Security at the Operating System Level (Microsoft) By Birinder Dhillon.

Slides:

Advertisements

Similar presentations

Chapter 10 Real world security protocols

Advertisements

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

SCSC 455 Computer Security

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

VM: Chapter 5 Guiding Principles for Software Security.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.

Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.

Hands-On Microsoft Windows Server 2008

CIS 450 – Network Security Chapter 8 – Password Security.

1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.

Module 9: Fundamentals of Securing Network Communication.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.

Windows NT Operating System. Windows NT Models Layered Model Client/Server Model Object Model Symmetric Multiprocessing.

King Mongkut’s University of Technology Faculty of Information Technology Network Security Prof. Reuven Aviv 6. Public Key Infrastructure Prof. R. Aviv,

PAPER PRESENTATION ON NETWORK SECURITY ISSUES BY M.D SAMEER YASMEEN SULTHANA.

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

Key Management. Given a computer network with n hosts, for each host to be able to communicate with any other host would seem to require as many as n*(n-1)

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.

Computer and Network Security - Message Digests, Kerberos, PKI –

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Key Management Network Systems Security Mort Anvari.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

KERBEROS SYSTEM Kumar Madugula.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Fall 2006CS 395: Computer Security1 Key Management.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Erica Burch Jesse Forrest

Operating System Concepts

Presentation transcript:

Security at the Operating System Level (Microsoft) By Birinder Dhillon

Outline Why need security at the OS level? Security features/concerns of Microsoft Windows NT. Security provided by Microsoft Windows “Next Generation Secure Computing Base for Windows” by Microsoft. Conclusion. Questions/Comments.

Why need security at the OS level? No more standalone computer system environments. Any system can be globally accessible through a set of vast inter and intra-network connections. Transition motivated by the need to work remotely, convenience in accessing personal records, online shopping etc.

Why need security at the OS level? (contd.) Convenience and efficiency with increased security risks. Trust computers more than our life partners. A single security loophole in the OS design known to a malicious attacker could do serious damage.

Security Model of Microsoft Windows NT Access Tokens: Evidence that the a user successfully logged-in. Security Descriptors: Represent access rights of a logged-in user. Object Manager: Reads the security descriptors and passes on the information to the Security Reference Monitor (SRM). SRM determines whether a user’s action is legal or illegal.

Security features of Microsoft Windows NT NTFS - Allows system administrators to set global or very specific file access permissions. - Sets up a virtual root directory to prevent network users from accessing higher nodes in the system.

Security features of Microsoft Windows NT (contd.) Minimum password length and frequent password change requirements. Multiple levels of privilege, unlike UNIX. Challenge-response scheme for authentication purposes during user log-on attempt. Auditing.

Loopholes in Microsoft Windows NT Security Model Assumes a logged-in user is a legal user. Networking environment uses some old out- of-date protocols (such as NetBEUI, DLC). Use of non-standard implementations of security protocols. For example, Microsoft's implementation of PPTP. Obvious relationships between clear text passwords and hash values. Tools like l0phtcrack can exploit this vulnerability.

Security features of Microsoft Windows 2000 Technology based on Windows NT. Designed to address the security loopholes of Windows NT. New Security features included with Windows 2000: Active Directory, ACLs for both the users and resources, Encrypting File System, Kerberos, Internet Protocol Security (IPSec), PKI.

Kerberos Windows 2000 replaces the NT LAN Manager with Kerberos version 5. Network authentication protocol. Involves the participation of two principals and a trusted third party called Key Distribution Center (KDC). Uses symmetric key encryption. KDC provides the shared key for each session.

Kerberos (contd.) Scenario 1: A principle is trying to log-on to his/her workstation. Scenario 2: A principle wants to communicate with another principle.

Kerberos (contd.) Scenario 1 The following sequence of events occur: Alice  W : P, U W  KDC : U KDC  W : { S A, { S A, U, T S } K KDC } K A W computes K A = hash (P) and decrypts {S A, {S A, U, T S } K KDC } K A Session key for communication between Alice’s workstation and KDC Ticket-Granting Ticket (TGT)

Kerberos (contd.) Scenario 2 The following sequence of events occur: Alice  KDC : {TGT}K KDC, Bob, {T S } S A KDC decrypts TGT and obtains S A KDC decrypts T S using S A KDC  Alice : {Alice, Bob, T S1, K AB, {Alice, Bob, T C, T E, K AB } K B } S A Alice  Bob : {Alice, Bob, T C, T E, K AB } K B, {T S2 } K AB Bob decrypts his ticket using K B to obtain K AB Bob decrypts the authenticator using K AB

Encrypting File System (EFS) EFS is integrated with NTFS version 5. Allows Windows 2000 users to encrypt their files and folders. Encrypting a folder encrypts all the subfolders and files in that folder. Cannot be used to encrypt system files. A user needs to know the key to decrypt a file, log-in password not enough.

