CSIT324 OS &WEB INTERFACE SECURITY Introduction

C OURSE O UTLINE Concepts Security environment: Threats, intruders, accidental data loss. Cryptography basics: types Protection mechanisms Authentication Insider attacks, Code bug exploitation plus defenses.

A SSESSMENT Course works, test – 30% Final Exam – 70%

R EFERENCE Modern OS by Andrew S. Tanenbaum

S ECURITY E NVIRONMENT OS - Security – Protection mechanisms – the specific OS mechanisms used to safeguard information in the PC.

S ECURITY F ACETS 1. Threats PC has 4 general goals with corresponding threats to them: Data confidentiality – concerned with having secret data remain secret. Data integrity – unauthorized users should not be able to modify any data without the owner’s permission. Data modification includes changing data, removing data and adding false data. System availability – nobody can disturb the system to make it unusable. Denial of service attacks. Privacy – protecting individuals from misuse of information about them

2. I NTRUDERS /A DVERSARIES People who are nosing around places where they have no business. Forms: Passive intruders – want to read files they are not authorized to read. Active intruders – more malicious (want to make unauthorized changes to data).

C ATEGORIES OF I NTRUDERS Casual prying by nontechnical users: people reading other users’ &other files if no barriers are placed in the way. Snooping by insiders. Determined attempts to make money: bank programmers have attempted to steal from the bank they are working for. Commercial/military espionage: espionage is a serious &well-funded attempt by a competitor/a foreign country to steal programs, trade secrets, patentable ideas, technology, circuits designs, business plans e.t.c.

3. A CCIDENTAL DATA LOSS Valuable data can be lost by accident. Causes: Act of God – fires, floods, earthquakes, wars, riots. Hardware/software errors – CPU malfunctions, unreadable disks, telecom errors, program bugs. Human errors – incorrect data entry, wrong program run, lost disk. Solutions: Maintain adequate backups far away from the original data.

C RYPTOGRAPHY B ASICS. Cryptography refers to the process of converting plaintext into ciphertext (encrypt) in that only authorized people know how to convert it back to plaintext. Ciphertext is an incomprehensible pile of bits. Encryption &decryption algorithms (functions) should always be public.

F ORMS OF C RYPTOGRAPHY Secret-key cryptography – mono-alphabetic substitution. Also referred to as symmetric cryptography. Advantage: Efficient because the amount of computation required to encrypt/decrypt a message is manageable. Drawback : Sender &receiver must both be in possession of the shared secret key. Public-key cryptography – private (decryption key) and public key pair but the public key (encryption key) is published.

P UBLIC KEY ENCRYPTION …. Key generation is automated with a user-selected password fed into the algorithm. The correspondent encrypts the message with the receiver’s public key. Since only the receiver has the private key, only the receiver can decrypt the message.

D IGITAL S IGNATURES Digital signatures – sign a document digitally. Make it possible to sign s &other digital documents in such a way that they can’t be repudiated by the sender later. One way is to first run the document through a one-way cryptographic hashing algorithm which very hard to invert. Hashing function produces a fixed length result independent of the original document size. Common hash functions: Message Digest 5 (MD5) that produces a 16byte result, Secure Hash Algorithm (SHA-1) that produces a 20-byte result.

H ASHING PROCESS.. S ENDER ’ S END. The document owner applies his private key to the hash to get D(hash). This value, called the Signature block, is appended to the document &sent to the receiver. The application of D to the hash is also referred to as decrypting the hash though its not really a decryption because the hash has not been encrypted. It just a mathematical transformation on the hash.

R ECEIVER ’ S END.. When the doc and hash arrive, the receiver first computes the hash of the doc using MD5 or SHA. The receiver then applies the sender’s public key to the signature block to get E{D(hash)}. It encrypts the decrypted hash, canceling it out &getting the hash back. If the computed hash doesn’t match the hash from the signature block, the doc, the signature block, or both have been tampered with or changed by accident. NB: the value of this scheme is that it applies public-key cryptography only to a relatively small piece of data, called the hash.

T RUSTED P LATFORM M ODULE (TPM) TPM is crypto-processor with some nonvolatile storage inside it for keys. TPM can perform cryptographic operations such as encrypting blocks of plaintext or decrypting blocks of ciphertext in main memory. TPM can also verify digital signatures. According to Microsoft, operating system controls the TPM to prevent unauthorized software from being run.

TPM APPLICATIONS … If the TPM is involved in the booting process, it will start only operating systems signed by a secret key placed inside the TPM by the manufacturer &disclosed only to selected OS vendors e.g. Microsoft. Thus TPM can be used to limit users’ choices of software to those approved by the computer manufacturer.

TPM APPLICATIONS … Music &movie industries are very keen on TPM as it could be used to prevent piracy of the content. It also open up new business models such as renting songs/movies for a specific period of time by refusing to decrypt them after the expiration date. TPM drawback: Doesn’t make PCs more secure against external attacks. It only focuses on using cryptography to prevent users from doing anything not approved directly or indirectly by the TPM controllers.

R ESEARCH ON : Certificate Authorities PKI Next Lecture: Protection Mechanisms. End!