Presentation is loading. Please wait.

Presentation is loading. Please wait.

12. Protection/Security Interface

Similar presentations

Presentation on theme: "12. Protection/Security Interface"— Presentation transcript:

1 12. Protection/Security Interface
12.1 Security Threats Types of Damage Vulnerable Resources Types of Attacks 12.2 Functions of a Protection System 12.3 User Authentication Approaches to Authentication Passwords 12.4 Secure Communication Principles of Cryptography Secret-Key Cryptosystems Public-Key Cryptosystems Operating Systems

2 Security Threats Types of damage Information Disclosure theft
Information Destruction possible without disclosure Unauthorized Use of services install SW without license, pirated copies (theft) use fake ID/password to use online service Denial of Service difficult to quantify Vulnerable resources Hardware (CPU, memory, communications, devices) Software (files, processes, VM) Operating Systems

3 Types of Attacks Browsing of Information
Unauthorized search for residual information Unused memory and disk space is generally not deleted Typically done by a user who is already inside Information leaking A trusted service leaks confidential/secret information (Confinement Problem) Operating Systems

4 Types of Attacks Trojan Horse Greek mythology—the siege of Troy
wooden horse = “present” by Greeks soldiers hidden inside Trojans pulled the horse into the city soldiers opened the gates for the Greeks, causing the destruction of Troy Attack: trusting user accepts a “present”, e.g. a free program, that causes damage (don’t open attachments) Trap door an undocumented feature inserted on purpose or as a flaw to enter later Operating Systems

5 Types of Attacks Viruses Designed to replicate themselves
removable storage media, , file transfer Intended to cause damage Need a host program attach to and modify host execute as part of host Virus detection check program length (but virus can hide or compress program) check for virus “signature”—bit pattern used by virus to mark already infected program (viruses use encryption) Operating Systems

6 Types of Attacks Worms Intended to cause damage
Exploit some system weakness to replicate No host needed Example: Robert Morris Internet Worm (Nov 2, 1988) Excessive replication caused major havoc on the internet (denial of service) 3 separate attacks: rsh: Spawn process on remote machine without pw (using a list of “trusted” systems) sendmail: Exploited an error that allows a message to send itself and start finger: Buffer overflow not checked – major weakness to take over the system Operating Systems

7 Types of Attacks Buffer Overflow: Example: foo calls finger
Attack hijacks return address by supplying a parameter that is longer than the buffer (overflows) When finger terminates, control goes to a place set by the attack and is not returned to foo. Operating Systems

8 Types of Attacks Remote execution
Service to upload and start code on remote machine Mobile agent: may migrate among machines Like worm but legitimate migration Must be designed carefully to prevent abuse of privileges of remote host environment Wire tapping Insert a device into line or listen to wireless Passive (listen) or Active (modify) Waste searching Look for passwords or sensitive data Operating Systems

9 Types of Attacks Masquerading Impersonate process, user, service
Used from outside: Use stolen password (impersonate a legitimate user) Break communication line, assume session Used from within (spoofing): Impersonate login shell, steal password Trial and error e.g., try to guess password Operating Systems

10 Types of Attacks -- Classification
From within direct access as a valid process indirect Access via agent (attacker not present during attack) From outside channels provided for legitimate purposes illegitimate channels Operating Systems

11 Functions of a Protection System
External safeguards guard physical access (locks, badges, cameras) Verification of user identity (User Authentication)  Communication safeguards protect public/vulnerable lines: cryptography Access control (Ch 13) can Subject perform function on Resource Information flow control (Ch 13) can S get information contained in R (indirectly) Operating Systems

12 User Authentication Approaches: Knowledge of some information
Password, dialog Possession of some artifact Machine-readable cards (ATM) Combine with knowledge (PIN) Biometrics: Physical characteristics of person Fingerprint Hand geometry Face geometry Retina or iris scan Voice print Signature dynamics Operating Systems

13 Fingerprint Recognition
Extremely useful biometrics technology Fingerprints are a primary and accurate identification method Operating Systems

