Download presentation
Presentation is loading. Please wait.
1
Midterm Exam Sung Hee Park Computer Science
January 25, 2010 Midterm Exam Sung Hee Park Computer Science Dept. of Math & Computer Science Virginia State University Petersburg, VA 23806
2
Midterm Exam Review guide to be released in Blackboard on Tuesday.
January 25, 2010 Midterm Exam When: 10:00 – 10:50AM, Friday, October 5, 2012 Where: Hunter-McDaniel Building 201s Format Close book One letter-size double-sided cheat sheet Question types Multiple choices Fill in blanks True or false Short answer Review guide to be released in Blackboard on Tuesday.
3
Security Requirements Triad
January 25, 2010 Security Requirements Triad Integrity Confidentiality Availability Authenticity Accountability CSCI 451 Computer Security – Fall 2012
4
CSCI 451 Computer Security – Fall 2012
January 25, 2010 Security Terminology Adversary (threat agent) Attack Countermeasure Risk Security Policy System Resource (Asset) Threat Vulnerability Integrity Confidentiality Availability Adversary (threat agent) - An entity that attacks, or is a threat to, a system. Attack -An assault on system security that derives from an intelligent threat; a deliberate attempt to evade security services and violate security policy of a system. Countermeasure - An action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. Risk - An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. Security Policy - A set of rules and practices that specify how a system or org provides security services to protect sensitive and critical system resources. System Resource (Asset) - Data; a service provided by a system; a system capability; an item of system equipment; a facility that houses system operations and equipment. Threat - A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. Vulnerability - Flaw or weakness in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. Authenticity Accountability CSCI 451 Computer Security – Fall 2012
5
CSCI 451 Computer Security – Fall 2012
January 25, 2010 Security Terminology Figure 1.2 [CCPS04a] shows the relationship among some terminology that will be useful throughout the book, drawn from RFC 2828, Internet Security Glossary CSCI 451 Computer Security – Fall 2012
6
Vulnerabilities and Attacks
System resource vulnerabilities may be corrupted (loss of integrity) become leaky (loss of confidentiality) become unavailable (loss of availability) Attacks are threats carried out and may be passive active insider outsider In the context of security, our concern is with the vulnerabilities of system resources which [NRC02] shows may be: • corrupted, so that it does the wrong thing or gives wrong answers. e.g. data stored may be different from what it should be because it has been improperly modified. • become leaky. e.g. someone who should not have access to some or all of the information available through the network obtains such access. • become unavailable or very slow. e.g. using the system / network impossible. These three general types of vulnerability correspond to the concepts of integrity, confidentiality, and availability, enumerated earlier in this section. Corresponding to the various types of vulnerabilities to a system resource are threats that are capable of exploiting those vulnerabilities, which represent a potential security harm to an asset. An attack is a threat that is carried out. We can distinguish two type of attacks: • Active attack: attempts to alter system resources or affect their operation • Passive attack: attempts to learn or make use of information from the system but does not affect system resources We can also classify attacks based on the origin of the attack: • Inside attack: Initiated by an entity inside the security perimeter (an "insider) • Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider"). 8/24/2011-8/26/2011 CSCI 451 Computer Security – Fall 2012
7
CSCI 451 Computer Security – Fall 2012
Countermeasures Prevent Detect Recover A countermeasure is any means taken to deal with a security attack. Ideally, a countermeasure can be devised to prevent a particular type of attack from succeeding. When prevention is not possible, or fails in some instance, the goal is to detect the attack, and then recover from the effects of the attack. A countermeasure may itself introduce new vulnerabilities. In and case, residual vulnerabilities may remain after the imposition of countermeasures. Such vulnerabilities may be exploited by threat agents representing a residual level of risk to the assets. Owners will seek to minimize that risk given other constraints. 8/24/2011-8/26/2011 CSCI 451 Computer Security – Fall 2012
8
CSCI 451 Computer Security – Fall 2012
January 25, 2010 Symmetric Encryption Symmetric Encryption Shift cipher Encrypt Given the alphabet and a key, encrypt “Hello, World” Decrypt Given the alphabet and a key, decrypt “gibbish” Attacking Symmetric Encryption Cryptanalysis Brute-force attack Key size and the number of keys DES AES 11/7/2018 CSCI 451 Computer Security – Fall 2012
9
Example – A classical but trial symmetric encryption algorithm
