Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004

Computer Science and Engineering Contents  A3  in  Electronic Signatures (Cont.)  Operating Systems Security  Protection  Authentication  Access Control  Padmaraj’s presentation

Computer Science and Engineering Digital Signature Using RSA  The RSA public-key cryptosystem can be used to create a digital signature for a message m.  The signer must have an RSA public/private key pair.

Computer Science and Engineering RSA Review -C = P e mod n -P = C d mod n -P = C d mod n = (P e ) d mod n = (P d ) e mod n

Computer Science and Engineering Key Choice (RSA Review) -We start by selecting n to be a very large integer (product of two large primes p and q) -Next a large integer e is chosen so that e is relatively prime to (p-1) * (q-1). -Finally, select d such that e * d = 1 mod (p-1) * (q-1)

Computer Science and Engineering Example (RSA Review) 1.Select primes p=11, q=3. 2.n = p* q = 11*3 = 33 3.Choose e = 3 Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 have no common factors except 1), and check gcd(e, q-1) = gcd(3, 2) = 1 therefore gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1 4.Compute d such that e* d = 1 (mod (p-1)*(q-1)) d = 7 5.Public key = (n, e) = (33, 3) Private key = (n, d) = (33, 7).

Computer Science and Engineering Signature Generation (Signer) Message SignaturePrivate Key Redundancy Function Formatted Message Encrypt

Computer Science and Engineering Signature Verification Message Signature Public Key Verify Formatted Message Decrypt

Computer Science and Engineering Example (generate signature S) -- Signer end d = 53 e = 413 n = 629 m = 250 Assume that R(X) = X S = R(m) e mod n S = mod 629 = 411

Computer Science and Engineering Example (verify signature with message recovery) Public key (e) = 413 n = 629 S = 411 R(m) = S e mod n R(m) = mod 629 = 250 The verifier then checks that R(m) has the proper redundancy created by R (none in this case) and recover the message: m = R -1 (m) = 250

Computer Science and Engineering Creating a forged signature Choose a random number between 0 and n-1 for S S = 323 Use the signer’s public key to decrypt S R(m) = mod 629 = 85 Invert R(m) to m: m = 85 Note that a valid signature (323) has been created for a random message (85) without the knowledge of the signer’s private key. The choice of a poor redundancy function can make RSA vulnerable to forgery.

Computer Science and Engineering Selecting a Good Redundancy Function  A good redundancy function should make forging signatures much harder.

Computer Science and Engineering Example (generate signature S) -- Signer end d = 53 e = 413 n = 629 m = 7 Assume that R(X) = XX S = R(m) e mod n S = mod 629 = 25

Computer Science and Engineering Example (verify signature with message recovery) Public key (e) = 413 n = 629 S = 25 R(m) = S e mod n R(m) = mod 629 = 77 The verifier then checks that R(m) is of the form XX for some message X. It is, and we recover the message: m = R -1 (m) = 7

Computer Science and Engineering Forging signature (revisited) Choose a random number between 0 and n-1 for S S = 323 Use the signer’s public key to decrypt S R(m) = mod 629 = 85 However, 85 is not a legal value for R(m), so S = 323 is not a valid signature

Computer Science and Engineering Simple Scenario of Digital Signature

Computer Science and Engineering Getting a Message Digest from a document Hash Message Digest

Computer Science and Engineering Generating Signature Message Digest Signature Encrypt using private key

Computer Science and Engineering Appending Signature to document Append Signature

Computer Science and Engineering Verifying Signature Hash Decrypt using public key Message Digest Message Digest

Computer Science and Engineering Operating System Security (Chapter 4)  Protection in General Purpose OS  Authorization/Authentication  Access Control

Computer Science and Engineering Memory and Address Protection Bare Machine user 0 n memory

Computer Science and Engineering Memory and Address Protection (cont.) Resident Monitor user 0 n memory Monitor Fence register

Computer Science and Engineering Address Protection for a resident monitor memory 0 n Fence register CPU address true false error Address >= fence

Computer Science and Engineering Other Issues  Multiprogramming  Multiple users  Relocation  Segmentation, paging, combined

Computer Science and Engineering Segmentation memory 0 n CPU (s,d) < true false error limitbase + Segment Table

Computer Science and Engineering paging memory 0 n CPU pd Page Table f fd Logical addressPhysical address

Computer Science and Engineering User Authentication  Knowledge-based techniques (passwords)  Token-based techniques (smart cards)  Biometric techniques (fingerprint)  Two-factor (Card + PIN)

