EE515/IS523 Think Like an Adversary Lecture 5 Access Control in a Nutshell Yongdae Kim.

Slides:



Advertisements
Similar presentations
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Access Control Chapter 3 Part 3 Pages 209 to 227.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
SE571 Security in Computing
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Security Management.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Key Management in Cryptography
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
IS511 Introduction to Information Security Lecture 4 Cryptography 2
EE515/IS523 Think Like an Adversary Lecture 3 Crypto Yongdae Kim 한국과학기술원.
Chapter 21 Distributed System Security Copyright © 2008.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
G53SEC 1 Access Control principals, objects and their operations.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
EE515/IS523 Think Like an Adversary Lecture 6 Access Control/Usability Yongdae Kim.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
EE515/IS523 Think Like an Adversary Lecture 6 Access Control/UI in a Nutshell Yongdae Kim.
Creating and Managing Digital Certificates Chapter Eleven.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:
Access Control Lesson Introduction ●Understand the importance of access control ●Explore ways in which access control can be implemented ●Understand how.
Privilege Management Chapter 22.
EE515/IS523 Think Like an Adversary Lecture 4 Cryptography/Access Control in a Nutshell Yongdae Kim.
Computer Security: Principles and Practice
Understanding Security
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
EE515/IS523 Think Like an Adversary Lecture 5 Access Control in a Nutshell Yongdae Kim.
Access Control Model SAM-5.
IS511 Introduction to Information Security Lecture 3 Public Key Cryptography and Key Management Yongdae Kim.
Computer Communication & Networks
CE Operating Systems Lecture 21
EE515/IS523 Think Like an Adversary Lecture 5 Access Control in a Nutshell Yongdae Kim.
Presentation transcript:

EE515/IS523 Think Like an Adversary Lecture 5 Access Control in a Nutshell Yongdae Kim

Recap ^ ^ policy  Include [ee515] or [is523] in the subject of your ^ Student Survey  ^ Student Presentation  Send me . ^ Preproposal deadline: This Wednesday 9:00 AM

Challenge-response authentication ^ Alice is identified by a secret she possesses  Bob needs to know that Alice does indeed possess this secret  Alice provides response to a time-variant challenge  Response depends on both secret and challenge ^ Using  Symmetric encryption  One way functions

Challenge Response using SKE ^ Alice and Bob share a key K ^ Taxonomy  Unidirectional authentication using timestamps  Unidirectional authentication using random numbers  Mutual authentication using random numbers ^ Unilateral authentication using timestamps  Alice  Bob: E K (t A, B)  Bob decrypts and verified that timestamp is OK  Parameter B prevents replay of same message in B  A direction

Challenge Response using SKE ^ Unilateral authentication using random numbers  Bob  Alice: r b  Alice  Bob: E K (r b, B)  Bob checks to see if r b is the one it sent out  Also checks “B” - prevents reflection attack  r b must be non-repeating ^ Mutual authentication using random numbers  Bob  Alice: r b  Alice  Bob: E K (r a, r b, B)  Bob  Alice: E K (r a, r b )  Alice checks that r a, r b are the ones used earlier

Challenge-response using OWF ^ Instead of encryption, used keyed MAC h K ^ Check: compute MAC from known quantities, and check with message ^ SKID3  Bob  Alice: r b  Alice  Bob: r a, h K (r a, r b, B)  Bob  Alice: h K (r a, r b, A)

Key Establishment, Management ^ Key establishment  Process to whereby a shared secret key becomes available to two or more parties  Subdivided into key agreement and key transport. ^ Key management  The set of processes and mechanisms which support key establishment  The maintenance of ongoing keying relationships between parties

Access Control in a Nutshell Yongdae Kim

Kerberos vs. PKI vs. IBE ^ Still debating ^ Let’s see one by one!

Kerberos (cnt.) T A B A, B, N A E KBT (k, A, L), E KAT (k, N A, L, B) E KBT (k, A, L), E k (A, T A, A subkey ) E k (T A, B subkey ) E KBT (k, A, L): Token for BE KBT (k, A, L): Token for B E KAT (k, N A, L, B): Token for AE KAT (k, N A, L, B): Token for A L: Life-timeL: Life-time N A ?N A ? E k (A, T A, A subkey ): To prove B that A knows kE k (A, T A, A subkey ): To prove B that A knows k T A : Time-stampT A : Time-stamp E k (B, T A, B subkey ): To prove A that B knows kE k (B, T A, B subkey ): To prove A that B knows k

Kerberos (Scalable) T (AS) A B A, G, N A E KGT (k AG, A, L), E KAT (k AG, N A, L, G) E KGB (k AB, A, L, N A ’), E kAB (A, T A ’, A subkey ) E k (T A ’, B subkey ) G (TGS) E KGT (k AG, A, L), E kAG (A, T A ), B, N A ’ E KAG (k AB, N A ’, L, B), E kGB (k AB, A, L, N A ’), B, NA’

Public Key Certificate ^ Public-key certificates are a vehicle  public keys may be stored, distributed or forwarded over unsecured media ^ The objective  make one entity’s public key available to others such that its authenticity and validity are verifiable. ^ A public-key certificate is a data structure  data part  cleartext data including a public key and a string identifying the party (subject entity) to be associated therewith.  signature part  digital signature of a certification authority over the data part  binding the subject entity’s identity to the specified public key.

CA ^ a trusted third party whose signature on the certificate vouches for the authenticity of the public key bound to the subject entity  The significance of this binding must be provided by additional means, such as an attribute certificate or policy statement. ^ the subject entity must be a unique name within the system (distinguished name) ^ The CA requires its own signature key pair, the authentic public key. ^ Can be off-line!

