Security

 

Objectives

 

·       To discuss security threats and attacks

·       To explain the fundamentals of encryption & authentication.

·       To examine the uses of cryptography in computing

·        To describe the various countermeasures to security attacks

 

Security Violations

 

§  Categories

ü Breach of confidentiality

ü Breach of integrity

ü Breach of availability

ü Theft of service

ü Denial of service

 

§  Methods

ü Masquerading (breach authentication)

ü Replay attack

ü Message modification

ü Man-in-the-middle attack

 

Standard Security Attacks

 

 

Security Measure Levels

 

§  Security must occur at four levels to be effective:

ü Physical

ü Human: Avoid social engineering, phishing.

ü Operating System

ü Network

§  Security is as weak as the weakest link in the chain

 

Program Threats

 

Trojan Horse

Code segment that misuses its environment:

Spyware, pop-up browser windows, covert channels

 

Trap Door

Specific user identifier or password that circumvents normal security procedures

 

Logic Bomb

Program that initiates a security incident under certain circumstances

 

Stack & Buffer Overflow

Exploits a bug in a program (overflow either the stack or memory buffers)

 

C Program with Buffer-overflow Condition

 

Bufferoverflow.c:    _{strncpy  vs.   strcpy}

 

_{#define MemSize 10
int
main(int argc, char *argv[])
{}      

_{char            buf1[10];
char            buf2[10];
char           *buf3 = malloc(MemSize);
char           *buf4 = malloc(MemSize);}

 

        _{strncpy(buf1, argv[1], sizeof(buf1));
        printf("stack buf1 ncpy: %s\n", buf1);}
       

        <sub>strcpy(buf2, argv[1]);
        printf("stack buf2: %s\n", buf2);
       
        strncpy(buf3, argv[1], MemSize);
        printf("heap buf3 ncpy:%s\n", buf3);

        strcpy(buf4, argv[1]);
        printf("heap buf4: %s\n", buf4);
       
}</sub>

 

_{To Run:}

 

_{% bufferoverflow 0123456789abdelwahab}

_{stack buf1 ncpy: 0123456789}

_{stack buf2: 0123456789abdelwahab}

_{heap buf3 ncpy:0123456789}

_{heap buf4: 0123456789abdelwahab}

 

_{% bufferoverflow 0123456789abdelwahab0123456789}

_{stack buf1 ncpy: 0123456789}

_{stack buf2: 0123456789abdelwahab0123456789}

_{Segmentation fault (core dumped)}

 

System and Network Threats

 

Internet worm

Exploited UNIX networking features (remote access) and bugs in  finger and  sendmail  programs

 

Port scanning

Automated attempt to connect to a range of ports on one or a range of IP addresses

 

Denial of Service

ü Overload the targeted computer to prevent it from doing any useful work

ü Distributed denial-of-service (DDOS) come from multiple sites at once

 

Secure Communication over Insecure Medium

 

 

 

Symmetric Encryption

 

                         (encryption)
plaintext         >>>>>>>>>          ciphertext
                                   |
                                key
                                   |
ciphertext       >>>>>>>>            plaintext
                        (decryption)

 

ü Same key used to encrypt and decrypt

ü DES is most commonly used symmetric block-encryption algorithm (created by US Govt)

ü Triple-DES considered more secure

ü Advanced Encryption Standard (AES)

 

Example:    XOR encryption/decryption

 

Message M = 7 (111)

Key  K = 4 (100)

 

C = E(K, M) = M XOR K = 111 XOR 100 = 011 = 3

M = D(K, C) = C XOR K = 011 XOR 100 = 111 = 7

 

 

Asymmetric Encryption

 

 

Each individual has two keys:

 

ü private key (not revealed to anyone)

 

ü public key (make it known to everyone)

 

 

                         (encryption)
plaintext         >>>>>>>>>          ciphertext
                                   |
                          Public key

 

                         Private key
                                   |
ciphertext       >>>>>>>>            plaintext
                        (decryption)

 

 

 

Example:

 

             Public Key (5, 91) &

 

 Private Key (29, 91)

 

          M = 69.

 

C  = 69 ** 5 mod 91   = 62

M = 62 ** 29 mod 91 = 69

 

 

 

 

Authentication – Hash Functions

 

Also known as:  message digest, fingerprint,  one-way function  

The hash of a message m, h=H(m) has the following properties:

ü  Given m, it is easy to compute h.

ü  Given h, it is hard to compute m.

ü  Given m, it is hard to find another m' such that H(m) = H(m').

ü  It is hard to find m1 and m2 such that H(m1) = H(m2).

Common message-digest functions include MD5, which produces a 128-bit hash,

and SHA-1, which outputs a 160-bit hash

 

 

Authentication

 

 MAC message-authentication code

Send (m,h) where h = H(m|K)     >>>>>     Got (m,h) is OK if h = H (m|K)

K is the shared secret

 

Digital Signature

 

 

 

                          (signing)
plaintext         >>>>>>>>>          ciphertext
                                   |
                          private key

 

                         Public  key
                                   |
ciphertext       >>>>>>>>            plaintext
                        (verification)

 

 

Key Distribution

 

Digital Certificates: Proof of who owns a public key

 

ü It is a Public key digitally signed by a trusted party

ü Trusted party receives proof of identification from entity and certifies that public key belongs to entity

ü Certificate authority (CA) are trusted party – their public keys included with web browser distributions

 

Example – SSL

 

ü SSL – Secure Socket Layer.

ü Used between web servers and browsers for secure communication (credit card numbers)

ü The server is verified with a certificate assuring the client that it is talking to the correct server

ü Asymmetric cryptography used to establish a secure session key (symmetric encryption)

for bulk of communication during session

 

User Authentication

 

·        User identity most often established through passwords,

·        Passwords must be kept secret

ü Frequent change of passwords

ü Use of “non-guessable” passwords