CS 161 Computer Security Midterm 1 Review Part 2 October 4 2006 Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 1 17 Shamir Secret Sharing Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 2 17 Sharing a secret Let s say we want to hide a secret with t people such that any q of them can reconstruct the secret but any q 1 cannot We can use a polynomial with random coefficients f x x q aq 1 x q 1 a1 x a0 mod p The secret is f 0 a0 and the shares we distribute are f 1 f 2 f t the other coefficients are also kept secret Now any q people can solve the polynomial for a0 but q 1 have no information Note Could do something similar with real numbers but integers are easier so we use modular arithmetic Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 3 17 Secret sharing simple example Let q 3 and p 11 don t confuse with the p q of RSA f x x 3 a2 x 2 a1 x a0 mod 11 Let s say the secret we want to hide is 5 and we randomly choose coefficients a2 3 and a1 9 For t 6 we compute f 1 7 f 2 10 f 3 9 f 4 10 f 5 8 and f 6 9 Any three can now solve for coefficients f 2 10 8 4a2 2a1 a0 mod 11 f 3 9 5 9a2 3a1 a0 mod 11 f 6 9 7 3a2 6a1 a0 mod 11 Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 4 17 Zero Knowledge Protocols Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 5 17 Zero knowledge proof of identity Goal 1 Alice knows that the person she s talking to is Bob Goal 2 Bob reveals no additional information to Alice Assumptions Alice knows Bob s public key Taking square roots modulo n is hard Protocol everything mod pq Bob picks secret b publishes b2 as public key persistent Alice wants to check Bob s identity asks Bob to begin Bob picks random r new each run sends commitment r 2 to Alice Alice flips coin or chooses heads means reveal r Alice verifies r 2 tails means reveal rb Alice verifies r 2 b2 If Bob passes Alice is 50 convinced of his identity Repeat arbitrarily many times Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 6 17 How can Mallory pretend to be Bob Doesn t know b because he can t factor but can game the system To know the heads answer picks r like Bob would When Alice sends heads he sends r If Alice sends tails what can he do nothing To know the tails answer picks t and computes r 2 t 2 b2 to send to Alice When Alice sends tails he sends t Alice thinks he sent rb and checks by squaring it but rb 2 r 2 b2 t 2 b2 b2 t 2 so fake Bob has fooled Alice on tails If Alice sends heads he can t do anything because he didn t pick r and then square it he just picked something that he called r 2 but he can t take the square root Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 7 17 Why doesn t the protocol leak information to Alice When she flips heads Bob just reveals a random number which Alice could have picked by herself When she flips tails Bob sends her rb but this is also random because multiplication induces a permutation so a random number times anything lands on a random value Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 8 17 Authentication Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 9 17 Authentication Authentication is verifying an identity or verifying the originator of a message Many types of authentication Person person Person local computer Remote computer person etc Difficult to get right and easy to screw up Most real attacks today are authentication attacks phishing pretexting spyware password pop ups etc Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 10 17 Needham Schroeder Symmetric encryption with trusted server Each user shares symmetric key with server A shares key a B shares key b etc A S B a S A t A t b a A B A t b A B messages t Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 11 17 Problem and fix Replay attack M B A t b M B something that shouldn t be repeated t Solution nonces unique value such as a random number or timestamp Revised N S every message has timestamp so attacker can t replay Problems remain requires real time trusted third party Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 12 17 Firewalls Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 13 17 Firewall overview Motivation Every network service is a potential hole Block services in the network before they reach machines Enforces security policy policy on which services should be visible which should be blocked and how we distinguish insiders from outsiders Default allow vs default deny Default allow is easier on users and bothers them less Default deny is more secure in several ways fails safe catches unknown attacks hedges against common mistakes Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 14 17 Packet filters Checks each packet against series of rules Rules test IP protocol port etc to decide drop or allow The first matching rule decides the action Syntax hactioni hprotoi haddri haddri Each haddri is of the form hipi hporti in out The wildcard matches any value in out difference is which interface packet received on Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 15 17 Firewall example allow tcp out 1 2 3 4 25 in allow tcp in out allow tcp out in if ACK is set drop Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 16 17 More on firewalls Reference monitor Application level firewall can do more than packet filter Mediates all access to network Three requirements Always invoked tamper resistant verifiable Inspect and enforce application protocols Do more nuanced filtering Stateful firewall can do more Assemble TCP connections not just look for ACK Limit number of open requests etc VPNs extend perimeter over secure channel to remote machine Good for working from home bad if home computer gets virus Marco Barreno CS 161 Fall 2006 Midterm 1 Review Part 2 17 17
View Full Document
Unlocking...