View
227
Download
2
Tags:
Embed Size (px)
Citation preview
Chapter 4
Logistic Security Approaches
Logistic approaches are based on management techniques to provide the security measurements
Typical approaches: password, Key management protocols, access control, convert channel, composing security, privileges and roles, security kernel
4.1 Passwords
Is the only explicit protection used to authenticate identity for access to a computer system
most common techniques are: user generated password computer generated password tunable password
4.1.1 User Generated Password
Created by user for his own useselected passwords are normally pleasant or
enjoyable images of their mindrequire no writing down of passwords - more
safebut is quite easy to guesscan be cracked by electronic search because
high percentage are words in Dictionary
Example from Internet Attack 1988 with passwords start with ‘a’
Aaa Anything Andromache Aerobics Anvils
Airplane Arrow Amorphous Albatross Ariadne
Albert Atmosphere Aria Alexander Athen
Ama Academia Arthur Alphabet Azure
Anchor Albany aztecs animals analog
answer Aliases
Obvious Personal Attributes
Spouse’s name, children’s name, pet name, birthday
license plate number, telephone numberinitialsyear of marriagefemale surname or name (are sufficient to
get into various account in Bell Labs)
Keyboard Patterns
Ghghghbbbbb123-09qwppo1qazetc
Re-used passwords
Normal users with access to various systems will maintain the same password pattern
if attacker crack a password in a less secured environment, this password may be used to crack some more secured system
4.1.2 Computer Generated Password
Created by computer to be less predictablepoor password can be removed from systemnormal a choice of password is providedto prevent possible attack, password aging
technique is used, that is new password is generated periodically
disadvantage: difficult to remember
4.1.3 Tunable PasswordCompromise approach for user and computer
generated passwordallows system administrator to provide users
with part of a passworduser can use this to construct a new password
according to specified rulesExample: computer generated w5G and user
can provide prawn5GRAND or why55_Go60advanatge: of both user and CG password
4.1.4 Dynamic Password
Similar to tunable passwordthe CG password part is generated by
computer and a tag (portable device) and user part is the same
require synchronization of Password Generation
Advantage: prevent tapping the static password via the network
4.1.5 Password Cracking
Critical consideration for selecting password protection scheme should be more difficult for a determined attacker in cracking the password with automatic assistance
present state of computer (3-400 MIPS) is capable of cracking 4-char length of 128 character sets of ASCII data in few seconds.
4.1.6 Password Encryption
Required if the attacker can simply steal the stored password
use of encryption will help reducing the chance of being cracked
can be attacked by using encrypted password as entry for electronic search instead of the raw password extracted from dictionary
4.1.7 Password salt
Technique is based on adjusting the password by adding some random characters before encryption takes place
this technique can confuse electronic search because a similar tunable password is applied
Example : scrap is modified to scrap7^ for encryption
4.1.8 Example: Unix Password Management
Allow user to define their passwordpassword is stored in file called etc/passwdthe data stored are encrypted version with
loging name and administrative informationExample:
root:vBbddfRT56x34,M.y8:0:0:admin:/:/bin/sh
4.2 Key Management Protocol
Computer system requires to communicate remotely to other systems via communications network
it may not be useful to type in password or use a smart card
approaches are developed to identifying and authenticating the systems
techniques are called key management protocols
4.2.1 Attacks to Remote Communications
The most popular attacks are: disclosure to unauthorized listener receipt of message from a masquerading sender corruption or blocking of sent messages
Disclosure to Unauthorized Listener
When messages are passed by sending entity along some communications medium to a remote receiving entity, the possible emerges that a third malicious entity (an intruder) could read these messages by simply observing and interpreting the data traveling along the medium
intruder
receiversendermessages
“observe”
Attacks require that the intruder has the ability to decipher the information being transmitted along the tapped medium
As a result, encryption will provide a useful means for mitigating the effect of this type of attack
Key management protocols will ensure such an attack cannot occur by encrypting messages with keys that are only known by the appropriately authorized entities
Receipt of Message from Masquerading SenderSome sending entity masquerading as another sender
results bad messages were sent from an intruder
avoided by providing a mean for senders to uniquely identify themselves when messages are sent
intruder
receiversender
Bad messages
Corruption or blocking of sent messagesThis attack involves a message sent by a
sender being corrupted or blocked by an intruder
difficult to encounter, possible to use check sum
intruder
receiversender
Bad messages
Goodmessages
4.2.2 Private Key Protocol
A private key protocol involves a single key that is known by two entities who wish to communicate
Advantages: provides solution for disclosure protection and authentication and work well with DES
Disadvantages: entity needs to maintain a separate key for each remote entity and key distribution can be a problem too
SendMessage
M
Compute[M]k
Compute[[M]k]k]
Receive message
M
[M]k
Sender Receiver
Private Key Protocol
4.2.3 Public Key Protocol
A public key protocol involves a key pair, i.e the secret and public keys, that are held separately by two entities who wish to communicate
Advantages: allow system communications without the need for the storage and maintenance of many private keys
Disadvantages: more complex and computational intensive
SendMessage
M
Compute[[M]SB] PA
Compute[[[[M]SB] PA]SA]PB]
Receive message
M
[[M]SB] PA
Sender(B) Receiver(A)
Public Key ProtocolSA,PA = Secret and Public keys of ASB,PB = Secret and Public keys of B
4.2.4 Example: Secure Terminal/Host CommunicationSystem consists of a host that communicates
with a collection of terminals in a manner that uses key managed encryption protocols to ensure secrecy of all information passed
The host maintains a collection of session keys that dynamically generated for each communication session with a terminal and a collection of terminal keys that are fixed for the set of terminals
Each terminal has its fixed terminal keysThe host maintains a cryptographic facility
that contains master keys to encrypt and decrypt terminal and session keys
Each terminal maintains its own cryptographic facility
Notation: Ek(cleartext) is cleartext encrypted using key K
and Dk is ciphertext decrypted using key K
Silent characteristics
The terminal communicate directly with the host and a new session key is generated for each communication session
Since the host and each terminal contain the terminal key, it is used in private key protocol to distribute the session key. Both the host and terminal can encrypt and decrypt the terminal key using the master terminal key or the specific terminal key at each terminal. Each session is established.
