Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Authentication. Authentication and Security A major problem with computer communication – Trust Who is sending you those bits What they allow.

Published byErika Baldwin Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and Authentication. Authentication and Security A major problem with computer communication – Trust Who is sending you those bits What they allow."— Presentation transcript:

1 Security and Authentication

2 Authentication and Security A major problem with computer communication – Trust Who is sending you those bits What they allow to do in your system 2

3 Authentication In distributed systems, services are rendered in response to incoming messages. It is important that the server know for sure who the client is! The simple solution is to send the user name and password with every request 3

4 Kerberos Authentication in Distributed Systems 4

5 Kerberos History Developed at MIT in early 1980’s Computing shift from mainframes to workstations Pools of distributed workstations connected to servers Concept of “Network Credentials” Two commercial and non-compatible versions V4 and V5 Principles and systems are relevant until today 5

6 Kerberos Authentication service, based on a secure authentication server and on encryption The server knows all passwords, but they are never transmitted across the network Passwords are used to generate encryption keys. 6

7 Kerberos Environment 7

8 Separation between two actions: –Authentication – logging into the “network” –Communication – holding a session between two parties 8

9 Kerberos Architecture 9

10 Kerberos Protocol The client workstation where the user is trying to log in sends the user name U to the server. The Kerberos server does the following: –It looks up the user’s password p, and uses a one-way function to create an encryption key K p from it. –It generates a new session key Ks for this login session. –It bundles the session key with the user name: {U,Ks}. 10

11 Kerberos Protocol (cont.) –It uses its own secret encryption key K k to encrypt this. –It bundles the session key with the created unforgeable ticket, creating {Ks, {U,Ks} K k }. –Finally, the whole thing is encrypted using the user- key that was generated from the user’s password, leading to {Ks, {U,Ks} K k }Kp. This is sent back to the client. 11

12 Kerberos Protocol The client does the following steps: –It prompts the user for his password p, immediately computes K p, and erases the password. –Using K p, the client decrypts the message it got from the server, and obtains Ks and {U,Ks} K k. –It erases the user key Kp. 12

13 Now What? Now, the client can send authenticated requests to the Kerberos server Each request is composed of two parts: –The request itself, R, encrypted using Ks, –The unforgeable ticket. The server decrypts the ticket using its secret key K k, and finds U and K s 13

14 But… An eavesdropper can copy the whole request message and retransmit it The Kerberos server does not provide any real services. All it does is to provide keys for other servers. 14

15 Finally Kerberos will send the allocated key K f to the client encrypted by K s, and also send it to the file server using K b The client will then be able to use K f to convince the file server of its identity –perform operations on files 15

16 Introduction to Security 16 Based on Slides by Shlomo Kipnis, Introduction to Security Course

17 What is Security? Making sure that bad things do not happen Reducing the chances that bad things will happen Lowering the impact of bad things Providing means to recover from bad things 17

18 Security Challenges Securing a variety of different systems Securing interfaces between different systems Different security goals and needs Attackers seek weakest link in the system Security people must protect all links in the system Maintaining system usability Keeping security costs under control 18

19 Threats & Attacks Unauthorized access Denial of service Computer viruses Trojan horses Information loss Data leaks Data manipulation Data theft Data destruction Program manipulation 19

20 Eavesdropping and Packet Sniffing Description: Acquiring information without changing it Means: Packet sniffers, routers, gateways, capturing and filtering out packets Threats: Sniffing can be used to catch various information sent over the network –Login + Password –Credit card numbers –E-mails and other messages –Traffic analysis 20

21 Snooping Description: Acquiring information without modifying it Means: Browsing documents on disk or main memory –Using legitimate privileges (insiders) –Hacking into a system (outsiders) –Stealing laptops –Monitoring keyboard strokes –Observing timing information (covert channels) Threats: –Obtaining sensitive information (files with credit card numbers) –Discovering passwords, secret keys, etc. 21

22 Tampering Description: Modifying or destroying stored data Means: Insiders misusing privileges or outsiders breaking into system Threats: –Change records – school grades, prison records, tax payers’ debts (NY $13 million property tax fraud) –Erase audit trails (by hacker) –Plant Trojan-horses for password gaining, and other uses 22

23 Spoofing Description: Impersonating other users or computers to obtain privileges Means: –Account stealing, password guessing, social engineering –IP spoofing: E-mail forging, false IP From address, hijacking –IP connections Threats: –Forged messages ( “exam is cancelled”) –Denial of Service (IP attacks, SYN attacks, Ping-of-Death) 23

24 Jamming Description: Disabling a system or service Means: Engaging host in numerous (legitimate) activities until exhausting its resources; spoofing return addresses to avoid tracing Threats: –Consume all resources on the attacked machines, e.g., memory (SYN attack), disk (E-mail attack) –Exploit bug to shut down hosts (ping-of-death) 24

25 Code Injection Description: Injecting malicious code to execute on host with high privileges and infecting other hosts Means: –Virus: attached to executable, spread through infected floppy disks, E-mail attachments, macros –Worm: replicate over the Internet Threats: –Everything… 25

26 Methods 26

27 Exploiting Flaws Exploit vulnerabilities in software to penetrate systems –Buffer overflow (e.g., ‘finger’, Internet Worm, Web Site apps) –Mobile code security flaws (Java, ActiveX) Knowledge spreads faster than remedy –Hacker bulletins –Advisories: Flaws/fixes repositories, e.g., CERT Publicly available software kits to detect known vulnerabilities, e.g., SATAN, ISS But they are not always followed readily, and are often used to the advantage of hackers –Publicly available hacker kits on the net, e.g., RootKit (Unix) 27

28 Password and Key Cracking Guessing: family member names, phone numbers, etc. Dictionary Attack: systematic search –Crack: dictionary attack extended with common patterns crack is now employed by sys-admins and the passwd program Exhaustive search: –Crypt-analysis tools evolve continually –The Internet provides a massively parallel computing resource Crypt-analysis, bad generators, timing analysis Smart-card cracking via fault injection 28

29 Social Engineering Spoofing a “real system”: –Login screen –Phone numbers –ATM story Spoofing a “service”: –Stealing credit card numbers and PINs –Stealing passwords Agent-in-the-Middle Attacks –Special print of newspaper –Router, gateway, bulletin boards, etc. 29

30 Buffer Overflow Based On Slides by Tomer Harpaz Advanced OS seminar 30

31 Buffer Overflows Common Stack or heap Overwriting control-data or sensitive data

32 Memory Organization 0x0000 0xffff

33 Memory Organization (cont.) Memory addresses

34 Stack Buffer Overflow

35 Stack Buffer Overflow (cont.)

36 Solutions Os level –Exec shield –Address space layout randomization –Etc.. Programmer level –fgets (not gets) –strncpy (not strcpy) –Etc… 36

Download ppt "Security and Authentication. Authentication and Security A major problem with computer communication – Trust Who is sending you those bits What they allow."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
SCSC 455 Computer Security

SCSC 455 Computer Security
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Similar presentations

Ads by Google