SecurityThe Security Environment ThreatsBasics of CryptographySecret-Key CryptographyPublic-Key CryptographyRSA EncryptionRSA Encryption (contd.)Application of RSAHow can you authenticate “sender”?Digital SignaturesDigest FunctionsAlice’s bank account certificateDigital signatures with public keysLow-cost signatures with a shared secret keyOne-Way FunctionsSlide 16Buffer OverflowGeneric Security AttacksFamous Security FlawsDesign Principles for SecurityNetwork SecurityVirus Damage ScenariosHow Viruses Work (1)How Viruses Work (2)How Viruses Work (3)How Viruses Work (4)How Viruses SpreadAntivirus and Anti-Antivirus TechniquesSlide 29Slide 30The Internet WormMobile Code (1) SandboxingMobile Code (2)Mobile Code (3)Java Security (1)Java Security (2)Protection Mechanisms Protection Domains (1)Protection Domains (2)Protection Domains (3)Access Control Lists (1)Access Control Lists (2)Capabilities (1)Capabilities (2)Trusted Systems Trusted Computing BaseFormal Models of Secure SystemsMultilevel Security (1)Multilevel Security (2)Orange Book Security (1)Orange Book Security (2)Covert Channels (1)Covert Channels (2)Covert Channels (3)SecurityChapter 99.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from outside the system 9.6 Protection mechanisms 9.7 Trusted systemsThe Security EnvironmentThreatsSecurity goals and threatsBasics of CryptographyRelationship between the plaintext and the ciphertext•Monoalphabetic substitution–each letter replaced by different letter•Given the encryption key, –easy to find decryption key•Secret-key crypto called symmetric-key cryptoSecret-Key CryptographyPublic-Key Cryptography•All users pick a public key/private key pair–publish the public key–private key not published•Public key is the encryption key–private key is the decryption keyRSA Encryption To find a key pair e, d: 1. Choose two large prime numbers, P and Q (each greater than 10100), and form:N = P x Q Z = (P–1) x (Q–1)2. For d choose any number that is relatively prime with Z (that is, such that d has no common factors with Z).We illustrate the computations involved using small integer values for P and Q:P = 13, Q = 17 –> N = 221, Z = 192 d = 53. To find e solve the equation:e x d = 1 mod ZThat is, e x d is the smallest element divisible by d in the series Z+1, 2Z+1, 3Z+1, ... . e x d = 1 mod 192 = 1, 193, 385, ...385 is divisible by de = 385/5 = 77RSA Encryption (contd.)To encrypt text using the RSA method, the plaintext is divided into equal blocks of length k bits where 2k < N (that is, such that the numerical value of a block is always less than N; in practical applications, k is usually in the range 512 to 1024).k = 7, since 27 = 128 The function for encrypting a single block of plaintext M is: (N = P X Q = 13X17 = 221), e = 77, d = 5:E'(e,N,M) = Me mod Nfor a message M, the ciphertext is M77 mod 221The function for decrypting a block of encrypted text c to produce the original plaintext block is:D'(d,N,c) = cd mod NThe two parameters e,N can be regarded as a key for the encryption function, and similarly d,N represent a key for the decryption function. So we can write Ke = <e,N> and Kd = <d,N>, and we get the encryption function: E(Ke, M) ={M}K (the notation here indicating that the encrypted message can be decrypted only by the holder of the private key Kd) and D(Kd, ={M}K ) = M. <e,N> - public key, d – private key for a stationApplication of RSA•Lets say a person in Atlanta wants to send a message M to a person in Buffalo:•Atlanta encrypts message using Buffalo’s public key B E(M,B)•Only Buffalo can read it using it private key b: E(b, E(M,B)) M•In other words for any public/private key pair determined as previously shown, the encrypting function holds two properties:–E(p, E(M,P)) M–E(P, E(M,p)) MHow can you authenticate “sender”?•In real life you will use signatures: we will look at concept of digital signatures next.•Instead of sending just a simple message, Atlanta will send a signed message signed by Atlanta’s private key:–E(B,E(M,a)) •Buffalo will first decrypt using its private key and use Atlanta’s public key to decrypt the signed message:–E(b, E(B,E(M,a)) E(M,a)–E(A,E(M,a)) MDigital Signatures•Strong digital signatures are essential requirements of a secure system. These are needed to verify that a document is:•Authentic : source•Not forged : not fake•Non-repudiable : The signer cannot credibly deny that the document was signed by them.Digest Functions•Are functions generated to serve a signatures. Also called secure hash functions.•It is message dependent.•Only the Digest is encrypted using the private key.Alice’s bank account certificate1. Certificate type: Account number2. Name: Alice3. Account: 62626264. Certifying authority: Bob’s Bank5. Signature: {Digest(field 2 + field 3)}KBprivDigital signatures with public keys{h}KpriMSigningVerifyingE(Kpri, h)128 bitsH(M)hMhH(doc)D(Kpub,{h}) {h}Kprih'h = h'?Msigned docLow-cost signatures with a shared secret keyMSigningVerifyingH(M+K)hh'H(M+K)hh = h'?KMsigned docMKOne-Way Functions•Function such that given formula for f(x)–easy to evaluate y = f(x)•But given y–computationally infeasible to find xDigital Signatures•Computing a signature block•What the receiver gets(b)Buffer Overflow•(a) Situation when main program is running•(b) After program A called•(c) Buffer overflow shown in grayGeneric Security AttacksTypical attacks•Request memory, disk space, tapes and just read•Try illegal system calls•Start a login and hit DEL, RUBOUT, or BREAK•Try modifying complex OS structures•Try to do specified DO NOTs•Convince a system programmer to add a trap door•Beg admin's sec’y to help a poor user who forgot passwordFamous Security FlawsThe TENEX – password problem(a) (b) (c)Design Principles for Security1. System design should be public2. Default should be n access3. Check for current authority4. Give each process least privilege possible5. Protection mechanism should be-simple-uniform-in lowest layers of system6. Scheme should be psychologically acceptableAnd … keep it simpleNetwork Security•External threat–code transmitted to target machine–code executed there, doing damage•Goals of virus writer–quickly spreading virus–difficult to detect–hard to get rid of•Virus = program can reproduce itself–attach
View Full Document
Unlocking...