OutlineThe Security Environment ThreatsIntrudersAccidental Data LossReliability Mechanisms (Redundancy)Step 0: Basics of CryptographyIntrusionsSecret-Key CryptographyPublic-Key CryptographyOne-Way FunctionsDigital SignaturesDistributing Public KeysStep 1: User AuthenticationAuthentication Using PasswordsSlide 16Login SpoofingSlide 18One-Time PasswordsChallenge - ResponseAuthentication Using a Physical ObjectAuthentication Using BiometricsCountermeasuresStep 2: Access Control Mechanisms Protection DomainsThe Access ModelAccess Control MatrixFile Access ControlTrusted Systems Trusted Computing BaseAccess Control ListsSlide 33Slide 34UNIX access controlCapabilitiesSlide 37Slide 38Calling MechanismDynamics of Protection SchemesDynamics of Protection SchemesSlide 42Slide 43PowerPoint PresentationSlide 45NTFS File EncryptionOutlineObjective: –Access Control MechanismsThe Security EnvironmentThreatsSecurity goals and threatsIntrudersCommon Categories1. Casual prying by nontechnical users2. Snooping by insiders3. Determined attempt to make money4. Commercial or military espionageAccidental Data LossCommon Causes1. Acts of God-fires, floods, wars2. Hardware or software errors-CPU malfunction, bad disk, program bugs3. Human errors-data entry, wrong tape mounted, rm *Reliability Mechanisms(Redundancy)•Replication of data, geographically distributed–As simple as backups–First-class replication (Coda)•Error detection-correction–Parity bits, checksums–Voting schemesStep 0: Basics of CryptographyRelationship between the plaintext and the ciphertextIntrusionslistenalterinsert•Monoalphabetic substitution–each letter replaced by different letter•Given the encryption key, –easy to find decryption key•Secret-key crypto called symmetric-key crypto–If keys are long enough there are OK algorithms–Secret key must be shared by both parties–DES (Data Encryption Standard)Secret-Key CryptographyPublic-Key Cryptography•All users pick a public key/private key pair–publish the public key–private key not published•Public key is the encryption key•Private key is the decryption key•RSA (Rivest, Shamir, Adelman)One-Way Functions•Function such that given formula for f(x)–easy to evaluate y = f(x)•But given y–computationally infeasible to find x•Example: Hash functions – produce fixed size result–MD5 – Rivest’s Message Digest Algorithm–SHA – US Gov’t Message Digest AlgorithmDigital Signatures•Computing a signature block–Hash is fixed length – apply private key•What the receiver gets–Use public key on signature block to get hash back–Compute the hash of document part–Do these match?•Assumes E(D(x)) = x when we usually want D(E(x))=x•Public key must be known by receiver somehow – certificate(b)Distributing Public Keys•Certificate authority–Trusted 3rd party–Their public key known•Send name and public key, digitally signed by CA (certificate authority)Step 1: User AuthenticationBasic Principles. Authentication must identify:1. Something the user knows2. Something the user has3. Something the user isThis is done before user can use the system for access controlAuthentication Using Passwords(a) A successful login(b) Login rejected after name entered(c) Login rejected after name and password typedAuthentication Using Passwords•How a cracker broke into LBL–a U.S. Dept. of Energy research labLogin Spoofing(a) Correct login screen(b) Phony login screenAuthentication Using PasswordsThe use of salt to defeat precomputation of encrypted passwordsSaltPassword,,,,One-Time PasswordsUsing 1-way function:•Function such that given formula for f(x)–easy to evaluate y = f(x)•But given y–computationally infeasible to find x•One-time passwords–Choose password s and integer n–1st time P1=f(f(f(f(s)))), 2nd time P2= f(f(f(s))), etc–Login name supplies current integer value–Server stores old password, f(newpassword)==old?Challenge - Response•Sets of question – answer pairs–Server picks one and asks–User knows answer•User picks function f(x)–Server sends a value for x–User sends back f(x) as password•Using symmetric encryption–Server sends random value r–User encrypts with secret key – e(r,k)•Server comparesAuthentication Using a Physical Object•Magnetic cards–magnetic stripe cards–chip cards: stored value cards, smart cardsAuthentication Using Biometrics•A device for measuring finger length.•Retinal scans•Voice recognitionCountermeasures•Limiting times when someone can log in•Automatic callback at number prespecified•Limited number of login tries•A database of all logins•Simple login name/password as a trap–security personnel notified when attacker bitesStep 2: Access Control Mechanisms Protection DomainsExamples of three protection domainsThe Access Model•Authorization problems can be represented abstractly by use of an access model.–each row represents a subject/principal/domain–each column represents an object–each cell: accesses permitted for the {subject, object} pair•read, write, delete, execute, search, control, or any other method•In real systems, the access matrix is sparse and dynamic.•need a flexible, efficient representation26Access Control Matrix•Processes execute in a protection domain, initially inherited from subject (user running the process)TAgrpTerryLynngradefilesolutionsproj1rwxrw rwrrxluvltrrrwhotgossiprwrwFile Access Control•Access control lists - detailed list attached to file of users allowed (denied) access, including kind of access allowed/denied.•UNIX RWX - owner, group, everyone•Capabilities – permitted accesses associated with subject (user), similar to an address space.–Un-forgeable object reference, like a pointer.Trusted SystemsTrusted Computing Base A reference monitorAccess Control Lists•Approach: represent the access matrix by storing its columns with the objects.•Tag each object with an access control list (ACL) of authorized subjects/principals.•To authorize an access requested by S for O–search O’s ACL for an entry matching S–compare requested access with permitted access–access checks are often made only at bind timeAccess Control ListsUse of access control lists of manage file accessAccess Control ListsTwo access control listsUNIX access control•Each file carries its access control with it.rwx rwx rwx setuidOwnerUIDGroupGIDEverybody else When bit set, itallows processexecuting objectto assume