EFS (contd.) Uses Public Key Encryption. Initial version uses DES as the encryption algorithm. Randomly generated File Encryption Key (FEK) used for encryption. Users/Recovery Agents encrypt the FEK using their public key and decrypt using their private key.

EFS (contd.) File Encryption Process The following diagram illustrates the file encryption process: Plain text User’s Public Key File Encryption (DES) Data Decryption Field generation (DDF) Encrypted Text DDF DRF Randomly generated FEK Recovery Agent’s Public Key Data Recovery Field generation (DRF)

EFS (contd.) File Decryption Process The following diagram illustrates the decryption process: Encrypted TextFile Decryption (DES)Plain Text FEK User’s Private Key DDF Data Decryption Field Extraction

EFS (contd.) File Recovery Process The following diagram illustrates the file recovery process: Encrypted TextFile Decryption (DES) Plain Text Recovery Agent’s private key FEK Data Recovery Field Extraction DRF

Public Key Infrastructure (PKI) Primary components of Windows 2000 PKI are: Certificate Services: Businesses act as their own Certificate Authorities (CAs). Active Directory directory service: Store information about the network and used to publish keys. PKI enabled applications. Exchange Key Management Service (KMS): Used to manage encryption keys.

PKI (contd.) Includes typical components of a PKI: CA, and Sub-CA. Certificates are compliant with ITU-TX.508 standard. Supports standard security protocols like IPSec, PKINIT, PC/SC etc. Enhances interoperability. Users now have the capability of mixing public and private CAs in their environment.

“Next Generation Secure Computing Base for Windows” New set of features for a future operating system – previously codenamed “Palladium” Promises to provide greater security, enhanced personal privacy, and system integrity. Applications that would make use of “Palladium’s” security features are codenamed “Trusted Agents.”

“Next Generation Secure Computing Base for Windows” (contd.) “Palladium” enabled systems would offer the following security features: Protected Memory: Hide and protect the pages of main memory being used by a “Trusted Agent.” Attestation: Data signed by a “Trusted Agent” to prove its authenticity. Sealed Storage: The ability of a “Trusted Agent” to store data securely. Secure input and output: Guarantee a trusted path from the input devices to a “Trusted Agent” and from a “Trusted Agent” to the output devices.

“Next Generation Secure Computing Base for Windows” (contd.) “Palladium” requires both hardware and software support to implement the security features. Hardware Support To provide trusted space in memory. To implement the sealed storage security feature. Intel has already scheduled the release of its Prescott processor enabled with Le-Grande technology to provide hardware support.

“Next Generation Secure Computing Base for Windows” (contd.) Software Support Nexus (formerly codenamed “Trusted Operating Root”) Technology to be used by the OS to provide trust functionality. Executes in Kernel mode alongside “Trusted Agents” that execute in user mode. Provides the APIs that the “Trusted Agents” can use to communicate with Nexus.

“Next Generation Secure Computing Base for Windows” (contd.) Software Support (contd.) “Trusted Agents” User applications that can make use of “Palladium’s” security features. Execute in the user mode in trusted space. Call Nexus when need to make use of some security feature. Able to store secrets using sealed storage and authenticate themselves using attestation.

“Next Generation Secure Computing Base for Windows” (contd.) Examples Protection against virus attacks Still need anti-virus software to catch a virus If the anti-virus software is a “Trusted Agent,” then “Palladium” makes sure it executes in secure environment and infected code doesn’t affect it. File encryption Files encrypted using system specific secrets cryptographically locked into hardware. Files useless if maliciously copied or tampered with.

Conclusion High security promises prompt consumers to store important and private data carelessly. No matter how high OS security promises are, someone’s always out there to break them. An example is the Code-Red worm that hammered the Windows 2000 users by manipulating a loophole in IIS 4.0 and 5.0.

Questions/Comments