supplying (or buying) is – is it about sounding the alarm, or more? Critically, we need to design the system around the limitations of the human response. E.g. in airport screening, you insert deliberate false alarms. But what more can be said?

Policy Continued … Bell-LaPadula, Biba and Clark-Wilson are only three early examples of policy Many industries develop their own, and may get Protection Profiles evaluated Many things go wrong – people protect the things they can, not the things they should We often see deception at the policy level! For now, here’s a useful framework

A Framework Policy Assurance Incentives Mechanism

Policy – a Quick Test Were the 9/11 hijackings a failure of –incentive, –policy, –mechanism or –assurance? Since then, tinkering with mechanisms may have been easier than fixing incentives …

Usability and Psychology ‘Why Johnny Can’t Encrypt’ – study of encryption program PGP – showed that 90% of users couldn’t get it right give 90 minutes Private / public, encryption / signing keys, plus trust labels was too much – people would delete private keys, or publish them, or whatever Security is hard – unmotivated users, abstract security policies, lack of feedback … Much better to have safe defaults (e.g. encrypt and sign everything) But economics often push the other way …

Usability and Psychology (2) 1980s concerns with passwords: technical (crack /etc/passwd, LAN sniffer, retry counter) 1990s concerns: weak defaults, attacks at point of entry (vertical ATM keypads), can the user choose a good password and not write it down? Our 1998 password trial: control group, versus random passwords, versus passphrase The compliance problem; and can someone who chooses a bad password harm only himself?