Each time a new session is established, the host updates its session key table with a new encrypted entry Emsk(new session key) where msk is the secret master key for session keys
communication between host and terminal can thus follow a simple key managed protocol using the session key, where messages sent from the host to a terminal i would be of the form Eski(message) [where ski is the session key for i] and messages received from a terminal i would be deciphered by computing Dski(message)
Hosthold: msk, Tk’s and sk’s
Terminal iTki or msk
Step 1: transmission of msk or Tki via secure means
Step 2:
Session key
generate Step 3:Emsk(ski)orETki(ski)
Step 4: Dmsk(Emsk(ski))orDtki(Etki(ski))
Step 5:Message M
Eski(Mih)Eski(Mhi)
Step 6:recover messageDski(Eski(Mhi))
Step 6:recover messageDski(Eski(Mih))
Secure Terminal/Host Communications(Repeat steps 2 to 6 for new transmission)
4.2.5 RSA Implementation
Select two large prime numbers p and q each about 100 digits long
compute n = pq and =(p-1)(q-1)chosse an integer E between 3 and which
has no common factors with select an integer D, such that DE mod =1Make E and n public and keep p,q,D and
secret
Example:
P = 5 and q = 7n = 35 and = 24 choose E = 11 since 3 <
7<24 and HCF(7, 24) = 1select D = 7 where 7x7 =49 and 49 mod 24
=1Let the message = 3, C = 37 mod 35 =2187
mod 35 = 17P = 177mod 35 = 410338673 mod 35 = 3
4.2.6 Arbitrated Protocols with Third PartyAn alternative for point to point key
management protocols between senders and receivers is an arbitrated protocol that utilizes a third party to ensure authentication between communication entities
Two possible schemes arbitrated routing protocol arbitrated communication establishment protocol
Arbitrated Routing Protocol
This scheme requires that the routing not introduce any security problem such as routing a secret message through a party that should not have access to such information
example: message is passed to a router and user associated with that router have access to the message
Arbitrated Communication Establishment Protocol
This involves the third party arbiter establishing authentication between the senders and receivers so that communication can proceed without continued involvement of the arbiter
this scheme often involves the creation of tickets by the arbitrator that allows for subsequent secure communication
A B C
C
B
A
ArbitratorMessage to Cfrom A
Routed messageto C from A
(1) requestcommunications from C
Arbitrator
(2) establishcommunications
(3) communicationsbetween A and C
Arbitrated Routing Protocol
Arbitrated Communications Establishment Protocol
4.2.7 Key Distribution
Key distribution is a key issue for the establishing of a secured key management protocol
Key distribution is normally achieved via a Key Distribution Centre (KDC) via a secure channel
Sender Receiver
KDC
Encrypted Message
key key
Secured channel
normal channel
Centralized Key Distributor
4.2.8 Digital Signatures
Public Key Protocol is applied to “digital signatures”
Digital Signature is useful for direct communication or
as a third party authenticating systemsDS can be included as part of the message
protocol for identity purpose
ConceptStep 1: Sender A transmits the digitally signed
message (H, M, [Checksum(M)]SA) to B where H is the ID, M is the message and [Checksum(M)]SA is encrypted checksum
Step 2: Receiver computes the checksum and compared with the decrypted “encrypted checksum” [[Checksum(M)]SA ]PA
if both checksum are equal, the sender must be H and no message was corrupted during delivery
4.3 Access ControlAccess control provide a degree of
protection from malicious attacksit is defined as comprising those mechanisms
that enforce mediation on subject requests for access to objects as specified in the security policy
Two main types of access control: discretionary access control (DAC) mandatory access control (MAC)
4.3.1 Discretionary Access ControlA DAC mechanism is defined as comprising
those procedures and mechanisms that enforce the specified mediation at the discretion of individual users
This provide users with flexibility to protect their files and resources by setting DAC parameters as they see fit
However DAC parameters are easily changed and thus subject to Trojan Horse attack
4.3.2 Mandatory Access Control
MAC is defined as comprising those procedure and mechanisms that enforce the specified mediation, not at the discretion of individual users but by the system administration
Restriction imposed make it easier to establish an enforceable security policy
Do not allow users to change access control parameters and thus helps to reduce Trojan Horse attacks
4.3.3 Access Matrices and permission mechanism
Access matrices are used to define the access rights of the corresponding subjects (people) to the corresponding objects (resources)
Subjects
S1
.
