Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science 1 CSC 405 Introduction to Computer Security Topic 4. Security in Conventional Operating Systems -- Part II.

Published byDorcas Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science 1 CSC 405 Introduction to Computer Security Topic 4. Security in Conventional Operating Systems -- Part II."— Presentation transcript:

1 Computer Science 1 CSC 405 Introduction to Computer Security Topic 4. Security in Conventional Operating Systems -- Part II

2 Computer Science 2 Basic Concepts of UNIX Access Control: Users, Groups, Files, Processes Each user has a unique UID Users belong to multiple groups Each file has 12 permission bits –read/write/execute for user, group, and others, –suid, sgid, sticky Directories are one kind of files Files/directories form a hierarchy Processes are associated with uid/gid pairs, which are used to determine access

3 Computer Science 3 Permissions Bits on Files (Non-directories) Having execute but not read, can one run a file? Having execute but not read, can one run a script file? Having read but not execute, can one run a script file? Suid & sgid for executable files (very important) Suid & sgid for non-executable files (mostly no effect) Sticky bit (no effect now)

4 Computer Science 4 Permission Bits on Directories The execution bit controls traversing a directory –chdir to a directory requires execution The read bit allows one to show file names in a directory Accessing a file needs execution to all directories along the path Deleting/creating a file under a directory requires write & execute for the directory suid has no effect; sgid makes new files/directories inherit the same group id Sticky bit for directories: when set, only owner of a file (and super user) can delete

5 Computer Science 5 Some Examples What permissions are needed to access a file/directory? –read a file: /dir1/dir2/file3 –write a file:/dir1/dir2/file3 –delete a file:/dir1/dir2/file3 –rename a file:from /dir1/dir2/file3 to /dir1/dir2/file4 –… File/Directory Access Control is by System Calls –e.g., open(2), stat(2), read(2), write(2), chmod(2), opendir(2), readdir(2), readlink(2), chdir(2), …

6 Computer Science 6 How to Cooperate/Share files under UNIX? Goal: I want students in my group to be able to read/write/create files under a certain directory, how to do it?

7 Computer Science 7 Process User ID Model in Modern UNIX Systems Each process has three user IDs –real user ID (ruid)owner of the process –effective user ID (euid)used in most access control decisions –saved user ID (suid)the euid that the process used to have and three group IDs –real group ID –effective group ID –saved group ID

8 Computer Science 8 Process User ID Model in Modern UNIX Systems When a process is created by fork –it inherits all three users IDs from its parent process When a process executes a file by exec –it keeps its three user IDs unless the set-user-ID bit of the file is set, in which case the effective uid and saved uid are assigned the user ID of the owner of the file

9 Computer Science 9 The Need for suid/sgid Bits Some operations are not modeled as files and require user id = 0 –halting the system –bind/listen on “privileged ports” (TCP/UDP ports below 1024) File level access control is not fine-grained enough System integrity requires more than controlling who can write, but also how it is written

10 Computer Science 10 Security Problems of Programs with suid/sgid These programs are typically setuid root Violates the least privilege principle –every program and every user should operate using the least privilege necessary to complete the job Why is this bad? How to solve this problem? How would an attacker exploit this problem?

11 Computer Science 11 Changing Effective User IDs A process that executes a set-uid program can drop its privilege; it can –drop privilege permanently removes the privileged user id from all three user IDs –drop privilege temporarily removes the privileged user ID from its effective uid but stores it in its saved uid, later the process may restore privilege by restoring privileged user ID in its effective uid

12 Computer Science 12 Access Control in Early UNIX A process has two user IDs: real uid and effective uid and one system call setuid The system call setuid(id) –when euid is 0, setuid set both the ruid and the euid to the parameter –otherwise, the setuid could only set effective uid to real uid Permanently drops privileges A process cannot temporarily drop privilege

13 Computer Science 13 System V Added saved uid & a new system call The system call seteuid –if euid is 0, seteuid could set euid to any user ID –otherwise, could set euid to ruid or suid Setting to ruid temp. drops privilege The system call setuid is also changed –if euid is 0, setuid functions as seteuid –otherwise, setuid sets all three user IDs to real uid

14 Computer Science 14 BSD Uses ruid & euid, change the system call from setuid to setreuid –if euid is 0, then the ruid and euid could be set to any user ID –otherwise, either the ruid or the euid could be set to value of the other one enables a process to swap ruid & euid

15 Computer Science 15 Modern UNIX System V & BSD affect each other, both implemented setuid, seteuid, setreuid, with different semantics –some modern UNIX introduced setresuid Things get messy, complicated, and inconsistent, and buggy –POSIX standard, Solaris, FreeBSD, Linux

16 Computer Science 16 Suggested Improved API Three method calls –drop_priv_temp –drop_priv_perm –restore_priv Lessons from this? Psychological acceptability principle –“human interface should be designed for ease of use” –the user’s mental image of his protection goals should match the mechanism

17 Computer Science 17 Big Picture of UNIX Access Control Only by users are not enough Using the suid/sgid bits relies on the trustworthiness of programs Programs may have bugs One attempt to fix it is by temporarily dropping privileges –Does this work?

