Avinanta Tarigan Universitas Gunadarmaavinanta.staff.gunadarma.ac.id/.../IntroToSecurity.pdf · Asymmetric/Public Key Crypt. A 7!B: fMg K b Principal A sends B message M encrypted

Introduction to Security

Avinanta Tarigan

Universitas Gunadarma

1 Avinanta Tarigan Introduction to Security

Layout

ProblemsGeneral SecurityCryptography & Protocol reviewed


Problems

Life was beautiful before computer, getting worse afterInternetDistributed systems: each depends on othersHow can we assure system behaves correctly & securely ?Can we trust systems on the other side ?


Problems .. (cont)

How to assure security of the networkHow to quantify riskWhat are the boundaries of the system ?Relationship to political, social, enomical aspects is notwell understoodUncertainty


Definition

In General :

Computer Security deals with the method againstunauthorized actions in computer systems

More General :

Dependability to other institution is also insecurity


Basic


Basic


Basic

Vulnerability (Kelemahan)

Security Violation (Pelanggaran)

* Unauthorized Access (Cracked)

* Password Stolen* Unauthenticated Sites

* Sensible Information Sniffed

Attacker who attacks

State(Keadaan)

StateTransition


What is secure ?

Computer based system behaves according to1 algorithms (program/software)2 user direction (input)

Given systems & environment:1 secure states (system maintains security properties)2 insecure states (violation of security policy)3 paths lead to insecure states (vulnerability)

Correctness: maintain intended behavior according tocorrect specification while unintended behavior will not bereachableSecurity policy: definition of (1,2,3)Attack : Persistence, Intentional, Outsider vs Insider,Loss vs Gain


Threats ... (cont)

Towards vulnerable system [Abadi] :

Interaction with uncertain physical, network, softwareenvironment.Using public network, distributed administration, diverseoperatorsCOTS, business demand is the priority, Monocultures


Threats ... (cont)

Attack :

Physical attackex. theft of harddisk/cdroms, bombing, etc.Syntatic attackex. buffer overflow, domain theft, SQL injectionSemantic attackex. Social engineering, site phising


Security Policy

We define secure states and insecure statesDefine paths which always bring system in secure states:what is permitedDefine also paths might lead to insecure states: what is notallowedSpecified in formal language for clearness, unambiguity,consistency, and verificabilityWritten in natural language for better understanding


Properties

Confidentiality (Secrecy)Unauthorized disclosure of information is not reachable(Acces Control - Cryptography)IntegrityUnauthorized modification of information is not reachable

Data integrity - Origin integrity / authenticationPrevention (access control) - Detection (hash function)


Properties ... (cont)

AvailabilityPrevention & detection of denial of serviceAccountabilityThe availablity and completeness of the track of pastsystem statesWho - Whom - What - When - WhereImplementation: should be forensic ready


Goals

Preventionto fail the attackDetectionto detect unprevented attackRecoveryto stop the attack & repair attacked system


Security Mechanism

Way to enforce security policiesHow to limit system behavior according to policiesSpecification - Design - Implementation - Operation &Maintenance - Audit (Forensic)Access Control & Cryptography


Access Control

Reference MonitorSet of precise rules according to security policy, applied asa filter to the transition states of the system, which preventssystem in entering insecure stateAuthentication is mandatorySubjects, Objects, Actions, Time, Location, and otherattributes


Model of Acces Control

Subj 1 Subj 2 Subj N

Obj 1 Obj 2 Obj N Obj 1 Obj 2 Obj N

DiscretionaryAccess Control

(DAC)Access Control

(MAC)

Mandatory Safe Dealing(SD)

Role BasedAccess Control

(RBAC)

Obj 1 Obj 2 Obj N

Subj 1 Subj NSubj 2 Subj 1 Subj NSubj 2Subj 1 Subj NSubj 2

��

��

��

��

��

��

��

��

Confident AttributeControl

Ticket K−1 Ticket K

Ticket K+1

Enrollment

Secret

Top Secret

Obj 2

Obj N

Obj 1


Implementation: Cryptography

Algorithm to protect secrecy of dataAlso used to gain :

authenticationintegritynon repudiation

Includes : algorithm and key(s)


Cryptography ... (cont)

Chipertext = Encrypt(Message,Key)

Message = Decrypt(Chipertext ,Key)

Decrypt(Chipertext) hard without KeyResearch questions :Is there any algorithm which is hard to compute originalmessage but easy to verify itIn implementation requires a protocol (CryptographicProtocol)


Symmetric Crypt.

A 7→B : {M }Kab

Principal A sends B message Mencrypted with shared-key Kab

Key is shared between 2 principalsNeeds N2 keys for N principalsFast but key management is not easyExample of Chiper: DES, 3DES, Blowfish, AES


Asymmetric/Public Key Crypt.

