Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Published bySibyl Golden Modified over 8 years ago

Similar presentations

Presentation on theme: "Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or."— Presentation transcript:

1 Operating Systems Security 1

2 The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or bootstrapping. When a computer is turned on, it first executes code stored in a firmware component known as the BIOS (basic input/output system). Often performs Power-On Self-Test (POST) to detect hardware configuration 2

3 The Boot Sequence On modern systems, the BIOS loads into memory the second-stage boot loader, which handles loading the rest of the operating system into memory and then passes control of execution to the operating system. Boot loader is found from boot block on bootable device (or volume) Partitioned drives have master boot record in block 0, which has partition table locating each volume on the drive Each volume’s first block is the boot block or is marked unbootable 3

4 BIOS Passwords A malicious user could potentially seize execution of a computer at several points in the boot process. To prevent an attacker from initiating the first stages of booting, many computers feature a BIOS password that does not allow a second- stage boot loader to be executed without proper authentication. 4

5 Hibernation Modern machines have the ability to go into a powered-off state known as hibernation. While going into hibernation, the OS stores the contents of machine’s memory into a hibernation file (such as hiberfil.sys) on disk so the computer can be quickly restored later. 5 1. User closes a laptop computer, putting it into hibernation.

6 Hibernation Modern machines have the ability to go into a powered-off state known as hibernation. While going into hibernation, the OS stores the contents of machine’s memory into a hibernation file (such as hiberfil.sys) on disk so the computer can be quickly restored later. But… without additional security precautions, hibernation exposes a machine to potentially invasive forensic investigation. 6 1. User closes a laptop computer, putting it into hibernation. 2. Attacker copies the hiberfil.sys file to discover any unencrypted passwords that were stored in memory when the computer was put into hibernation.

7 Event Logging (Audit) Keeping track of – what processes are running, – what other machines have interacted with the system via the Internet, and – if the operating system has experienced any unexpected or suspicious behavior can often leave important clues not only for – troubleshooting ordinary problems, – but also for determining the cause of a security breach. 7

8 Process Explorer 8

9 Memory and Filesystem Security 9 The contents of a computer are encapsulated in its memory and file system. Thus, protection of a computer’s contents has to start with the protection of its memory and its file system.

10 Password Security The basic approach to guessing passwords from the password file is to conduct a dictionary attack, where each word in a dictionary is hashed and the resulting value is compared with the hashed passwords stored in the password file. A dictionary of 500,000 “words” is often enough to discover most passwords. 10

11 Password Salt One way to make the dictionary attack more difficult to launch is to use salt. Associate a random number with each userid. Rather than comparing the hash of an entered password with a stored hash of a password, the system compares the hash of (an entered password and the salt) for the associated userid with a stored hash of the (password and salt). 11

12 How Password Salt Works 12 Without salt: With salt: 1. User types userid, X, and password, P. 2. System looks up H, the stored hash of X’s password. 3. System tests whether h(P) = H. 1. User types userid, X, and password, P. 2. System looks up S and H, where S is the random salt for userid X and H is stored hash of S and X’s password. 3. System tests whether h(S||P) = H. … X: H … Password file: … X: S, H … Password file:

13 How Salt Increases Search Space Size Assuming that an attacker cannot find the salt associated with a userid he is trying to compromise, then the search space for a dictionary attack on a salted password is of size 2 B *D, where B is the number of bits of the random salt and D is the size of the list of words for the dictionary. For example, 32-bit salt and 500,000 word dictionary, then search space would be 2 32 * 500,000 = 2,147,483,648,000,000, which is over 2 quadrillion. 13

14 How Salt Increases Search Space Size Even if an attacker can find a salt password for a userid, he only learns one password. Unix systems: – 16-bit salt is stored with userid and hashed password in the /etc/passwd file – Attacker who obtains /etc/passwd learns salt – But will have to attack each user account separately, rather than just comparing hashed password to stored values of hashed password – Or will have to compute 2 16 sorted lists of pre-computed salted hashes On-line vs. offline dictionary attacks… Rainbow tables 14

15 Precomputed Hash Chains Rainbow table idea is based on “hash chains” (not your father’s hash chains!) Since passwords are text strings, and are hashed to produce “encrypted password” in password database, produce a chain of password - hash - password - hash and store the last hash value, for many starting points. Changing a hash to a valid password is “reduction” Sort the last hash values in the chains, then take your target hashed password, search for it in the list. If not in the list, then reduce the hashed PW, then hash that and try again. 15

16 Pre-computed Hash Chains 16 aaaaaa 3F2991AB H R brtlfa 497D3A93 H R snoggt A150EC27 H R zeentx 913D25C1 H 497D3A93 – no match, so reduce and hash Target hashed password:497D3A93 A150EC27– no match, so reduce and hash 913D25C1– match!

17 Precomputed Hash Chains (2) If the hash based on a chain starting from the hashed PW is ever found in the sorted list, then there is a good chance you can find the PW! Suppose each chain you precomputed had 1000 H-R cycles in it, and suppose you had to R-H the known hashed PW 400 times to find a match Then by taking the starting point of the chain corresponding to the matching hash, and iterating (1000-400) times, you may find the PW hash value. Always remember the previous reduced hash value, and this will be a password that hashed to the same value as the original PW 17

18 Precomputed Hash Chains (3) Even if there is a match, it may not work! Why not? There may be two chains that merge somewhere, and the desired hash may be on a different path than the one that produced the matching hash! What effect does salt have? Salt makes the hash function only work for a given salt value - if there are N salts, then must compute N tables! 18

19 Rainbow Tables So how to reduce collisions? Make a different reduction function for each stage! Now for there to be a collision, two chains must collide at the same stage! What effect does this have on lookup? Now must guess where target password is in chains – – Guess next to last – use last reduction function – Guess second to last – use second to last R – And so on…. – How much more work? – Quadratic in chain length instead of linear, but big win! 19

Download ppt "Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or."

Similar presentations

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.

Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Windows Vista Boot process. All the computer running Windows vista have the same start up sequence: Power-on self test (POST) phase Initial startup phase.

Windows Vista Boot process. All the computer running Windows vista have the same start up sequence: Power-on self test (POST) phase Initial startup phase.
Linux+ Guide to Linux Certification Chapter Nine System Initialization.

Linux+ Guide to Linux Certification Chapter Nine System Initialization.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
CSUF Chapter 3.2 1. CSUF Operating Systems Security 2.

CSUF Chapter CSUF Operating Systems Security 2.
EEE 435 Principles of Operating Systems Operating System Concepts (Modern Operating Systems 1.5)

EEE 435 Principles of Operating Systems Operating System Concepts (Modern Operating Systems 1.5)
Operating-System Structures

Operating-System Structures
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
File System Analysis.

File System Analysis.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.

Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.

Similar presentations

Ads by Google