Computer Science and Engineering Passwords  Protected Password table  Unprotected Password table with one way hash functions  Attacks

Computer Science and Engineering Access Control Policies  Specification of how each user is authorized to use each resource.  In practice, no computer applies a single policy to manage all of its resources.  Scheduling algorithms for CPU  SJF, RR  Storage  paging, segmentation

Computer Science and Engineering ACCESS Control Matrix O1O1 O2O2 O2O2 O4O4 O1O1 O3O3 Domain 1 Domain 3 Domain 2 objectdomains Every object to be protected is within one or more protection domains

Computer Science and Engineering ACCESS Rights Domain 1 Domain 3 Domain 2

Computer Science and Engineering What does that mean?  O 1 can be read and written in domain 1 and executed in domain 3, O2 can be executed in domain 1 and written in domain 2, O3 can be read in domain 3, and O 4 can be printed in domains 2 and 3.  At any given time, the domain is which a user is operating determines what actions are and are not permitted.  If Matthew is in domain 1, he is permitted to:  Read or write object 1  Execute object 2

Computer Science and Engineering Accesses Control Matrix Object 1Object 2Object 3Object 4 Domain 1 {read,write}{execute} Domain 2 {write}{print} Domain 3 {execute}{read}{print}

Computer Science and Engineering Access Control Matrix (cont.)  The matrix designates the protection policy. A mechanism is required to enforce the policy.  The OS stores the matrix in memory  Large and sparse matrix  Ordered triples instead

Computer Science and Engineering List of Ordered Triples (Domain 1, Object 1, {read,write}) (Domain 1, Object 2, {execute}) (Domain 2, Object 2, {write}) (Domain 2, Object 4, {print}) (Domain 3, Object 1, {execute}) (Domain 3, Object 3, {read}) (Domain 3, Object 4, {print})

Computer Science and Engineering List of Ordered Triples (Cont.) For each attempt by a user in Domain i to perform operation O on object j, the OS consults the list of triples. If it finds a triple (i,j,R) where O is a member of the access rights, R, the operation is allowed to proceed; otherwise it is not. The list must be protected from tampering by users Could be very large Search may become a problem Does not take advantage of special grouping of objects

Computer Science and Engineering Access lists Object 1: (, ) Object 2: (, ) Object 3: ( ) Object 4: (, ) An attempt by a user in Domain i to perform operation O on object j causes the OS to consult the entry of the access list for object j. Object j’s list is searched for Domain i’s entry, and the operation is permitted if there is an access right for O.

Computer Science and Engineering Default Object 2: (,, )

Computer Science and Engineering Capability List (Object, rights)  capability Domain 1: (, ) Domain 2: (, ) Domain 3: (, ) Users are given a copy of the capability list for the domain in which they are operating.

Computer Science and Engineering How does it work? Domain 1: (, ) Domain 2: (, ) Domain 3: (, ) When a user wants to perform some operation O, on object j, it passes its capability for j as one of the parameters of O. For example, a user might request to write to Object 2 and passes its copy of. The OS verifies.

Computer Science and Engineering Encrypting Capabilities  OS must ensure that users cannot create their own capabilities or alter capabilities they are given.  OS may encrypt capabilities using a secret key before giving them to users.  The OS decrypts and checks the capability each time it is used.

Computer Science and Engineering Harrison, Ruzzo, and Ullman (HRU) Model S1S2S3O1O2O3 S1controlOwner read S2controlOwner Read write readOwner execute S3controlread execute

Computer Science and Engineering HRU Model (cont.)  HRU allows the state of the protraction system to be changed by a well defined set of commands:  Add subject s to M  Add object o to M  Delete subject s from M  Delete object o from M  Add right r to M[s,o]  Delete right r from M[s,o] Owner can change rights of an object

Computer Science and Engineering Take Grant Model  Unlimited number of subjects and objects  States and state transitions  Directed graph  Four primitive operations:  take  create  grant  revoke

Computer Science and Engineering Take Grant Model (Cont.) O2 O1 O3 S1 S2 S3 read execute Read, write

Computer Science and Engineering Create OS S rights becomes

Computer Science and Engineering Revoke OS r1, r2 becomes OS r1, r2, r3

Computer Science and Engineering Take OS2 take becomes S1read OS2 take S1read

Computer Science and Engineering Grant becomes OS2 grant S1read OS2 grant S1 read