A 7→B : {M }Kb

Principal A sends B message Mencrypted with B’s public-key Kb

Only with private-key K −1b , B can decrypt M

Principal has its own K which is published and K −1

which must be keeped secretKey management is less difficult, usualy managed byCertification AuthorityExample of Chiper: RSA (Rivest-Shamir-Addleman),Elliptic-Curve


One-Way-Hash

Algorithm to compute large data into small integer,producing fingerprint of the message

Used for maintaining integrity of message beingtransferredExample: MD5, SHA1, SHA-256, Ripemd, Haval


Digital Signature (Sign)


Digital Signature (Verify)


Digital Signature

A 7→B : {M ,{Hash(M )}Ka}Kb

A’s digital signature on a message is the hash of messageencrypted with A’s private-keyAuthentication: only with A’s public-key, the hash can bedecryptedIntegrity: Hash functionConfidentiality: message can be decrypted only with B’sprivate-keyNon-Repudiation: explain for your self


Pictures of Cryptographer


Cryptographic Protocol

Implementation of Cryptography AlgorithmAchieving security properties (authentication,secrecy, etc.)Example :

Needham-Schroeder (authentication)Kerberos (authentication)SSL/TLS (auth - secrecy )



Example : Needham-Schroeder Protocol

M1 A 7→S : A, B, Na

M2 S 7→A : {Na, B, Kab, {Kab, A}Kbs}Kas

M3 A 7→B : {Kab, A}Kbs

M4 B 7→A : {Nb}Kab

M5 A 7→B : {Nb−1}Kab

Intoducing Nonce (N)



More example : Kerberos Protocol

M1 A 7→S : A, B

M2 S 7→A : {Ts, L, B, Kab, {Ts, L, Kab, A}Kbs}Kas

M3 A 7→B : {Ts, L, Kab, A}Kbs, {A, Ta}Kab

M4 B 7→A : {Ta + 1}Kab

Introducing TimeStamp (T ) and Lifetime (L)

Used in many system, including Windows



Problem :

Wrong design could lead to flaw

Needham-Schroeder ProtocolSSLv1.0

Wrong implementation could lead to vulnerability

Padding problem in SSL, SSH, and WTLSUser Interface design in Browser

Vulnerability arise between two protection technologies(Anderson, Ross)


Assurance : Formal Method

To prove correctness in achieving security properties whichprotocol carry outThere are two development approach :

Extention from method used in communicationNewly developed method

Four classifications :

1. General purpose tools 3. Expert System2. Logic based 4. Algebraic approach


Formal MethodUsing General Purpose Tools

Treated as ordinary comm. protocolAdversary is explicit, capable in read, intercept, and modifymessagesMethod : FSM, CSP, FDR, Petri NetsExample : Lotos, Ina Jo, Murphy

A BINTRUDER

System State


Formal MethodUsing Expert System

Investigate every possible scenario of Attack - Flaw -DefenceNeeds to define insecure states and search paths to themMore successful than General Purpose ToolsExample : Interrogator by Millen, NRL Protocol Analyzer byMeadows, Longley and Rigby


Formal MethodAlgebraic Approach

Capabilties in modeling knowledge which representscomponent in cryptographic operation (Nonce, Key(s), andold messages)Example :

Dolev - Yao (term re-writing systems)Sphi - Calculus by Abadi and Gordon (to prove secrecy)


Formal MethodLogic Based

One sees crypt. protocol as distributed algorithmDevelop logics from modal logicThere are inference rulesGoal is to derived statements which represents correctconditionExample : BAN Logic and GNY Logic


Towards Secure System

Specification : Security PolicyImplementation : Security MechanismCorrectness : AssuranceMan - Machine - Management


Towards ... (cont)

Preventivemeasures

General Users

Detectivemeasures

Desktop

Servers

Perimeter

Managers

Security Team

Responsivemeasures


Towards .. (cont)

− Government Agent− Financial Institutions− Organizations− Local − etc

− Availability− Integrity− Confidentiality− Non Repudiation− etc

− User Education− Secure OS, Application, Perimeter− etc

Constituent Systems

ConstituentOrganizationalUnitsSecurity Goals

− Policy


Books, Papers, and Links

Ross Anderson, “Security Engineering”Matt Bishop, “Computer Security”Schneider et. al. “Modelling and Analysis of SecurityProtocols”Martin Abadi’s homepage athttp://www.cse.ucsc.edu/˜abadi


The End

End of this presentation


Documents

Avinanta Tarigan Universitas Gunadarmaavinanta.staff.gunadarma.ac.id/.../IntroToSecurity.pdf · Asymmetric/Public Key Crypt. A 7!B: fMg K b Principal A sends B message M encrypted