ID-based Cryptography ^ No public key ^ Public key = ID ( , name, etc.) ^ PKG  Private key generation center  SK ID = PKG S (ID)  PKG’s public key is public.  distributes private key associated with the ID ^ Encryption: C= E ID (M) ^ Decryption: D SK (C) = M

Discussion (PKI vs. Kerberos vs. IBE) ^ On-line vs. off-line TTP  Implication? ^ Non-reputation? ^ Revocation? ^ Scalability? ^ Trust issue?

OS Security ^ OS Security is essentially concerned with four problems:  User authentication links users to processes.  Access control is about deciding whether a process can access a resource.  Protection is the task of enforcing these decisions: ensuring a process does not access resources improperly.  Isolation is the separation of processes’ resources from other processes.

Access Control ^ The OS mediates access requests between subjects and objects. ^ This mediation should (ideally) be impossible to avoid or circumvent. ? Object Subject Reference monitor

Definitions ^ Subjects make access requests on objects. ^ Subjects are the ones doing things in the system, like users, processes, and programs. ^ Objects are system resources, like memory, data structures, instructions, code, programs, files, sockets, devices, etc… ^ The type of access determines what to do to the object, for example execute, read, write, allocate, insert, append, list, lock, administer, delete, or transfer

Access Control ^ Discretionary Access Control:  Access to objects (files, directories, devices, etc.) is permitted based on user identity  Each object is owned by a user.  Owners can specify freely (at their discretion) how they want to share their objects with other users,  by specifying which other users can have which form of access to their objects.  Discretionary access control is implemented on any multi-user OS (Unix, Windows NT, etc.). ^ Mandatory Access Control:  Access to objects is controlled by a system-wide policy  for example to prevent certain flows of information.  In some forms, the system maintains security labels for both objects and subjects  based on which access is granted or denied.  Labels can change as the result of an access  Security policies are enforced without the cooperation of users or application programs.  Mandatory access control for Linux:

Access Control Matrix Obj 1Obj 2Obj 3…Obj n Subj 1rwlrwlx--l Subj 2rwlrlxrwl-- Subj 3---rlr  Subj mrllwrlrwr

Representations ^ An access control matrix can be represented internally in different ways: ^ Access Control Lists (ACLs) store the columns with the objects ^ Capability lists store the rows with the subjects ^ Role-based systems group rights according to the “role” of a subject. O1O2… S1 rwlwl- S2 idawlk- S3 --rl … Sm rwlxwiw

Access Control Lists ^ The ACL for an object lists the access rights of each subject (usually users). ^ To check a request, look in the object’s ACL. ^ ACLs are used by most OSes and network file systems, e.g. NT, Unix, and AFS.

ACL Problems ^ To be secure, the OS must authenticate that the user is who (s)he claims to be. ^ To revoke a user’s access, we must check every object in the system. ^ There is often no good way to restrict a process to a subset of the user’s rights.

Capabilities ^ Capabilities store the allowed list of object accesses with each subject. ^ When the subject requests access to object O, it must provide a “ticket” granting access to O. ^ These tickets are stored in an OS-protected table associated to each process. ^ No widely-used OS uses pure capabilities. ^ Some systems have “capability-like” features: e.g. Kerberos, NT, OLPC, Android

ACL vs. Capabilities ^ Capabilities do not require authentication: the OS just checks each ticket on access requests. ^ Capabilities can be passed, or delegated, from one process to another. ^ We can limit the privileges of a process, by removing unnecessary tickets from the table.

Roles S1 S2S3Sm O1O2On … … S1 S2S3Sm O1O2On … … R1R2

Unix/POSIX Access Control (~) % id uid=3259(kyd) gid=717(faculty) groups=717(faculty),1686(mess),1847(S07C8271),1910(F07C5471),2038(S08C 8271) (~) % ls -l News_and_Recent_Events.zip -rw-rw-rw- 1 kyd faculty Feb 22 10:00 News_and_Recent_Events.zip (/web/classes02/Spring-2011/csci5471) % ls –al drwxrwsr-x 4 kyd S11C Jan 19 10:23./ drwxr-xr-x 46 root daemon 1024 Feb 17 23:04../ drwxrwsr-x 3 kyd S11C Feb 16 00:36 Assignment/

Mandatory Access Control policies ^ Restrictions to allowed information flows are not decided at the user’s discretion (as with Unix chmod), but instead enforced by system policies. ^ Mandatory access control mechanisms are aimed in particular at preventing policy violations by untrusted application software, which typically have at least the same access privileges as the invoking user.

Data Pump/Data Diode ^ Like “air gap” security, but with one-way communication link that allow users to transfer data from the low-confidentiality to the high- confidentiality environment, but not vice versa. ^ Examples:  Workstations with highly confidential material are configured to have read-only access to low confidentiality file servers.

The covert channel problem ^ Reference monitors see only intentional communications channels, such as files, sockets, memory. ^ However, there are many more “covert channels”, which were neither designed nor intended to transfer information at all. ^ A malicious high-level program can use these to transmit high-level data to a low-level receiving process, who can then leak it to the outside world. ^ Examples for covert channels:  Resource conflicts – If high-level process has already created a file F, a low-level process will fail when trying to create a file of same name → 1 bit information.  Timing channels – Processes can use system clock to monitor their own progress and infer the current load, into which other processes can modulate information.  Resource state – High-level processes can leave shared resources (disk head position, cache memory content, etc.) in states that influence the service response times for the next process.  Hidden information in downgraded documents – Steganographic embedding techniques can be used to get confidential information past a human downgrader (least-significant bits in digital photos, variations of punctuation/spelling/whitespace in plaintext, etc.).