Presentation is loading. Please wait.

Presentation is loading. Please wait.

Avishai Wool lecture 13 - 1 Introduction to Systems Programming Lecture 13 Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Avishai Wool lecture 13 - 1 Introduction to Systems Programming Lecture 13 Security."— Presentation transcript:

1 Avishai Wool lecture 13 - 1 Introduction to Systems Programming Lecture 13 Security

2 Avishai Wool lecture 13 - 2 Security goals and threats GOAL Data confidentiality Data integrity User authentication Privilege separation System availability THREAT Data exposure Data modification Masquerading Privilege elevation Denial of service

3 Avishai Wool lecture 13 - 3 Introduction to Cryptography

4 Avishai Wool lecture 13 - 4 Basics of Cryptography Relationship between the plaintext and the ciphertext

5 Avishai Wool lecture 13 - 5 Encryption key == decryption key Monoalphabetic substitution –each letter replaced by different letter: a->x, b->t, … –very easy to break Modern computer ciphers: –DES (Data Encryption Standard, 1977) – 56bit keys –3-DES / triple DES: use DES 3 times - 112/168bit keys –AES (Advanced Encryption Standard, 2001) – 128-256bit Symmetric-Key Cryptography

6 Avishai Wool lecture 13 - 6 Brute force attack Attacker knows –Algorithm –a pair of matching plaintext/ciphertext pair C=E k (P) Try all possible keys k to find the right key. Defense: have many possible keys. If key is n-bits then attacker needs to try 2 n keys How big should n be? –40 bits not enough –56 bits (DES) borderline –128 bits (AES) is good

7 Avishai Wool lecture 13 - 7 Key distribution problem Both sides need the secret key before communication can start. For n parties, n 2 secret keys. Does not scale! OK for small or centralized systems (military). How to communicate securely with someone you have never met? Large-scale e-commerce?

8 Avishai Wool lecture 13 - 8 Public-Key Cryptography All users pick a public key/private key pair –publish the public key in a directory –private key not published Public key is the encryption key –private key is the decryption key Idea invented by Diffie/Hellman

9 Avishai Wool lecture 13 - 9 Public key systems First working public-key crypto-system: Rivest- Shamir-Adelman (RSA). Based on difficulty of factoring large numbers Typical size of numbers: 1024 bits! Free, good public-key crypto software: PGP (pretty-good-privacy) http://www.pgp.com (commercial) http://www.gnupg.org (international, free)

10 Avishai Wool lecture 13 - 10 RSA Setup –Pick 2 secret large prime numbers p,q (512-1024 bits) –Compute n=p*q (n is the public modulus) –Let  = (p-1)*(q-1) (Euler’s phi) –Pick e such that gcd(e,  ) = 1 (e is public exponent) Usually e=3 or e=5 or e=65537 work OK –Calculate d such that e*d = 1 (modulo  ) (secret exponent)

11 Avishai Wool lecture 13 - 11 RSA Usage Public key: n, e Secret key: d (also p,q, and  remain secret) Encryption: –Message: a number M < n (e.g. 1024 bits) –Ciphertext: C = M e (mod n) –Anyone can encrypt, both n & e public Decryption: – M’ = C d (mod n) –By number theory magic, M’ == M (always) –Only receiver can decrypt because d is secret

12 Avishai Wool lecture 13 - 12 RSA example p=3, q=11  n=3*11 = 33  = 2*10 = 20 e = 7 d = 3 [verify: 7*3 = 21 = 1 (mod 20)] Assume the message is M = 2 Encrypt: C = 2 7 (mod 33) = 128 (mod 33) = 29 Decrypt: M’ = 29 3 (mod 33) = 24389 (mod 33) = 2

13 Avishai Wool lecture 13 - 13 How to send secure email Get PGP-compliant software –has plugins for Thunderbird and Outlook Get recipient’s public key –http://www.eng.tau.ac.il/~yash/Avishai-Wool-tau.asc –http://pgp.mit.edu/ Encrypt your message with recipient’s key & send Sender cannot decrypt message w/o saving a plaintext copy!

14 Avishai Wool lecture 13 - 14 One-Way Functions Function such that given x –easy to evaluate y = h(x) But given y and the (source code for) h() –computationally infeasible to find x Also known as cryptographic hash functions Popular examples: –MD5 –SHA-1, SHA-256

15 Avishai Wool lecture 13 - 15 Properties of hash functions Not secret: no key involved. Anyone can compute h(x) Given x, very hard to find y != x with h(y) = h(x) Like a CRC (error correction code) To distribute file F securely: –Compute h 1 =h(F), publish h 1 on website –Receiver downloads F, verifies that h(F) == h 1 –If attacker modifies F to F’, the hash will not match

16 Avishai Wool lecture 13 - 16 User Authentication

17 Avishai Wool lecture 13 - 17 Basic Principles Authentication must identify: 1.Something the user knows 2.Something the user has 3.Something the user is This is done before user can use the system

18 Avishai Wool lecture 13 - 18 Authentication Using Passwords A successful login Login rejected after name entered Login rejected after name and password typed Not good! better

