Download presentation
Presentation is loading. Please wait.
1
Avishai Wool lecture 13 - 1 Introduction to Systems Programming Lecture 13 Security
2
Avishai Wool lecture 13 - 2 Security goals and threats GOAL Data confidentiality Data integrity User authentication Privilege separation System availability THREAT Data exposure Data modification Masquerading Privilege elevation Denial of service
3
Avishai Wool lecture 13 - 3 Introduction to Cryptography
4
Avishai Wool lecture 13 - 4 Basics of Cryptography Relationship between the plaintext and the ciphertext
5
Avishai Wool lecture 13 - 5 Encryption key == decryption key Monoalphabetic substitution –each letter replaced by different letter: a->x, b->t, … –very easy to break Modern computer ciphers: –DES (Data Encryption Standard, 1977) – 56bit keys –3-DES / triple DES: use DES 3 times - 112/168bit keys –AES (Advanced Encryption Standard, 2001) – 128-256bit Symmetric-Key Cryptography
6
Avishai Wool lecture 13 - 6 Brute force attack Attacker knows –Algorithm –a pair of matching plaintext/ciphertext pair C=E k (P) Try all possible keys k to find the right key. Defense: have many possible keys. If key is n-bits then attacker needs to try 2 n keys How big should n be? –40 bits not enough –56 bits (DES) borderline –128 bits (AES) is good
7
Avishai Wool lecture 13 - 7 Key distribution problem Both sides need the secret key before communication can start. For n parties, n 2 secret keys. Does not scale! OK for small or centralized systems (military). How to communicate securely with someone you have never met? Large-scale e-commerce?
8
Avishai Wool lecture 13 - 8 Public-Key Cryptography All users pick a public key/private key pair –publish the public key in a directory –private key not published Public key is the encryption key –private key is the decryption key Idea invented by Diffie/Hellman
9
Avishai Wool lecture 13 - 9 Public key systems First working public-key crypto-system: Rivest- Shamir-Adelman (RSA). Based on difficulty of factoring large numbers Typical size of numbers: 1024 bits! Free, good public-key crypto software: PGP (pretty-good-privacy) http://www.pgp.com (commercial) http://www.gnupg.org (international, free)
10
Avishai Wool lecture 13 - 10 RSA Setup –Pick 2 secret large prime numbers p,q (512-1024 bits) –Compute n=p*q (n is the public modulus) –Let = (p-1)*(q-1) (Euler’s phi) –Pick e such that gcd(e, ) = 1 (e is public exponent) Usually e=3 or e=5 or e=65537 work OK –Calculate d such that e*d = 1 (modulo ) (secret exponent)
11
Avishai Wool lecture 13 - 11 RSA Usage Public key: n, e Secret key: d (also p,q, and remain secret) Encryption: –Message: a number M < n (e.g. 1024 bits) –Ciphertext: C = M e (mod n) –Anyone can encrypt, both n & e public Decryption: – M’ = C d (mod n) –By number theory magic, M’ == M (always) –Only receiver can decrypt because d is secret
12
Avishai Wool lecture 13 - 12 RSA example p=3, q=11 n=3*11 = 33 = 2*10 = 20 e = 7 d = 3 [verify: 7*3 = 21 = 1 (mod 20)] Assume the message is M = 2 Encrypt: C = 2 7 (mod 33) = 128 (mod 33) = 29 Decrypt: M’ = 29 3 (mod 33) = 24389 (mod 33) = 2
13
Avishai Wool lecture 13 - 13 How to send secure email Get PGP-compliant software –has plugins for Thunderbird and Outlook Get recipient’s public key –http://www.eng.tau.ac.il/~yash/Avishai-Wool-tau.asc –http://pgp.mit.edu/ Encrypt your message with recipient’s key & send Sender cannot decrypt message w/o saving a plaintext copy!