January 25, 2010 Example – A classical but trial symmetric encryption algorithm Shift Cipher Secret key An integer: k Encryption algorithm c = (m + k) % n Decryption algorithm m = (c – k) % n Example n = 26 for English alphabet k = 3 Encrypt Plaintext input the quick brown fox jumps over the lazy dog Ciphertext output wkh txlfn eurzq …… 8/27/2012-8/31/2012 CSCI 451 Computer Security – Fall 2012
10
In-Class Exercise k = 8 Encrypt
January 25, 2010 In-Class Exercise k = 8 Encrypt Hurricane Irene shut down the university! 8/27/2012-8/31/2012 CSCI 451 Computer Security – Fall 2012
11
CSCI 451 Computer Security – Fall 2011
January 25, 2010 Hurricane Irene shut down the university! P}zzqkivm(Qzmvm({p}|(lwDELv(|pm(}vq~mz{q|start of heading) 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
12
Secure Hash Function and Message Authentication
Requirement of hash functions Applied to any size data H produces a fixed-length output. H(x) is relatively easy to compute for any given x One-way property Weak collision resistance Strong collision resistance Encryption protects against passive attack (eavesdropping). Message authentication protects against active attacks (falsification of data and transactions), by verifying that received messages are authentic, that is that the contents of the message have not been altered and that the source is authentic. We may also wish to verify a message's timeliness and sequence relative to other messages flowing between two parties. It is possible to perform authentication simply by the use of conventional encryption. If we assume that only the sender and receiver share a key (which is as it should be), then only the genuine sender would be able to encrypt a message successfully for the other participant. Furthermore, if the message includes an error-detection code and a sequence number, the receiver is assured that no alterations have been made and that sequencing is proper. If the message also includes a timestamp, the receiver is assured that the message has not been delayed beyond that normally expected for network transit. Alternatively there are several approaches to message authentication that do not rely on encryption. In all of these approaches, an authentication tag is generated and appended to each message for transmission. The message itself is not encrypted and can be read at the destination independent of the authentication function at the destination. 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2012
13
Public Key Cryptography
January 25, 2010 Public Key Cryptography Why is it called public key cryptograph? Requirements Message confidentiality Authentication RSA (Rivest, Shamir, Adleman) Diffie-Hellman key exchange algorithm Digital Signature Standard (DSS) Elliptic curve cryptography (ECC) 11/7/2018 CSCI 451 Computer Security – Fall 2012
14
CSCI 451 Computer Security – Fall 2012
Public Key Algorithms RSA (Rivest, Shamir, Adleman) developed in 1977 only widely accepted public-key encryption alg given tech advances need bit keys Diffie-Hellman key exchange algorithm only allows exchange of a secret key Digital Signature Standard (DSS) provides only a digital signature function with SHA-1 Elliptic curve cryptography (ECC) new, security like RSA, but with much smaller keys Now briefly mention the most widely-used asymmetric encryption algorithms. One of the first public-key schemes was developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT. The RSA scheme has since reigned supreme as the only widely accepted and implemented approach to public-key encryption. RSA is a block cipher in which the plaintext and ciphertext are integers between 0 and n – 1 for some n. The successful solution of the Scientific American RSA challenge, which used a public-key size (length of n) of 129 decimal digit, or around 428 bits, does not invalidate the use of RSA; but means that larger key sizes must be used. Currently, a 1024-bit key size (about 300 decimal digits) is considered strong enough. The the Diffie-Hellman key exchange algorithm appeared in their seminal 1976 paper. A number of commercial products employ it. Its purpose is to enable two users to exchange a secret key securely that can then be used for subsequent encryption of messages. The algorithm itself is limited to the exchange of the keys. NIST published FIPS PUB 186, the Digital Signature Standard (DSS), in 1991, with revisions in 1993 & 96. The DSS makes use of the SHA-1. The DSS uses an algorithm that is designed to provide only the digital signature function. A new alternative to RSA is elliptic curve cryptography (ECC). Its principal attraction compared to RSA is that it offers equal security for a far smaller bit size, thereby reducing processing overhead. Whilst the theory of ECC has been around for some time, only recently have products appeared and that there has been sustained cryptanalytic interest in probing for weaknesses. Thus, the confidence level in ECC is not yet as high as that in RSA. However it is appearing in new standards and products. 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2012
15
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity Example for creating encrypted private key and self-signed certificate for the CA. openssl req -new -x509 -keyout csci451privatekey.pem -out cacert.pem -days 365 -config openssl.cnf Locate openssl.cnf Cp <path> . 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
