CSC 4320/6320 Operating Systems Lecture 11 SecurityChapter 15: SecurityObjectivesThe Security ProblemSecurity ViolationsStandard Security AttacksSecurity Measure LevelsAuthentication: Identifying UsersPasswords: SecrecyPasswords: How easy to guess?Passwords: Making harder to crackPasswords: Making harder to crack (con’t)Authentication in Distributed SystemsPrivate Key CryptographyKey DistributionAuthentication Server Continued [Kerberos]Public Key EncryptionAsymmetric Encryption (Example)Slide 19Public Key Encryption DetailsSecure Hash FunctionUse of Hash FunctionsAuthentication - MACSignatures/Certificate AuthoritiesSecurity through SSLSSL PitfallsCryptographic SummaryAuthorization AgainHow to perform Authorization for Distributed Systems?Distributed Access ControlAnalysis of Previous SchemeAnalysis ContinuedInvoluntary InstallationEnforcementState of the WorldOther Security ProblemsA Boot-sector Computer VirusSecurity Problems: Buffer-overflow ConditionThe Morris Internet WormSome other AttacksTiming Attacks: Tenex Password CheckingDefeating Password CheckingProtecting Information with Taint TrackingPossible avenues of leakage (MANY!)What is problem/SolutionSimple Taint Tracking ExampleStrawman has Covert Channel“Owner” privilegeMultiple categories of taintImplementing Security DefensesFirewalling to Protect Systems and NetworksNetwork Security Through Domain Separation Via FirewallComputer Security ClassificationsEnd of Lecture 11CSC 4320/6320Operating SystemsLecture 11SecuritySaurav KarmakarChapter 15: Security•The Security Problem•Program Threats•System and Network Threats•Cryptography as a Security Tool•User Authentication•Implementing Security Defenses•Firewalling to Protect Systems and Networks•Computer-Security Classifications•An Example: Windows XPObjectives•To discuss security threats and attacks•To explain the fundamentals of encryption, authentication, and hashing•To examine the uses of cryptography in computing•To describe the various countermeasures to security attacksThe Security Problem•Security must consider external environment of the system, and protect the system resources•Intruders (crackers) attempt to breach security•Threat is potential for security violation•Attack is attempt to breach security•Attack can be accidental or malicious•Easier to protect against accidental than malicious misuseSecurity Violations•Categories–Breach of confidentiality–Breach of integrity–Breach of availability–Theft of service–Denial of service•Methods–Masquerading (breach authentication)–Replay attack»Message modification–Man-in-the-middle attack–Session hijackingStandard Security AttacksSecurity Measure Levels•Security must occur at four levels to be effective:–Physical–Human»Avoid social engineering, phishing, dumpster diving–Operating System–Network•Security is as week as the weakest linkAuthentication: Identifying Users•How to identify users to the system?–Passwords»Shared secret between two parties»Since only user knows password, someone types correct password  must be user typing it»Very common technique–Smart Cards»Electronics embedded in card capable of providing long passwords or satisfying challenge  response queries»May have display to allow reading of password»Or can be plugged in directly; several credit cards now in this category–Biometrics»Use of one or more intrinsic physical or behavioral traits to identify someone»Examples: fingerprint reader, palm reader, retinal scan»Becoming quite a bit more commonPasswords: Secrecy•System must keep copy of secret to check against passwords–What if malicious user gains access to list of passwords?»Need to obscure information somehow–Mechanism: utilize a transformation that is difficult to reverse without the right key (e.g. encryption)•Example: UNIX /etc/passwd file–passwdone way transform(hash)encrypted passwd–System stores only encrypted version, so OK even if someone reads the file!–When you type in your password, system compares encrypted version•Problem: Can you trust encryption algorithm?–Example: one algorithm thought safe had back door»Governments want back door so they can snoop–Also, security through obscurity doesn’t work»GSM encryption algorithm was secret; accidentally released; Some grad students cracked in a few hours“eggplant”Passwords: How easy to guess?•Ways of Compromising Passwords–Password Guessing: »Often people use obvious information like birthday, favorite color, girlfriend’s name, etc…–Dictionary Attack: »Work way through dictionary and compare encrypted version of dictionary words with entries in /etc/passwd–Dumpster Diving:»Find pieces of paper with passwords written on them»(Also used to get social-security numbers, etc)•Paradox: –Short passwords are easy to crack–Long ones, people write down!•Technology means we have to use longer passwords–UNIX initially required lowercase, 5-letter passwords: total of 265=10million passwords»In 1975, 10ms to check a password1 day to crack»In 2005, .01μs to check a password0.1 seconds to crack–Takes less time to check for all words in the dictionary!Passwords: Making harder to crack•How can we make passwords harder to crack?–Can’t make it impossible, but can help•Technique 1: Extend everyone’s password with a unique number (stored in password file)–Called “salt”. UNIX uses 12-bit “salt”, making dictionary attacks 4096 times harder–Without salt, would be possible to pre-compute all the words in the dictionary hashed with the UNIX algorithm: would make comparing with /etc/passwd easy!–Also, way that salt is combined with password designed to frustrate use of off-the-shelf DES hardware•Technique 2: Require more complex passwords–Make people use at least 8-character passwords with upper-case, lower-case, and numbers»708=6x1014=6million seconds=69 [email protected]μs/check–Unfortunately, people still pick common patterns»e.g. Capitalize first letter of common word, add one digitPasswords: Making harder to crack (con’t)•Technique 3: Delay checking of passwords–If attacker doesn’t have access to /etc/passwd, delay every remote login attempt by 1 second–Makes it infeasible for rapid-fire dictionary attack•Technique 4: Assign very long passwords–Long passwords or pass-phrases can have more entropy (randomnessharder to crack)–Give everyone a smart card