19 Avishai Wool lecture 13 - 19 How are passwords stored on server? Pairs of (username, password) –very bad: –Steal the password file  know all passwords Hashed passwords: pairs of (username, h(pwd)) –much better –but: users choose bad passwords

20 Avishai Wool lecture 13 - 20 Dictionary attack Attacker knows h() Offline: compute h(apple), …, h(zebra) –Maybe with variants (apple/Apple/4pple) Store in database (a few million entries) Steal password file Check if one of the hash values is in database –Reported 25% success rate

21 Avishai Wool lecture 13 - 21 Improvements Make password file harder to steal –Old Unix let all users read /etc/passwd –New Unixes store passwords in /etc/shadow which only root can access Force users to pick better passwords –Annoying, hard to remember passwords

22 Avishai Wool lecture 13 - 22 Selecting good passwords Idea: pronounceable random passwords –Program suggests things like “ArTiZu” “ricOpam” –Google for “apg” (automatic password generator) Idea: use an acronym –Pick a sentence: David Melech Israel Hay Hay VeKayam –Password: dmihhvk / dm1hhvk

23 Avishai Wool lecture 13 - 23 Using “salt” Makes dictionary attack harder: attacker needs separate dictionary for each salt value. Salt Password,,,,

24 Avishai Wool lecture 13 - 24 Challenge-response system Instead of fixed password: Server sends a “challenge” (a number or string) User types challenge into small “calculator”, gets “response” User sends response back to server To activate “calculator”, user needs a “PIN”.

25 Avishai Wool lecture 13 - 25 Authentication using a smartcard Magnetic cards –magnetic stripe cards –chip cards: stored value cards, smart cards

26 Avishai Wool lecture 13 - 26 Authentication Using Biometrics A device for measuring finger length.

27 Avishai Wool lecture 13 - 27 Problems with biometrics What if attacker can fake the protocol between the measuring device and server? Fake (plastic) fingerprints? Impossible to generate a “new password”… False positives and negatives –injury, illness, weather, moisture,...

28 Avishai Wool lecture 13 - 28 Countermeasures Limiting times when someone can log in Automatic callback at number prespecified Limited number of login tries A database of all logins

29 Avishai Wool lecture 13 - 29 Operating System Security

30 Avishai Wool lecture 13 - 30 Trojan Horses Free program made available to unsuspecting user –Actually contains code to do harm Place altered version of utility program on victim's computer –trick user into running that program

31 Avishai Wool lecture 13 - 31 Example: Login Spoofing (a) Correct login screen (b) Phony login screen

32 Avishai Wool lecture 13 - 32 Trap Doors (a) Normal code. (b) Code with a trapdoor inserted

33 Avishai Wool lecture 13 - 33 Buffer Overflows Example: web server, accepts a url http://server.a.com/overflow.asp?req=blablabla program copies what’s after ‘req=’ into buffer (a character array) without checking the input length! Attacker uses url http://server.a.com/overflow.asp?req=zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz-many-hex-values-here Example: code-red, nimda, …

34 Avishai Wool lecture 13 - 34 How Buffer Overflow Works (a) Situation when main program is running (b) After procedure A called (c) Buffer overflow shown in gray

35 Avishai Wool lecture 13 - 35 Viruses

36 Avishai Wool lecture 13 - 36 Viruses Virus = program can reproduce itself –attach its code to another program –additionally, do harm Goals of virus writer –quickly spreading virus –difficult to detect –hard to get rid of

37 Avishai Wool lecture 13 - 37 Infected program structure An executable program With a virus at the front With the virus at the end With a virus spread over free space within program

38 Avishai Wool lecture 13 - 38 How Viruses Spread Virus placed where likely to be copied When copied –infects programs on hard drive, floppy –may try to spread over LAN Attach to innocent looking email –when it runs, use mailing list to replicate

39 Avishai Wool lecture 13 - 39 Antivirus techniques Keep database of pieces of virus code (signatures) look at files and search for all virus signatures.

40 Avishai Wool lecture 13 - 40 Anti-Antivirus Techniques: compress & encrypt (a) A program (b) Infected program (c) Compressed infected program (d) Encrypted virus (e) Compressed virus with encrypted compression code

41 Avishai Wool lecture 13 - 41 Anti-Antivirus Techniques: polymorphism Examples of a polymorphic virus All of these examples do the same thing

42 Avishai Wool lecture 13 - 42 Recent E-mail viruses Mellisa, 1999: Microsoft Word document with malicious macro sent itself to 1st 50 addresses in infected user’s Outlook address book People open attachments from people they know.

43 Avishai Wool lecture 13 - 43 General Lessons Mono-culture is risky: –if everyone uses Outlook, and there is a bug in Outlook, everyone will be in trouble. Diversify! No separation: why does a word macro have the ability & permissions to send email? Social engineering is very powerful.

Download ppt "Avishai Wool lecture 13 - 1 Introduction to Systems Programming Lecture 13 Security."

Similar presentations

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
1 Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.

1 Pertemuan 23 Sistem Keamanan Matakuliah: T0316/sistem Operasi Tahun: 2005 Versi/Revisi: 5.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Algorithms 4/17/2017 M. Chatterjee.

Public Key Algorithms 4/17/2017 M. Chatterjee.

Similar presentations

Ads by Google