16
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity to generate the public key from the private key. openssl rsa -in csci451privatekey.pem -passin pass:cs03se -pubout -out csci451publickey.pem 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
17
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity # create, sign, and verify message digest openssl sha1 -out digest.txt plain.txt Given the plain.txt, the above command generates the SHA-1 based message digest in digest.txt file. 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
18
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity openssl sha1 -sign csci451privatekey.pem -out rsasign.bin plain.txt Given the plain.txt, the above command generates the SHA-1 based hash and then sign it with the private key of CS691. The signed hash is save in rsasign.bin (binary data) file. 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
19
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity openssl sha1 -verify csci451publickey.pem -signature rsasign.bin plain.txt Given the plain.txt and the signed hash received, the above command verified if it is indeed signed by CS691 using its public key and indeed the hash is correct. [ex2]$ openssl sha1 -verify csci451publickey.pem -signature rsasign.bin plain.txt Verified OK 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
20
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity to generate the public key from the private key. openssl rsa -in csci451privatekey.pem -passin pass:cs03se -pubout -out csci451publickey.pem 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
21
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity # create, sign, and verify message digest openssl sha1 -out digest.txt plain.txt Given the plain.txt, the above command generates the SHA-1 based message digest in digest.txt file. 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
22
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity openssl sha1 -sign csci451privatekey.pem -out rsasign.bin plain.txt Given the plain.txt, the above command generates the SHA-1 based hash and then sign it with the private key of CSCI451. The signed hash is save in rsasign.bin (binary data) file. 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
23
CSCI 451 Computer Security – Fall 2011
January 25, 2010 In-Class Activity openssl sha1 -verify csci451publickey.pem -signature rsasign.bin plain.txt Given the plain.txt and the signed hash received, the above command verified if it is indeed signed by CSCI451 using its public key and indeed the hash is correct. ex2]$ openssl sha1 -verify cs691publickey.pem -signature rsasign.bin plain.txt Verified OK 9/7/2011-9/9/2011 CSCI 451 Computer Security – Fall 2011
24
CSCI 451 Computer Security – Fall 2012
User Authentication distinct from message authentication four means of authenticating user's identity knows - e.g. password, PIN possesses - e.g. key, token, smartcard is (static biometrics) - e.g. fingerprint, retina does (dynamic biometrics) - e.g. voice, sign In most computer security contexts, user authentication is the fundamental building block and the first line of defense. User authentication is the basis of most types of access control and for user accountability. RFC 2828 defines user authentication as: “The process of verifying an identity claimed by or for a system entity. An authentication process consists of two steps: Identification step: Presenting an identifier to the security system. (Identifiers should be assigned carefully, because authenticated identities are the basis for other security services, such as access control service.) Verification step: Presenting or generating authentication information that corroborates the binding between the entity and the identifier.” In essence, identification is the means by which a user provides a claimed identity to the system; user authentication is the means of establishing the validity of the claim. Note that user authentication is distinct from message authentication. 11/7/2018 CSCI 451 Computer Security – Fall 2012
25
Password Authentication
Common attacks offline dictionary attack specific account attack popular password attack password guessing against single user workstation hijacking exploiting user mistakes exploiting multiple password use electronic monitoring Count measures stop unauthorized access to password file intrusion detection measures account lockout mechanisms policies against using common passwords but rather hard to guess passwords training & enforcement of policies automatic workstation logout encrypted network links The front line of defense against intruders is the password system. Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password. The system compares the password to a previously stored password for that user ID, maintained in a system password file. The password serves to authenticate the ID of the individual logging on to the system. In turn, the ID determines whether the user is authorized to gain access to a system, the privileges accorded to the user, and is used to determine discretionary access controls. 11/7/2018 CSCI 451 Computer Security – Fall 2012
26
CSCI 451 Computer Security – Fall 2012