18 Computer Science 18 User Authentication What the user knows –passwords, personal information What the user possesses –a physical key, a ticket, a passport, a token, a smart card What the user is (biometrics) –fingerprints, voiceprint, signature dynamics

19 Computer Science 19 Passwords Most commonly used method. Alice Computer System I’m Alice, the password is fiddlesticks

20 Computer Science 20 Storing User Passwords Directly Store the Passwords? –Not a good idea! –High risk Anyone who captures the password database could impersonate all the users. The password database would be very attractive to hackers.

21 Computer Science 21 One-Way Hash Function One-way hash function F –F(x) is easy to compute –From F(x), x is difficult to compute –Example: F(x) = g x mod p, where p is a large prime number and g is a primitive root of p. F xF(x)F(x) easy difficult

22 Computer Science 22 Storing Passwords For each user, system stores (user name, F(password)) in a password file, where F is a one-way hash function When a user enters the password, system computes F(password); a match provides proof of identity

23 Computer Science 23 What is F? crypt Algorithm (Unix) –Designed by Bob Morris and Ken Thompson –Use Data Encryption Standard (DES) encryption algorithm –User password and salt is used as the encryption key to encrypt a 64-bit block of zeros –This process is repeated 25 times DES 00…0 x = Password+Salt 25 times F(x) 64 bits

24 Computer Science 24 Choice of Passwords Suppose passwords can be from 1 to 9 characters in length Possible choices for passwords = 26 1 + 26 2 +... + 26 9 = 5 *10 12 At the rate of 1 password per millisecond, it will take on the order of 150 years to test all passwords

25 Computer Science 25 Choice of Passwords (Cont’d) However, we don’t need to try all possible passwords, only the probable passwords In a Bell Labs study (Morris & Thompson 1979), 3,289 passwords were examined –15 single ASCII characters, 72 two ASCII characters, 464 three ASCII characters, 477 four alphanumeric character, 706 five letters(all lower or all upper case), 605 six letters all lower case, 492 weak passwords (dictionary words spelled backwards, first names, surnames, etc.) –Summary: 2,831 passwords (86% of the sample) were weak, i.e., they were either too easily predictable or too short

26 Computer Science 26 Dictionary Attacks Attack 1: –Create a dictionary of common words and names and their simple transformations –Use these to guess the password Eagle Wine Rose … Dictionary Eagle Yes!

27 Computer Science 27 Dictionary Attacks (Cont’d) Attack 2: –Usually F is public and so is the password file In Unix, F is crypt, and the password file is /etc/passwd. –Compute F(word) for each word in the dictionary –A match gives the password Eagle Wine Rose … Dictionary TdWx% XkPT KYEN … Password file F(Eagle)=XkPT

28 Computer Science 28 Dictionary Attacks (Cont’d) Attack 3: –To speed up search, pre-compute F(dictionary) –A simple look up gives the password Eagle Wine Rose … Dictionary TdWx% XkPT KYEN … Password file XkPT %$DVC #AED! … Pre-computed Dictionary FLook up

29 Computer Science 29 Password Salt To make the dictionary attack a bit more difficult Salt is a 12-bit number between 0 and 4095 Derived from the system clock and the process identifier

30 Computer Science 30 Password Salt (Cont’d) Storing the passwords F Password + Salt F(Password + Salt) Username, Salt, F(Password + Salt) Password file

31 Computer Science 31 Password Salt (Cont’d) Verifying the passwords F Password + Salt F(Password + Salt) Username, Salt, F(Password + Salt) Password file Fetch Salt according to username Compare

32 Computer Science 32 Does Password Salt Help? Attack 1? –Without Salt –With Salt Eagle Wine Rose … Dictionary A word Yes/No

33 Computer Science 33 Does Password Salt Help? Attack 2? –Without Salt –With Salt Eagle Wine Rose … Dictionary TdWx% XkPT KYEN … Password file F

34 Computer Science 34 Does Password Salt Help? Attack 3? –Without Salt –With Salt Eagle Wine Rose … Dictionary TdWx% XkPT KYEN … Password file %$DVC XkPT #AED! … Pre-computed Dictionary FLook up Y

