Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Security Dr. Sriram Chellappan These slides are available at BlackBoard.

Published byChad Williamson Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of Security Dr. Sriram Chellappan These slides are available at BlackBoard."— Presentation transcript:

1 Overview of Security Dr. Sriram Chellappan chellaps@mst.edu These slides are available at BlackBoard

2 Overview q Security Definitions q Security threats and attacks q Security Services q Operational Issues

3 The Definition q Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable q Security rests on confidentiality, authenticity, integrity, availability, non-repudiation

4 In OS terms q Operating System Computer security – Addresses the issue of preventing unauthorized access to resources and information maintained by computers – Encompasses the following issues: Guaranteeing the privacy and integrity of sensitive data Restricting the use of computer resources Providing resilience against malicious attempts to incapacitate the system – Employs mechanisms that shield resources such as hardware and operating system services from attack

5 The Basic Components q Confidentiality is the concealment of information or resources. q Authenticity is the identification and assurance of the origin of information. m Related to privacy q Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes. q Availability refers to the ability to use the information or resource desired. q Non-repudiation means that it can be verified that the sender and the recipient were, in fact, the parties who claimed to send/ receive a particular message, and the message sent/ received were the same

6 Security Threats and Attacks q A threat is a potential violation of security. m Flaws in design, implementation, and operation. q An attack is any action that violates security. m Active adversary. q A threat is typically a precursor to an attack

7 Eavesdropping - Message Interception (Attack on Confidentiality) q Unauthorized access to information q Packet sniffers and wiretappers q Illicit copying of files and programs S R Eavesdropper

8 Techniques to Enforce Confidentiality q Symmetric key distribution q What are the challenges m How to secure transmit the symmetric keys m Key revocation after a certain point in time m Protect the key from being lost q Latest technique to solve this problem m Asymmetric keys

9 Integrity Attack - Tampering With Messages q Stop the flow of the message q Delay and optionally modify the message q Release the message again S R Perpetrator

10 Techniques to Enforce Integrity q Message Authentication Codes m Accomplished using hash functions m That are collision resistant and have one-way property

11 Authenticity Attack - Fabrication q Unauthorized assumption of other’s identity q Generate and distribute objects under this identity S R Masquerader: from S

12 Techniques to Enforce Authentication q Standard Techniques are passwords m Easy to be captured by adversary m Easy to be guessed by adversary q Evolving techniques m Biometrics m One time password generator m Expand sample space of secret – password mapping q Access control mechanisms q Kerberos – A well known authentication technique

13 What is Kerberos? q Developed by MIT q Shared secret-based strong 3 rd party authentication q Provides single sign-on capability q Passwords never sent across network And now – the players…

14 Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service Susan’s Desktop Computer Think “Kerberos Server” and don’t let yourself get mired in terminology.

15 Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service Susan’s Desktop Computer Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…)

16 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service “I’d like to be allowed to get tickets from the Ticket Granting Server, please.

17 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service “Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.”

18 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service myPassword XYZ Service TGT

19 Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”. The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication. The TGT contains no password information.

20 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service “Let me prove I am Susan to XYZ Service. Here’s a copy of my TGT!” use XYZ TGT

21 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service TGT Hey XYZ: Susan is Susan. CONFIRMED: TGS You’re Susan. Here, take this.

22 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service TGT Hey XYZ: Susan is Susan. CONFIRMED: TGS I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for XYZ. Hey XYZ: Susan is Susan. CONFIRMED: TGS

23 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service TGT Hey XYZ: Susan is Susan. CONFIRMED: TGS Hey XYZ: Susan is Susan. CONFIRMED: TGS That’s Susan alright. Let me determine if she is authorized to use me.

24 Authorization checks are performed by the XYZ service… Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service.

25 One remaining note: Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable. Until a ticket’s expiration, it may be used repeatedly.

26 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service TGT Hey XYZ: Susan is Susan. CONFIRMED: TGS ME AGAIN! I’ll prove it. Here’s another copy of my legit service ticket for XYZ. Hey XYZ: Susan is Susan. CONFIRMED: TGS use XYZ

27 Susan’s Desktop Computer Susan Key Distribution Center Ticket Granting Service Authen- Tication Service XYZ Service TGT Hey XYZ: Susan is Susan. CONFIRMED: TGS Hey XYZ: Susan is Susan. CONFIRMED: TGS That’s Susan… again. Let me determine if she is authorized to use me.

28 Attack on Availability q Destroy hardware (cutting fiber) or software q Corrupt packets in transit q Blatant denial of service (DoS): m Crashing the server m Overwhelm the server (use up its resource) S R

29 Techniques to Enforce Availability q Think of an example m Standard technique is almost always redundancy – Also called over-provisioning m Can be counter-productive sometimes q Think how

30 Impact of Attacks q Economic impacts q Societal impacts q Military impacts All attacks can be related and are dangerous!

31 Some trade-offs w.r.t. security q Availability vs. Privacy q Confidentiality vs. Power management q Privacy vs. Delay q Bandwidth vs. Privacy

32 Security Policy and Mechanism q Policy: a statement of what is, and is not allowed. q Mechanism: a procedure, tool, or method of enforcing a policy. q Security mechanisms implement functions that help prevent, detect, and respond to recovery from security attacks. q Security functions are typically made available to users as a set of security services through APIs or integrated interfaces. q Cryptography underlies many security mechanisms.

33 Operational Issues q Cost-Benefit Analysis q Risk Analysis q Laws and Customs Human Issues q Organizational Problems q People Problems

34 Proprietary and Open-Source Security q Advantages of open-source security applications m Interoperability q Open-source applications tend to implement standards and protocols that many developers include in their products. m An application’s source code is available for extensive testing and debugging by the community at large q Weaknesses of proprietary security m Nondisclosure m The number of collaborative users that can search for security flaws and contribute to the overall security of the application is limited q Proprietary systems, however, can be equally as secure as open- source systems

Download ppt "Overview of Security Dr. Sriram Chellappan These slides are available at BlackBoard."

Similar presentations

An Overview of Computer and Network Security Nick Feamster CS 6262 Spring 2009.

An Overview of Computer and Network Security Nick Feamster CS 6262 Spring 2009.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Kerberos for Users Jeff Blaine 5/2006. What is Kerberos? Developed by MIT Shared secret-based strong 3 rd party authentication Provides single sign-on.

Kerberos for Users Jeff Blaine 5/2006. What is Kerberos? Developed by MIT Shared secret-based strong 3 rd party authentication Provides single sign-on.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.

Chap 1: Overview Concepts of CIA: confidentiality, integrity, and availability Confidentiality: concealment of information –The need arises from sensitive.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google