Announcement r Project dates adjusted (correct those on the syllabus handed out last time) r Sign-up for the paper presentation at the end of next week (after proj assignment) m Ashish and Stephan volunteer for the next week r Projects will be online soon, find your partners
Overview r Integrity r Key distribution and certification r Mobile malcode m Overview m Viruses m Worms m Automatic updates r History of Viruses (if time allowed)
Digital Signatures Cryptographic technique analogous to hand- written signatures. r sender (Bob) digitally signs document, establishing he is document owner/creator. r verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document
Digital Signatures Simple digital signature for message m: r Bob signs m by encrypting with his private key K B, creating “signed” message, K B (m) - - Dear Alice Oh, how I have missed you. I think of you all the time! …(blah blah blah) Bob Bob’s message, m Public key encryption algorithm Bob’s private key K B - Bob’s message, m, signed (encrypted) with his private key K B - (m)
Digital Signatures (more) r Suppose Alice receives msg m, digital signature K B (m) r Alice verifies m signed by Bob by applying Bob’s public key K B to K B (m) then checks K B (K B (m) ) = m. r If K B (K B (m) ) = m, whoever signed m must have used Bob’s private key Alice thus verifies that: ü Bob signed m. ü No one else signed m. ü Bob signed m and not m’. Non-repudiation: Alice can take m, and signature K B (m) to court and prove that Bob signed m. -
Message Digests Computationally expensive to public-key-encrypt long messages Goal: fixed-length, easy- to-compute digital “fingerprint” r apply hash function H to m, get fixed size message digest, H(m). Hash function properties: r many-to-1 r produces fixed-size msg digest (fingerprint) r given message digest x, computationally infeasible to find m such that x = H(m) large message m H: Hash Function H(m)
Internet checksum: poor crypto hash function Internet checksum has some properties of hash function: ü produces fixed length digest (16-bit sum) of message ü is many-to-one But given message with given hash value, it is easy to find another message with same hash value: I O U B O B 49 4F E D2 42 message ASCII format B2 C1 D2 AC I O U B O B 49 4F E D2 42 message ASCII format B2 C1 D2 AC different messages but identical checksums!
large message m H: Hash function H(m) digital signature (encrypt) Bob’s private key K B - + Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: K B (H(m)) - encrypted msg digest K B (H(m)) - encrypted msg digest large message m H: Hash function H(m) digital signature (decrypt) H(m) Bob’s public key K B + equal ? Digital signature = signed message digest
Hash Function Algorithms r MD5 hash function widely used (RFC 1321) m computes 128-bit message digest in 4-step process. m arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x. r SHA-1 is also used m US standard [ NIST, FIPS PUB 180-1] m 160-bit message digest r SHA-2 is the new variant m Is the collective name of one-way hash functions developed by the NIST: SHA-256, SHA-384, and SHA-512
Overview r Integrity r Key distribution and certification r Mobile malcode m Overview m Viruses m Worms m Automatic updates
Trusted Intermediaries Symmetric key problem: r How do two entities establish shared secret key over network? Solution: r trusted key distribution center (KDC) acting as intermediary between entities Public key problem: r When Alice obtains Bob’s public key (from web site, , diskette), how does she know it is Bob’s public key, not Trudy’s? Solution: r trusted certification authority (CA)
Key Distribution Center (KDC) r Alice, Bob need shared symmetric key. r KDC: server shares different secret key with each registered user (many users) r Alice, Bob know own symmetric keys, K A-KDC K B-KDC, for communicating with KDC. K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC K P-KDC KDC
Key Distribution Center (KDC) Alice knows R1 Bob knows to use R1 to communicate with Alice Alice and Bob communicate: using R1 as session key for shared symmetric encryption Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) )
Certification Authorities r Certification authority (CA): binds public key to particular entity, E. r E (person, router) registers its public key with CA. m E provides “proof of identity” to CA. m CA creates certificate binding E to its public key. m certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key K B + Bob’s identifying information digital signature (encrypt) CA private key K CA - K B + certificate for Bob’s public key, signed by CA
Certification Authorities r When Alice wants Bob’s public key: m gets Bob’s certificate (Bob or elsewhere). m apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key K B + digital signature (decrypt) CA public key K CA + K B +
Overview r Integrity r Key distribution and certification r Mobile malcode m Overview m Viruses m Worms m Automatic updates
Mobile Malcode Overview r Malicious programs which spread from machine to machine without the consent of the owners/operators/users m Windows Automatic Update is (effectively) consensual r Many strains possible m Viruses m Worms m Compromised Auto-updates No user action required, very dangerous
Viruses r Definition from RFC 1135: A virus is a piece of code that inserts itself into a host, including operating systems, to propagate. It cannot run independently. It requires that its host program be run to activate it. r On execution m Search for valid target files Usually executable files Often only infect uninfected files m Insert a copy into targeted files When the target is executed, the virus starts running r Only spread when contaminated files are moved from machine to machine r Mature defenses available
r 1988: Less than 10 known viruses r 1990: New virus found every day r 1993: new viruses per week r 1999: 45,000 viruses and variants Source: McAfee
Virus Infectables r Executable files:.com,.exe,.bat r Macros m With macro languages the line between pure data files and executable files is blurring m An infected file might be attached to an m programs may use other programs (e.g., word) with macros to display incoming mail r System sector viruses m Infect control sectors on a disk DOS boot sectors Partition (MBR) sectors m System sector viruses spread easily via floppy disk infections
Virus Infectables (cont’d) r Companion viruses m Create a.com files for each.exe files m DOS runs COM files before EXE files m Relatively easy to find and eliminate r Cluster viruses m Change the DOS directory info so that directory entries point to the virus code instead of the real program m Even though every program on the disk may be "infected“, there is only one copy of the virus on the disk
Anatomy of a Virus r Two primary components m Propagation mechanism m Payload r Propagation m Method by which the virus spreads itself. m Old days: single PC, transferred to other hosts by ways of floppy diskettes. m Nowadays: Internet.