January 25, 2010 Use of Hashed Password User id Salt Password “Encrypted” password/ 11/7/2018 CSCI 451 Computer Security – Fall 2012
27
CSCI 451 Computer Security – Fall 2011
January 25, 2010 Unix Implementation 11/7/2018 CSCI 451 Computer Security – Fall 2011
28
CSCI 451 Computer Security – Fall 2012
Password Cracking dictionary attacks rainbow table attacks The traditional approach to password guessing, or password cracking as it is called, is to develop a large dictionary of possible passwords and to try each of these against the password file. This means that each password must be hashed using each available salt value and then compared to stored hash values. If no match is found, then the cracking program tries variations on all the words in its dictionary of likely passwords. Such variations include backward spelling of words, additional numbers or special characters, or sequence of characters, An alternative is to trade off space for time by precomputing potential hash values. In this approach the attacker generates a large dictionary of possible passwords. For each password, the attacker generates the hash values associated with each possible salt value. The result is a mammoth table of hash values known as a rainbow table. For example, [OECH03] showed that using 1.4 GB of data, he could crack 99.9% of all alphanumeric Windows password hashes in 13.8 seconds. This approach can be countered by using a sufficiently large salt value and a sufficiently large hash length. Both the FreeBSD and OpenBSD approaches should be secure from this attack for the foreseeable future. 11/7/2018 CSCI 451 Computer Security – Fall 2012
29
Password File Access Control
How password file should be protected (using access control?) One way to thwart a password attack is to deny the opponent access to the password file. If the hashed password portion of the file is accessible only by a privileged user, then the opponent cannot read it without already knowing the password of a privileged user. Often, the hashed passwords are kept in a separate file from the user IDs, referred to as a shadow password file. Special attention is paid to making the shadow password file protected from unauthorized access. Although password file protection is certainly worthwhile, there remain vulnerabilities: a hacker may be able to exploit a software vulnerability in the operating system to bypass the access control system long enough to extract the password file; an accident of protection might render the password file readable; some users may use the same password on other less protected or compromised machines; a lack of or weakness in physical security (e.g. of backups) may provide opportunities for a hacker to access a copy of the file; passwords may be captured by sniffing network traffic. 11/7/2018 CSCI 451 Computer Security – Fall 2012
30
CSCI 451 Computer Security – Fall 2012
Token Authentication object user possesses to authenticate, e.g. embossed card magnetic stripe card memory card smartcard Objects that a user possesses for the purpose of user authentication are called tokens. Now examine two types of tokens that are widely used, which are cards that have the appearance and size of bank cards, as detailed in Table 3.3 in the text. These include: Embossed - Raised characters only, on front, e.g. Old credit card Magnetic stripe - Magnetic bar on back, characters on front, e.g. Bank card Memory - has Electronic memory inside, e.g. Prepaid phone card Smartcard - has Electronic memory and processor inside, e.g. Biometric ID card 11/7/2018 CSCI 451 Computer Security – Fall 2012
31
Case Study: Unix File Access Control
January 25, 2010 Case Study: Unix File Access Control Unix file concepts Unix file control 11/7/2018 CSCI 451 Computer Security – Fall 2012
32
CSCI 451 Computer Security – Fall 2011
UNIX File Concepts UNIX files administered using inodes Directories form a hierarchical tree passwd]$ ls -ltr total 28 -rw-r--r-- 1 hchen faculty 273 Sep 26 10:26 passwd.cc -rwxr-xr-x 1 hchen faculty 6749 Sep 26 10:27 passwd drwxr-xr-x 2 hchen faculty 4096 Oct 10 09:44 tmp Now define some basic concepts concerning UNIX files and directories. All types of UNIX files are administered by the operating system by means of inodes. An inode (index node) is a control structure that contains the key information needed by the operating system for a particular file. Several file names may be associated with a single inode, but an active inode is associated with exactly one file, and each file is controlled by exactly one inode. The attributes of the file as well as its permissions and other control information are stored in the inode. On the disk, there is an inode table, or inode list, that contains the inodes of all the files in the file system. When a file is opened, its inode is brought into main memory and stored in a memory-resident inode table. Directories are structured in a hierarchical tree. Each directory can contain files and/or other directories. A directory that is inside another directory is referred to as a subdirectory. A directory is simply a file that contains a list of file names plus pointers to associated inodes. Thus, associated with each directory is its own inode. 11/7/2018 CSCI 451 Computer Security – Fall 2011
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.