35 Computer Science 35 Password Management Policy and Procedure Educate users to make better choices –Does not work if the user population is large or novice Define rules for good password selection and ask users to follow them –Rules serve as guideline for attackers Ask or force users to change their passwords periodically Force users to use machine generated passwords –Random passwords are difficult to memorize; also password generator may become known to the attacker through analysis Actively attempt to break users’ passwords; force users to change those that are broken –Attacker may have better dictionary Screen password choices; if a choice is weak, force users to make a different choice

36 Computer Science 36 One-time Passwords Use the password exactly once!

37 Computer Science 37 Lamport’s Scheme (S/Key) Take advantage of One-Way function One-way hash function F –F(x) is easy to compute –From F(x), x is difficult to compute F xF(x)F(x) easy difficult

38 Computer Science 38 S/Key (Cont’d) Pre-computation The System 1. Randomly generate x 2. Compute the following F xF1(x)F1(x) F F2(x)F2(x) F … Fn(x)Fn(x) 3. Save (username, F n (x)), and give x to the user.

39 Computer Science 39 S/Key (Cont’d) Authentication –The first time, the user supplies F (n-1) (x). –The system checks if F(F (n-1) (x))=F n (x). If yes, the user is authenticated and the system replaces F n (x) with F (n-1) (x). –The second time, the user supplies F (n-2) (x). –The third time, … F F (i-1) (x)Fi(x)Fi(x)

40 Computer Science 40 Time Synchronized There is a hand-held authenticator –It contains an internal clock, a secret key, and a display –Display outputs a function of the current time and the key –It changes about once per minute User supplies the user id and the display value Host uses the secret key, the function, and its clock to calculate the expected output The login is valid if the values match In practice, the clock skew is a problem

41 Computer Science 41 Time Synchronized (Cont’d) One Time Password Secret Key Encryption Time

42 Computer Science 42 Challenge Response A non-repeating challenge from the host instead of a clock is used Note that the device requires a keypad. HOST WORK STATION NETWORK User ID Challenge Response

43 Computer Science 43 Challenge Response (Cont’d) Challenge Response Secret Key Encryption

44 Computer Science 44 Challenge Response (Cont’d) Problems with challenge/response schemes –Key database is extremely sensitive –This can be avoided if public key algorithms are used; however, the outputs would be too long for users to input conveniently

45 Computer Science 45 Biometrics Fingerprint Retina scan Voice pattern Signature Typing style

46 Computer Science 46 Biometrics (Cont’d) TechniqueDescriptionMin. CostFalse Reading RetinaEyes scanned 1 to 2 inches from screening device $2,4001/10,000,000+ IrisCamera image of eye takes from 14 inches $3,5001/131,000 HandHand scanned on plate by three video cameras at different angles $2,1501/500 FingerprintFinger scanned on glass plate$1,9951/500 SignatureWritten with special pen on digitizer tablet $1,0001/50 VoicePredefined phrase spoken into telephone or microphone $1,5001/50

47 Computer Science 47 Effectiveness of Biometrics Two types of errors for authentication –False acceptance (FA) Let imposters in FAR: the probability that an imposter is authenticated. –False rejection (FR) Keep authorized users out FRR: the probability that an authorized user is rejected. Another type of error for identification –False match (FM) One user is mistaken for another (legitimate user) FMR: the probability that a user is incorrectly matched to a different user’s profile. No technique is perfect!

48 Computer Science 48 Multimodal Biometrics Use multiple Biometrics together. –AND: Accept only when all are passed Why do we need this? –OR: Accept as long as at least one is passed Why do we need this? –Others Retina scan Fingerprint Voice recognition User Decision Yes/No

49 Computer Science 49

Download ppt "Computer Science 1 CSC 405 Introduction to Computer Security Topic 4. Security in Conventional Operating Systems -- Part II."

Similar presentations

Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science ©2002-2004 Matt.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CS5261 Information Security CS 526 Topic 8: Operating Systems Security Basics & Unix Access Control Topic 8: Operating System Security Basics.

CS5261 Information Security CS 526 Topic 8: Operating Systems Security Basics & Unix Access Control Topic 8: Operating System Security Basics.
CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 17: Signals, Process Credentials.

CS252: Systems Programming Ninghui Li Based on Slides by Prof. Gustavo Rodriguez-Rivera Topic 17: Signals, Process Credentials.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
Building Secure Software Chapter 9 Race Conditions.

Building Secure Software Chapter 9 Race Conditions.
Lecture 7 Access Control

Lecture 7 Access Control
Security-Authentication

Security-Authentication
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li

Similar presentations

Ads by Google