CS162 Operating Systems and Systems Programming Lecture 20 Security I April 11 2011 Ion Stoica http inst eecs berkeley edu cs162 What We Learnt So Far Concurrency control Goal run multiple activities concurrently to improve response time and increase system utilization Challenge contention to resources isolation Techniques Synchronization Deadlock prevention detection Scheduling Memory hierarchy Goal provide illusion of largest memory in the hierarchy with the latency of the fastest one Challenge hide latency isolation Techniques Caching replacement Paging 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 2 What We Learnt So Far Concurrency Control Techniques Synchronization Via shared memory locks semaphores condition variables Via communication channels window based flow control Transactions two phase locking Deadlock Detection find cycles in allocation graph Prevention banker algorithm partial order of granting resources Scheduling Threads processes round robin FCFS SRJF Transactions query optimization 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 3 Goals for Today Conceptual understanding of how to make systems secure Key security properties Authentication Data integrity Confidentiality Non repudiation Cryptographic Mechanisms Note Some slides and or pictures in the following are adapted from slides 2005 Silberschatz Galvin and Gagne and lecture notes by Kubiatowicz 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 4 Protection vs Security Protection one or more mechanisms for controlling the access of programs processes or users to resources Page table mechanism Round robin schedule Data encryption Security use of protection mechanisms to prevent misuse of resources Misuse defined with respect to policy E g prevent exposure of certain sensitive information E g prevent unauthorized modification deletion of data Requires consideration of the external environment within which the system operates Most well constructed system cannot protect information if user accidentally reveals password 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 5 Types of Misuse Preventing Misuse Accidental If I delete shell can t log in to fix it Could make it more difficult by asking do you really want to delete the shell Intentional Some high school brat that transfers 3 billion from B to A Doesn t help to ask if they want to do it of course Three Pieces to Security Authentication who the user actually is Authorization who is allowed to do what Enforcement make sure people do only what they are supposed to do Loopholes in any carefully constructed system Log in as superuser and you ve circumvented authentication Log in as self and can do anything with your resources for instance run program that erases all of your files Can you trust software to correctly enforce Authentication and Authorization 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 6 Security Requirements Authentication Ensures that a user is who is claiming to be Data integrity Ensure that data is not changed from source to destination or after being written on a storage device Confidentiality Ensures that data is read only by authorized users Non repudiation Sender client can t later claim didn t send write data Receiver server can t claim didn t receive write data 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 7 Securing Communication Cryptography Cryptography communication in the presence of adversaries Studied for thousands of years See the Simon Singh s The Code Book for an excellent highly readable history Central goal confidentiality How to encode information so that an adversary can t extract it but a friend can General premise there is a key possession of which allows decoding but without which decoding is infeasible Thus key must be kept secret and not guessable 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 8 Using Symmetric Keys Same key for encryption and decryption Plaintext m Encrypt with secret key m Internet Decrypt with secret key Ciphertext 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 9 Symmetric Keys Can just XOR plaintext with the key Easy to implement but easy to break using frequency analysis More sophisticated e g block cipher algorithms Works with a block size e g 64 bits To encrypt a stream can encrypt blocks separately or link them 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 10 Symmetric Key Ciphers DES AES Data Encryption Standard DES Developed by IBM in 1970s standardized by NBS NIST 56 bit key decreased from 64 bits at NSA s request Still fairly strong other than brute forcing the key space But custom hardware can crack a key in 24 hours Today many financial institutions use Triple DES DES applied 3 times with 3 keys totaling 168 bits Advanced Encryption Standard AES Replacement for DES standardized in 2002 Key size 128 192 or 256 bits How fundamentally strong are they No one knows no proofs exist 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 11 Authentication via Symmetric Crypto Authenticate entity by its secret key Example You know Alice s secret key You are talking with a person claiming she is Alice Question How do you verify she is indeed Alice Answer Just verify she knows Alice s secret key 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 12 Example Client Server Authentication Client s secret key CHK Server s secret key SHK Notation E m k encrypt message m with key k x y nonces random values client E x C server HK HK S y E K H 1 S x E E y 1 CHK Avoid replay attacks e g attacker impersonating client or server HK S K E E me ssage K session key used for data communication K minimize of messages containing CHK SHK 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 13 Integrity Cryptographic Hashes Basic building block for integrity hashing Associate hash with byte stream receiver verifies match Assures data hasn t been modified either accidentally or maliciously Approach Sender computes a digest of message m i e H m H is a publicly known hash function Send digest d H m to receiver in a secure way e g Using another physical channel Using encryption Upon receiving m and d receiver re computes H m to see whether result agrees with d 4 11 Ion Stoica CS162 UCB Spring 2011 Lec 20 14 Operation of Hashing for Integrity corrupted msg plaintext m m NO Digest H m 4 11 Internet digest Ion Stoica CS162 UCB Spring 2011 digest Digest H m Lec 20 15 Standard Cryptographic Hash Functions MD5 Message Digest version 5 Developed in 1991 Rivest Produces 128 bit hashes Widely used RFC 1321 Broken Recent work quickly finds collisions SHA 1 Secure Hash
View Full Document
Unlocking...