14 Fingerprint Recognition
Uses the ridge endings and bifurcation's to plot points known as minutiae The number and locations of the minutiae vary from finger to finger and from person to person Finger Image Finger Image + Minutiae Minutiae Operating Systems

15 Face Recognition Uses an image or series of images
Principle: analysis of the unique shape, pattern and positioning of facial features Passive: does not require a person’s cooperation Highly complex technology Common approach: Face geometry Operating Systems

16 Voice Recognition Not speech recognition, it is speaker recognition
Low-cost (cheap hardware) Not very accurate (voice varies, noise) Can be stolen (recorded) Operating Systems

17 Hand geometry one of the most deployed biometrics world wide
Ben Gurion Airport (Israel) Operating Systems

18 Signature Verification
Static/off-line: match pattern (image) can easily be reproduced Dynamic/On-line: match movement of the pen during signing process (pressure, speed) Many commercial products Operating Systems

19 Iris recognition Based on visible features, i.e. rings, furrows, freckles and the corona Safest, most accurate biometrics technology Heathrow Airport (London) Operating Systems

20 Retina recognition Capture the pattern of blood vessels throughout the retina No two retinas are the same, even in identical twins More difficult/less convenient than iris scan Operating Systems

21 Other techniques DNA Unique (except for identical twins) but many imitations: not fully automated, slow, expensive privacy issue – DNA contains information about race, paternity, medical conditions requires a physical sample of tissue Thermograms infrared camera to detect the heat patterns Operating Systems

22 User Authentication Problem with biometrics: uncertainty in recognition System generates a number 0  n  1 Bimodal distribution Threshold must be chosen to minimize false alarms imposter acceptance Operating Systems

23 User Authentication Passwords
Must protect stored password files from access Must prevent trial and error (guessing) Protecting password files Maintain unencrypted; rely on access control Encrypt using “one-way” function H: H-1 is unknown knowing H(x) does not yield x keep only H(pw) with user name at login, compute H(pw’) and compare with H(pw) Operating Systems

24 User Authentication Preventing password guessing System-generated pw
Random string: difficult to memorize “Pronounceable” words System-validated Accept only passwords that obey specifications (length, mix of letters/digits, upper/lower case) Employ password-cracking programs to reject easy-to-guess passwords Time-limited Expiration date or number of uses Operating Systems

25 User Authentication One-time passwords
Smart card (can be lost or stolen) Use secret function; System generates a challenge n, user replies with f(n) as password; e.g. f(n)=3*n/2 Use one-way function to generate series of one-time passwords from one password pw … H(H(H(pw))) H(H(pw)) H(pw) pw Intruder can derive H(H(pw)) from H(pw) but not H(pw) from H(H(pw)) because H-1 is unknown Operating Systems

26 User Authentication guess any valid password:
repeatedly generate strings s (dictionary, random, …), check if H(s) is in table System-extended pw for each pw, generate random number slt (called “salt”) store: UserName,slt,H(slt,pw) guessing: must check H(slt,s) for every slt in table salting does not make it harder to guess the password of a specific user Operating Systems

27 Functions of a Protection System
External safeguards Guard physical access (locks, badges, cameras) Verification of user identity (User Authentication) Communication safeguards  Protect public/vulnerable lines: cryptography Access control Can Subject perform function on Resource Information flow control Can S get information contained in R (indirectly) Operating Systems

28 Secure Communication Principles of cryptography:
Cipher text, Plain text, Key(s) Encrypt: C = E(P,Ke) Decrypt: D(C,Kd) = P Goals: Secrecy = message content not revealed Integrity = message not modified Authenticity = establish identity of sender Nonrepudiability = establish identity of creator (regardless of who sent it) an actor cannot deny creation of message (signature) Operating Systems

29 Secure Communication Secret-key Cryptosystems Symmetric:
S and R share a common secret key K which is used for both encrypting and decrypting Operating Systems

30 Secure Communication Examples transposition cipher:
rearranges the order of letters example algorithm: swap 2 letters, skip n key: n e.g., n=1: 'hello world' → 'ehlol owrdlnd’ substitution cipher replace letters or groups of letters example: Cesar cypher algorithm: replace every letter by the letter k positions down in the alphabet key: k e.g., k=1: 'fly at once' → 'gmz bu podf‘ Easy to break using statistical analysis Operating Systems

