Avishai Wool lecture Introduction to Systems Programming Lecture 13 Security
Avishai Wool lecture Security goals and threats GOAL Data confidentiality Data integrity User authentication Privilege separation System availability THREAT Data exposure Data modification Masquerading Privilege elevation Denial of service
Avishai Wool lecture Introduction to Cryptography
Avishai Wool lecture Basics of Cryptography Relationship between the plaintext and the ciphertext
Avishai Wool lecture Encryption key == decryption key Monoalphabetic substitution –each letter replaced by different letter: a->x, b->t, … –very easy to break Modern computer ciphers: –DES (Data Encryption Standard, 1977) – 56bit keys –3-DES / triple DES: use DES 3 times - 112/168bit keys –AES (Advanced Encryption Standard, 2001) – bit Symmetric-Key Cryptography
Avishai Wool lecture Brute force attack Attacker knows –Algorithm –a pair of matching plaintext/ciphertext pair C=E k (P) Try all possible keys k to find the right key. Defense: have many possible keys. If key is n-bits then attacker needs to try 2 n keys How big should n be? –40 bits not enough –56 bits (DES) borderline –128 bits (AES) is good
Avishai Wool lecture Key distribution problem Both sides need the secret key before communication can start. For n parties, n 2 secret keys. Does not scale! OK for small or centralized systems (military). How to communicate securely with someone you have never met? Large-scale e-commerce?
Avishai Wool lecture Public-Key Cryptography All users pick a public key/private key pair –publish the public key in a directory –private key not published Public key is the encryption key –private key is the decryption key Idea invented by Diffie/Hellman
Avishai Wool lecture Public key systems First working public-key crypto-system: Rivest- Shamir-Adelman (RSA). Based on difficulty of factoring large numbers Typical size of numbers: 1024 bits! Free, good public-key crypto software: PGP (pretty-good-privacy) (commercial) (international, free)
Avishai Wool lecture RSA Setup –Pick 2 secret large prime numbers p,q ( bits) –Compute n=p*q (n is the public modulus) –Let = (p-1)*(q-1) (Euler’s phi) –Pick e such that gcd(e, ) = 1 (e is public exponent) Usually e=3 or e=5 or e=65537 work OK –Calculate d such that e*d = 1 (modulo ) (secret exponent)
Avishai Wool lecture RSA Usage Public key: n, e Secret key: d (also p,q, and remain secret) Encryption: –Message: a number M < n (e.g bits) –Ciphertext: C = M e (mod n) –Anyone can encrypt, both n & e public Decryption: – M’ = C d (mod n) –By number theory magic, M’ == M (always) –Only receiver can decrypt because d is secret
Avishai Wool lecture RSA example p=3, q=11 n=3*11 = 33 = 2*10 = 20 e = 7 d = 3 [verify: 7*3 = 21 = 1 (mod 20)] Assume the message is M = 2 Encrypt: C = 2 7 (mod 33) = 128 (mod 33) = 29 Decrypt: M’ = 29 3 (mod 33) = (mod 33) = 2
Avishai Wool lecture How to send secure Get PGP-compliant software –has plugins for Thunderbird and Outlook Get recipient’s public key – – Encrypt your message with recipient’s key & send Sender cannot decrypt message w/o saving a plaintext copy!