Structure of A Virus Virus() { infectExecutable(); if (triggered()) { doDamage(); } jump to main of infected program; } void infectExecutable() { file = choose an uninfected executable file; prepend V to file; } void doDamage() {... } int triggered() { return (some test? 1 : 0); }
Variable Viruses r Polymorphic viruses m Change with each infection Executables virus code changing (macros: var name, line spacing, etc.) Control flow permutations (rearrange code with goto’s) m Attempt to defeat scanners r Virus writing tool kits have been created to "simplify" creation of new viruses m Current tool kits create viruses that can be detected easily with existing scanner technology m But just a matter of time …
Virus Detection/Evasion r Look for changes in size r Check time stamp on file r Look for bad behavior m False alarm prone r Look for patterns (byte streams) in virus code that are unique r Look for changes in file checksum r Compression of virus and target code r Modify time stamp to original r Do bad thing insidiously r Change patterns – polymorphism r Rearrange data in the file r Disable anti-virus programs
More on Virus Detection r Scanning m Depend on prior knowledge of a virus m Check programs before execution m Need to be regularly updated r Integrity Checking m Read entire disk and record integrity data that acts as a signature for the files and system sectors m Analyze the nature of the changes to differentiate file corruption caused by a bug from corruption caused by a virus m Use cryptographic computation technique instead of simple checksum
More on Virus Detection r Interception m Monitoring for system-level routines that perform destructive acts m Good for detecting logic bomb and Trojoran horse m Cannot depend entirely upon behavior monitors as they are easily bypassed. r Combination of all three techniques can detect most viruses
Logic Bomb: r Logic Bomb: A logic bomb executes when specific conditions occur. r Triggers for logic bombs can include change in a file, by a particular series of keystrokes, or at a specific time or date.
Trojan Horse r Programs that appear to have one function but actually perform another function. Modern Trojan Horse: resemble a program that the user wishes to run - a game, a spreadsheet, or an editor. r While the program appears to be doing what the user wants, it is also doing something else unrelated to its advertised purpose, and without the user's knowledge.
Virus Recovery r Extricate the virus from the infected file to leave the original behind r Remove the redirection to the virus code r Recover the file from backup r Delete the files and move on with life
-Borne Viruses/Worms r The logic/code is contained in an , usually as an executable attachment m Some mail agents execute content automatically m Upon execution Search for addresses in address book, s Send out copies of itself to all the addresses it can find r Taxonomy: are they viruses or worms? m viruses: when human or human-agents asynchronously trigger the worm m worms: when they are fully automatic
Worms r Autonomous, active code that can replicate to remote hosts without any triggering m Typically, a worm is a process not a file r Because they propagate autonomously, they can spread much more quickly than viruses! r Much of the class focuses on worms r Speed and general lack of user interaction make them the most significant threats
Compromised Auto-updates r Auto-update program: At a given time, call to central server m If new programs are available, download and install Probably a good thing when correctly implemented r Hijack the auto-update m May be trivial DNS cache poisoning or router redirection m May be very difficult Capture the code-signing and the server’s private keys r Present a fake update to the world r Unlike other mobile malcode, it only travels a single step: from server to the clients
Malcode Attributes Virus - borne Virus Worm - borne Worm Auto- Update Autonom ous XXX Triggere d XXX Domain/ Universe File/ File system User / Users Host/Ne twork User / Users Host/Ne twork
Overview r Integrity r Key distribution and certification r Mobile malcode m Overview m Viruses m Worms m Automatic updates r A History of Viruses
First Wild Viruses Apple I/II/III: 1981 r Three viruses for the Apple machines emerged in 1981 m Boot sector viruses r Floppies of that time had the disk operating system (DOS) on them by default m Wrote it without malice
Fred Cohen’s Work: 1983 r First documented work with viruses m Cohen’s PhD advisor, Leo Adelman, coined the term “virus” m Virus: “a program that can infect other programs by modifying them to include a … version of itself” m Viruses can quickly (~30 min) spread through a networked file system r Dissertation (1986) conclusion: "universal" detection of a virus is undecidable m Gave insights to some heuristic detection mechanisms that are widely used now m No 100% guaranteed detection for virus/worm
First PC Virus: Pakistani Brain Virus (1986) r Written by Pakistani brothers to protect their copyright m Claim: infect only machines that had an unlicensed copy of their software m Boot sector, memory resident m Printed “Welcome to the Dungeon (c) 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAB BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE :430791,443248, Beware of this VIRUS.... Contact us for vaccination !!"
Destructive Virus: Chernobyl (1998) r Designed to inflict harm m Flash BIOS: would cause permanent hardware damage to vulnerable motherboards m Also overwrote first 2K sectors of each disk Typically resulted in a loss of data and made it unbootable r Previously believed that being benign was necessary for virus longevity m Chernobyl provided evidence to the contrary
Early Mail Virus: Happy99 (1999) r One of the earliest viruses that propagated automatically when an infected attachment is executed r Did not infect files, only user accounts r sent from infected person to others in address book (novelty at the time)
Early Macro Virus: Melissa (1999) r Microsoft Word 97 Macro virus r Target first 50 entries in Outlook’s address book r Adjusted subject “Important messages from ______” r Points to attachment as a document requested m Contains a list of porn sites r Macro security was greatly increased with Melissa