EECS 122University of CaliforniaBerkeleyEECS122 - Contents – Index - Examples of AttackPrinciplesThreatsCryptographySecurity SystemsSECURITYEECS122 - Contents – Index -Buffer OverflowDenial of Service AttackEmail virusARP attackSECURITY - AttacksEECS122 - Contents – Index - Basic Mechanism:Attacker overwrites program stack to force execution of her code Examples:VirusCorrupt filesSECURITY – Attacks – Buffer Overflow EECS122 - Contents – Index - ! !" !"#$%&'( '( )&*$%&')%&')+$!),')( )&* -)'.&/)*)$0)%1SECURITY – Attacks – Buffer Overflow "EECS122 - Contents – Index - ! #$Protect memory by preventing overwrite of stack[either through OS or through language]Check validity of requestSECURITY – Attacks Buffer Overflow%EECS122 - Contents – Index -& ' ()*Basic Mechanism Flood a host with a rapid sequence of SYNsEffect Host sets aside some space to store state of new TCP connection If rapid sequence, then host runs out of space and crashesRemediesCheck for “valid” SYNs, i.e., SYNs followed by requests; discard invalid SYNs to clear memoryUse smart firewall that forwards only valid SYNs to hostsStore “state” in cookie that comes back with requestSECURITY – Attacks – DOS – SYN+EECS122 - Contents – Index -& ' && Distributed Denial of Service AttackBasic Mechanism Saturate a link to a host by sending requests from many nodes across the InternetEffect Host is incapacitatedRemediesVerify that source IP exists (i.e., is not spoofed)Block packets that DDOS tools use (some ICMPs)Limit rate of ICMP flowsLimit rate of SYNsTrace back from last router upstream to block packets toward that linkSECURITY – Attacks – DOS – DDOS,EECS122 - Contents – Index -$Basic Mechanism Attachment that contains virusEffect Some email programs execute code in virus without authorizationRemediesFirewall to check attachments and remove specific onesAvoid automatic execution of attachmentsSECURITY – Attacks – Email-EECS122 - Contents – Index -#.Basic Mechanism Intruder replies to ARP request and performs denial of service on hostA [ARP: Who is IP B]C [ARP: I am IP B]; DoS BEffectC impersonates B for ARemediesCheck source of ARPAvoid DoSSECURITY Attacks – ARPEECS122 - Contents – Index -./You would somehow like to have your data (or that of others) be secure. This often means you want to: know who really sent it know nobody else read itMore specifically, protect from: eavesdropping, masquerading, replay, traffic analysis, exploit-based attacks, denial-of-serviceSECURITY – Principles EECS122 - Contents – Index -./ These attacks are often classified asActive:somebody actually generates or modifies network trafficeasier to detect, harder to preventPassive:somebody just collects and analyses network trafficharder to detect, easier to preventSECURITY PrinciplesEECS122 - Contents – Index -01Message authentication codeEncryption IntegrityConfidentiality Documents Signature, password, watermarkEncryption, relay IdentityPrivacy Users Physical security (lock)Virus detectionFirewall, passport control PhysicalInfectionIntrusion ComputersProtectionTypeAgainst SECURITY – ThreatsEECS122 - Contents – Index -/2/1SECURITY – CryptographyBasic MechanismMain IssuesSecret KeyPublic KeyHashing EECS122 - Contents – Index -31$2"345#2"2"645#2"!/*.3*7/)*$&*/)*7.*43*7%.567/)*$&*/)*SECURITY – Cryptography – Basic Mechanism "EECS122 - Contents – Index -31$ 345# 645# Two flavors: Secret Key: E(.) and D(.) are known only to Bob and Alice Public Key: Alice advertises E(.) that should be used to encrypt messages to her8)9 **! !/SECURITY – Cryptography – Basic Mechanism %EECS122 - Contents – Index -31$2"345#2"2"645#2"645/'/*+')$345345')&!%90)*2,7$&*/)*1: 3'7)) &: %)/*+2 ;))/*(345/')&!%9%)(2 ;))/*( *7345</')&!%9%)$/(&)&$&*/)*645<)2 *),/*( *7/'4<3455</')&!%9%)$/(&)&$&*/)*645SECURITY – Cryptography Basic Mechanism+EECS122 - Contents – Index -3 For the cryptographer, the main issues:choice of the transformation (D and E)is the underlying mathematical basis efficient for decoding and encoding with keys and hard without them?do you publish the algorithm or not?generation and distribution of keysmight like to use random numbers, but computers aren’t exactly random deviceshow do you get a secret from one person to another if you don’t already have keys!?SECURITY –
View Full Document