Avishai Wool lecture One-Way Functions Function such that given x –easy to evaluate y = h(x) But given y and the (source code for) h() –computationally infeasible to find x Also known as cryptographic hash functions Popular examples: –MD5 –SHA-1, SHA-256
Avishai Wool lecture Properties of hash functions Not secret: no key involved. Anyone can compute h(x) Given x, very hard to find y != x with h(y) = h(x) Like a CRC (error correction code) To distribute file F securely: –Compute h 1 =h(F), publish h 1 on website –Receiver downloads F, verifies that h(F) == h 1 –If attacker modifies F to F’, the hash will not match
Avishai Wool lecture User Authentication
Avishai Wool lecture Basic Principles Authentication must identify: 1.Something the user knows 2.Something the user has 3.Something the user is This is done before user can use the system
Avishai Wool lecture Authentication Using Passwords A successful login Login rejected after name entered Login rejected after name and password typed Not good! better
Avishai Wool lecture How are passwords stored on server? Pairs of (username, password) –very bad: –Steal the password file know all passwords Hashed passwords: pairs of (username, h(pwd)) –much better –but: users choose bad passwords
Avishai Wool lecture Dictionary attack Attacker knows h() Offline: compute h(apple), …, h(zebra) –Maybe with variants (apple/Apple/4pple) Store in database (a few million entries) Steal password file Check if one of the hash values is in database –Reported 25% success rate
Avishai Wool lecture Improvements Make password file harder to steal –Old Unix let all users read /etc/passwd –New Unixes store passwords in /etc/shadow which only root can access Force users to pick better passwords –Annoying, hard to remember passwords
Avishai Wool lecture Selecting good passwords Idea: pronounceable random passwords –Program suggests things like “ArTiZu” “ricOpam” –Google for “apg” (automatic password generator) Idea: use an acronym –Pick a sentence: David Melech Israel Hay Hay VeKayam –Password: dmihhvk / dm1hhvk
Avishai Wool lecture Using “salt” Makes dictionary attack harder: attacker needs separate dictionary for each salt value. Salt Password,,,,
Avishai Wool lecture Challenge-response system Instead of fixed password: Server sends a “challenge” (a number or string) User types challenge into small “calculator”, gets “response” User sends response back to server To activate “calculator”, user needs a “PIN”.
Avishai Wool lecture Authentication using a smartcard Magnetic cards –magnetic stripe cards –chip cards: stored value cards, smart cards
Avishai Wool lecture Authentication Using Biometrics A device for measuring finger length.
Avishai Wool lecture Problems with biometrics What if attacker can fake the protocol between the measuring device and server? Fake (plastic) fingerprints? Impossible to generate a “new password”… False positives and negatives –injury, illness, weather, moisture,...
Avishai Wool lecture Countermeasures Limiting times when someone can log in Automatic callback at number prespecified Limited number of login tries A database of all logins
Avishai Wool lecture Operating System Security
Avishai Wool lecture Trojan Horses Free program made available to unsuspecting user –Actually contains code to do harm Place altered version of utility program on victim's computer –trick user into running that program
Avishai Wool lecture Example: Login Spoofing (a) Correct login screen (b) Phony login screen
Avishai Wool lecture Trap Doors (a) Normal code. (b) Code with a trapdoor inserted
Avishai Wool lecture Buffer Overflows Example: web server, accepts a url program copies what’s after ‘req=’ into buffer (a character array) without checking the input length! Attacker uses url zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz-many-hex-values-here Example: code-red, nimda, …
Avishai Wool lecture How Buffer Overflow Works (a) Situation when main program is running (b) After procedure A called (c) Buffer overflow shown in gray
Avishai Wool lecture Viruses
Avishai Wool lecture Viruses Virus = program can reproduce itself –attach its code to another program –additionally, do harm Goals of virus writer –quickly spreading virus –difficult to detect –hard to get rid of
Avishai Wool lecture Infected program structure An executable program With a virus at the front With the virus at the end With a virus spread over free space within program
Avishai Wool lecture How Viruses Spread Virus placed where likely to be copied When copied –infects programs on hard drive, floppy –may try to spread over LAN Attach to innocent looking –when it runs, use mailing list to replicate
Avishai Wool lecture Antivirus techniques Keep database of pieces of virus code (signatures) look at files and search for all virus signatures.
Avishai Wool lecture Anti-Antivirus Techniques: compress & encrypt (a) A program (b) Infected program (c) Compressed infected program (d) Encrypted virus (e) Compressed virus with encrypted compression code
Avishai Wool lecture Anti-Antivirus Techniques: polymorphism Examples of a polymorphic virus All of these examples do the same thing
Avishai Wool lecture Recent viruses Mellisa, 1999: Microsoft Word document with malicious macro sent itself to 1st 50 addresses in infected user’s Outlook address book People open attachments from people they know.
Avishai Wool lecture General Lessons Mono-culture is risky: –if everyone uses Outlook, and there is a bug in Outlook, everyone will be in trouble. Diversify! No separation: why does a word macro have the ability & permissions to send ? Social engineering is very powerful.