14
Avishai Wool lecture 13 - 14 One-Way Functions Function such that given x –easy to evaluate y = h(x) But given y and the (source code for) h() –computationally infeasible to find x Also known as cryptographic hash functions Popular examples: –MD5 –SHA-1, SHA-256
15
Avishai Wool lecture 13 - 15 Properties of hash functions Not secret: no key involved. Anyone can compute h(x) Given x, very hard to find y != x with h(y) = h(x) Like a CRC (error correction code) To distribute file F securely: –Compute h 1 =h(F), publish h 1 on website –Receiver downloads F, verifies that h(F) == h 1 –If attacker modifies F to F’, the hash will not match
16
Avishai Wool lecture 13 - 16 User Authentication
17
Avishai Wool lecture 13 - 17 Basic Principles Authentication must identify: 1.Something the user knows 2.Something the user has 3.Something the user is This is done before user can use the system
18
Avishai Wool lecture 13 - 18 Authentication Using Passwords A successful login Login rejected after name entered Login rejected after name and password typed Not good! better
19
Avishai Wool lecture 13 - 19 How are passwords stored on server? Pairs of (username, password) –very bad: –Steal the password file know all passwords Hashed passwords: pairs of (username, h(pwd)) –much better –but: users choose bad passwords
20
Avishai Wool lecture 13 - 20 Dictionary attack Attacker knows h() Offline: compute h(apple), …, h(zebra) –Maybe with variants (apple/Apple/4pple) Store in database (a few million entries) Steal password file Check if one of the hash values is in database –Reported 25% success rate
21
Avishai Wool lecture 13 - 21 Improvements Make password file harder to steal –Old Unix let all users read /etc/passwd –New Unixes store passwords in /etc/shadow which only root can access Force users to pick better passwords –Annoying, hard to remember passwords
22
Avishai Wool lecture 13 - 22 Selecting good passwords Idea: pronounceable random passwords –Program suggests things like “ArTiZu” “ricOpam” –Google for “apg” (automatic password generator) Idea: use an acronym –Pick a sentence: David Melech Israel Hay Hay VeKayam –Password: dmihhvk / dm1hhvk
23
Avishai Wool lecture 13 - 23 Using “salt” Makes dictionary attack harder: attacker needs separate dictionary for each salt value. Salt Password,,,,
24
Avishai Wool lecture 13 - 24 Challenge-response system Instead of fixed password: Server sends a “challenge” (a number or string) User types challenge into small “calculator”, gets “response” User sends response back to server To activate “calculator”, user needs a “PIN”.
25
Avishai Wool lecture 13 - 25 Authentication using a smartcard Magnetic cards –magnetic stripe cards –chip cards: stored value cards, smart cards
26
Avishai Wool lecture 13 - 26 Authentication Using Biometrics A device for measuring finger length.
27
Avishai Wool lecture 13 - 27 Problems with biometrics What if attacker can fake the protocol between the measuring device and server? Fake (plastic) fingerprints? Impossible to generate a “new password”… False positives and negatives –injury, illness, weather, moisture,...
28
Avishai Wool lecture 13 - 28 Countermeasures Limiting times when someone can log in Automatic callback at number prespecified Limited number of login tries A database of all logins
29
Avishai Wool lecture 13 - 29 Operating System Security
30
Avishai Wool lecture 13 - 30 Trojan Horses Free program made available to unsuspecting user –Actually contains code to do harm Place altered version of utility program on victim's computer –trick user into running that program
31
Avishai Wool lecture 13 - 31 Example: Login Spoofing (a) Correct login screen (b) Phony login screen
32
Avishai Wool lecture 13 - 32 Trap Doors (a) Normal code. (b) Code with a trapdoor inserted
33
Avishai Wool lecture 13 - 33 Buffer Overflows Example: web server, accepts a url http://server.a.com/overflow.asp?req=blablabla program copies what’s after ‘req=’ into buffer (a character array) without checking the input length! Attacker uses url http://server.a.com/overflow.asp?req=zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz-many-hex-values-here Example: code-red, nimda, …
34
Avishai Wool lecture 13 - 34 How Buffer Overflow Works (a) Situation when main program is running (b) After procedure A called (c) Buffer overflow shown in gray
35
Avishai Wool lecture 13 - 35 Viruses
36
Avishai Wool lecture 13 - 36 Viruses Virus = program can reproduce itself –attach its code to another program –additionally, do harm Goals of virus writer –quickly spreading virus –difficult to detect –hard to get rid of
37
Avishai Wool lecture 13 - 37 Infected program structure An executable program With a virus at the front With the virus at the end With a virus spread over free space within program
38
Avishai Wool lecture 13 - 38 How Viruses Spread Virus placed where likely to be copied When copied –infects programs on hard drive, floppy –may try to spread over LAN Attach to innocent looking email –when it runs, use mailing list to replicate
39
Avishai Wool lecture 13 - 39 Antivirus techniques Keep database of pieces of virus code (signatures) look at files and search for all virus signatures.
40
Avishai Wool lecture 13 - 40 Anti-Antivirus Techniques: compress & encrypt (a) A program (b) Infected program (c) Compressed infected program (d) Encrypted virus (e) Compressed virus with encrypted compression code
41
Avishai Wool lecture 13 - 41 Anti-Antivirus Techniques: polymorphism Examples of a polymorphic virus All of these examples do the same thing
42
Avishai Wool lecture 13 - 42 Recent E-mail viruses Mellisa, 1999: Microsoft Word document with malicious macro sent itself to 1st 50 addresses in infected user’s Outlook address book People open attachments from people they know.
43
Avishai Wool lecture 13 - 43 General Lessons Mono-culture is risky: –if everyone uses Outlook, and there is a bug in Outlook, everyone will be in trouble. Diversify! No separation: why does a word macro have the ability & permissions to send email? Social engineering is very powerful.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.