Lecture 0. Course Introduction Prof. Taeweon Suh Computer Science & Engineering Korea University COM850 Computer Hacking and Security
Korea Univ Course Information Instructor Prof. Taeweon Suh Textbook HACKING – The Art of Exploitation, 2 nd Edition, Jon Erickson, 2008 Prerequisites C-programming, Network Programming, Computer Architecture, Operating Systems References Practical Packet Analysis using Wireshark to Solve Real-world Network Problems, Chris Sanders, 2 nd Edition, no starch press, 2011 TCP/IP Protocol Suite, Behrouz Forouzan, 4 th Edition, McGraw-Hill, 2009 TCP/IP Illustrated, Volume 1, W. Richard Stevens, Addison-Wesley, 1994 Office hours After class as needed By appointment at Lyceum 307 Course materials will be posted on the course web at Contact Information
Korea Univ Pioneers of Hacking John Draper Hacked telephone line to make free calls Arrested on toll fraud charges in 1972 Inspired 2 Steves 3 Discovery Channel’s The Secret History of Hacking
Korea Univ Pioneers of Hacking Steve Wozniack Apple co-founder Started revolution in computers Kevin Mitnick Hacked many computer systems Convicted of various computer and communication-related crimes 4 Discovery Channel’s The Secret History of Hacking
Korea Univ Hacking is Bad? Most people associate hacking with breaking the law and assume that everyone who engages in hacking activities is a criminal Hackers are outlaws, snooping, stealing, and spreading viruses. No one has good words for them The essence of hacking is finding unintended or overlooked uses and applying them in a new and inventive ways Hacked solutions follow the rules of the system, but they use those rules in counterintuitive ways 5
Korea Univ “My” Hacking Classification Software hacking Exploit vulnerabilities in software Hardware Trojan Implant malicious hardware inside a chip Hybrid (hardware + software) Software to trigger Hardware Trojans Software based on the understanding of hardware details 6
Korea Univ Abstractions in Computer 7 Hardware Implementation Instruction Set Architecture (ISA) Assembly language or Machine language Operating Systems Programming using APIs Provides APIs (Application Programming Interface)
Korea Univ Software Hacking Exploit vulnerabilities in software Classic buffer overflow Heap-based overflow Function pointer overflow … 8 Layout of virtual address space on IA-32
Korea Univ Software Hacking Exploit weakness in network protocols and their implementation in software Denial of Service (DoS): SYN flooding, Ping flooding, Ping of Death, Teardrop, Smurf and Fraggle attacks, Distributed DoS… 9
Korea Univ Hardware Trojan Relatively new and different attack method Implant malicious logic into a chip 10 Implantation during Design Phase IPs HDL Implantation during fabrication Implantation via CAD tools
Korea Univ Hardware Trojan Israel’s strike to nuclear plants in Syria (2007) European chip maker recently built into its microprocessors a kill-switch that could be accessed remotely. French defense contractors have used the chips in military equipment Time-bomb … 11 “The Hunt for The Kill Switch,” IEEE Spectrum, May 2008
Korea Univ Hybrid Certain conditions created by software-triggered Hardware Trojans Software hacks computer systems based on understanding of hardware details 12 “Hardware Security in Practice: Challenges and Opportunities,” HOST, 2011 Insecure hardware initialization by the BIOS The BIOS didn’t lock remapping registers after configuration Attackers reprogram these registers to map to TSEG Corrupt SMI handlers with malicious code
Korea Univ Objectives Our focus is on software hacking and security In-depth understanding of x86 processor, compiler outcome, networking, and hopefully OS Understand vulnerabilites in software Classic buffer overflow in stack Denial of Service (DoS) attacks TCP/IP Hijacking … Study countermeasures to prevent from attacks As a side effect, get used to: Linux system programming x86-based assembly 13
Korea Univ Lab Environment Hardware: x86-based computers Personal laptops are preferred Software: 32-bit Linux The textbook contain a CD you can play with Or, experiment with the latest Linux, but recent OSs are patched against well-known security threats GDB, Wireshark … 14
Korea Univ Grading Policy Midterm Exam: 30% Final Exam: 30% Class Presentations: 40% Fail rule You will be given an “F” if you are absent more than 3 times 2 late show-ups will be counted as 1 absence 15
Korea Univ Understand Computer? How much do you “exactly” understand computers? Answer to the following 2 questions 16
Korea Univ != ? 17
Korea Univ 0.07 != 0.07 ? 18
Korea Univ a x b x c != b x c x a ? 19
Korea Univ What Would You Get? 20 #include int main() { signed int sa = 7; signed int sb = -7; unsigned int ua = *((unsigned int *) &sa); unsigned int ub = *((unsigned int *) &sb); printf("sa = %d : ua = 0x%x\n", sa, ua); printf("sb = %d : ub = 0x%x\n", sb, ub); return 0; }
Korea Univ What Would You Get? 21 #include int main() { float f1 = -58.0; unsigned int u1 = *((unsigned int *) &f1); printf("f1 = %f\n", f1); printf("f1 = %3.20f\n", f1); printf("u1 = 0x%X\n", u1); return 0; } What is this?
Korea Univ What Would You Get? 22 #include int main() { double d1 = -58.0; unsigned long long u1 = *((unsigned long long *) &d1); printf("d1 = %lf\n", d1); printf("d1 = %3.20lf\n", d1); printf("u1 = 0x%llX\n", u1); return 0; } What is this?
Korea Univ What Would You Get? 23 #include int main() { float f2 = -0.1; unsigned int u2 = *((unsigned int *) &f2); printf("f2 = %f\n", f2); printf("f2 = %3.20f\n", f2); printf("u2 = 0x%X\n", u2); return 0; } And What is this? Why are these different?
Korea Univ What Would You Get? 24 #include int main() { float f3 = 0.7; unsigned int u3 = *((unsigned int *) &f3); printf("f3 = %f\n", f3); printf("f3 = %3.20f\n", f3); printf("u3 = 0x%X\n", u3); return 0; } What is this? Why are these different?
Korea Univ Intel’s Core i7 (2 nd Gen.) 25 2 nd Generation Core i7 995 million transistors in 216 mm 2 with 32nm technology L132 KB L2256 KB L38MB Sandy Bridge