31 Secure Communication Example: DES US standard (1977) Blocks of 64 bits
Block is divided into L and R half F applies Key to R result is XOR’d with L, becomes new R old R becomes new L repeat 16 times F uses: permutations substitutions XOR with a 56-bit key Triple-DES C = DEA(DEA(DEA(P, K3), K2, K1) Operating Systems

32 Secure Communication With Secret-key cryptosystems:
Secrecy: only R can decrypt C Integrity: intruder cannot produce valid message Nonrepudiation: not possible, S can deny Authenticity of sender: must prevent replay Operating Systems

33 Secure Communication Use nonce N to prevent replay of message: S R
(2) C=E({P,N},K)  Capturing either message does not help; both are different every time Use timestamp T to prevent replay C=E({P,T},K)  Limits possible replay to a chosen time interval Operating Systems

34 Secure Communication Key distribution and authentication
Both S and R must have the same key K Trusted server approach: Each process has its own secret key for communication with trusted Key Distribution Center (KDC) At runtime, process A asks KDC for a Session Key KAB for communication with process B KDC A B (1)  A,B (2) E({KAB,B,ticket},KA)  (3) ticket  ticket = E({KAB,A},KB) Operating Systems

35 Secure Communication Public-key cryptosystems (Diffie-Hellman, 1976)
Asymmetric: different keys for encryption and decryption One cannot be derived from the other One is Public key, other is Private Operating Systems

36 Secure Communication With Public-key cryptosystems
Secrecy: only R can decrypt message using KRpriv Integrity: intruder cannot produce valid message without KSpriv Authenticity of creator: same as integrity: only S knows KSpriv Authenticity of sender: use nonce or timestamp to prevent replay Operating Systems

37 Secure Communication How to make a key/function so that the other cannot be derived from it? RSA (Rivest, Shamir, Adelman) Public Key C = E(P) = Pe mod n P = D(C) = Cd mod n (e,n): Public encryption key (d,n): Private/secret decryption key; d cannot be derived from e Operating Systems

38 Secure Communication RSA Key Generation
Choose large primes p and q; compute n=p*q Example: p=5, q=7, n=35 Choose d to be a (large) prime number having no factors in common with (p1)*(q1) Example: (51)*(71)=24; d=5 or 7 or 11 (choose 11) Choose e such that e*d mod (p1)*(q1) = 1 Example: e*11 mod 24 = 1; e = 11 or 35 or 59 or 83 … C = E(P) = P59 mod 35 P = D(C) = C11 mod 35 Operating Systems

39 Secure Communication Why is RSA encryption secure?
n is derived from p and q; (n=p*q) d is also derived from p and q; (no common factors) e is derived from d but also needs p and q; only d is known/public, p and q have been discarded → e cannot be derived similarly, d cannot be derived from e without p and q Operating Systems

40 Secure Communication Public key distribution and authentication
Making key public is easy, but need to authenticate it: How does A safely get B’s public key KBpubl ? Trusted server approach: KDC A (1)  A,B (2) E({B,KBpubl},KKDCpriv)  KDC provides B’s public key KBpubl KKDCpriv guarantees authenticity (KDC sent it) Operating Systems

41 Secure Communication Digital Signatures:
How can a document be “signed” and transmitted electronically? Here is my signature Anyone can copy and attach it to any document Sign on paper, scan Any document is digitized and can be modified Public-key cryptosystems permit unforgeable electronic “signatures”? Operating Systems

42 Secure Communication Digital Signature: document M is to be “signed”
Sender generates unique digest: d = H(M) Sender encrypts E(d,KSpriv), receiver decrypts with KSpubl Receiver computes d’ = H(M); d’ is a unique signature of document M d=d’ means that d is a also a unique signature of M; Decryption authenticates sender, proving sender sent d i.e., sender signed M Operating Systems

Download ppt "12. Protection/Security Interface"

Similar presentations

Ads by Google