.
.SN
O1 02 … OM
AccessRight
Objects
Permission Mechanisms: e.g. owner/group/other in UNIX (rwx) (rwx) (rwx) all groups with
read/write/execute permission (r-x) (r-x) (r-x) all groups with read/execute
permission only special program setuid (set user identification)
allows user to perform some task for which they would normally not have proper authorization
4.3.4 ACL and Capability Mechanism
Another ways is by use of access control list (ACL)
Example:Subjects X,Y, Z and objects A,B,C
X: A,B
Y:A
Z:A,B,C
Capacities are represented conceptually as the reverse of ACLs about the specific access
4.3.5 Examples - MAC Implementation
user
Open(a,b)
Underlying openroutine sequence
Call to MAC routine
Operation allowedand sequence
completes
Operation disallowed and
sequence completes
MAC routine
Invocationof command
Systemcallinterface
4.3.6 Attacks Countered by Access Control
Attacks: Malicious attempts to attack certain resources inadvertent requests that could cause harm to
resources on the system
MAC provides a more effective means for countering such attacks
4.4 Covert Channel
A covert channel is defined as existing whenever some computer system mechanism is used in an unexpected manner to provide a means by which information can flow to an unauthorized individual
A perfect channel is defined as having a sender, a receiver and a perfect communication path that passes message between the two entities.
SenderOvert Information flow mechanism receiver
Mechanisms Not Intended for
Information Flow
Covert Channel
Overt channel
Overt and Covert Channels
4.4.1 Covert Storage Channel
One type of covert channel exists is called covert storage channel.
In covert storage channel, information are passed unexpected and unauthorized manner from a high (secure) user to a low (secure) user
Example: ls commands in UNIX where low user can find out the name of the high user
files and initial some attacks..
It can be avoided by hiding the filenames to low user
4.4.2 Covert Timing ChannelsAnother is called a covert timing channel where
some resources are shared between both high and low users
Normally, a monitor program such as cpu_monitor is used to monitor the access control, auditing and authentication of the resources of both types of users.
Attacker (low user) may remove the cpu_monitor program or introduce some noise in confusing the detection of states in order to prolong the processing time and initiate attacks
4.4.3 Resource Matrix ApproachTo analysis possible existence of covert
channel, a resource matrix approach is usedThe matrix is composed of resources as row
and lowest level operation as column.The contents of the matrix elements are M
or/and R which denotes modification and read respectively
The presence of M represents a high potential of establishing a covert channel.
4.4.5 Computers as the Weakest Link
Because computer can be access by both high and low users, the establishment of covert channel is high.
Normally cover channels are fixed if vulnerabilities exist. The simplest way to remove covert channel is by using hardcopy instead of electronic transfer which may not be viable in the IT age.
4.5 Composing SecurityWhen two or more secure systems are
connected together, they may not compose into a secure system as expected.
Because non-deducibility and non-interference security are normally not exist
Compositional analysis must be carried out to ensure two/more systems are connected securely.
The presence of covert channels will further weaken the security properties.
4.6 Privileges and Roles
A privilege is defined as a collection of related computer system operations that can be performed by users of that systems. By operations, we mean low-level system activities.
A role is defined as a collection of related privileges.
Privileges can exist in multiple different roles. This implies that if a given privilege is required, then in some cases, a choice of which role should be allocated
A role might contain only one privilege.A role might be defined to include every
privilege.
Priv Priv Priv
PrivPrivrole
role
role
4.6.1 Role based attacks
Attacks arises when security is not considered in the allocation of roles to users
Example a user was granted with a supervisor role in UNIX based system
This will results a more potentially destructive power to a user then is desired
An attack may occurs if some user is granted a role that contain certain privilege that the user should not have.
The possibility is high if the number of roles is smaller and the associated privilege is larger.
As a results, privileges and roles must be designed in a manner that maximizes the granularity of privilege allocation without so many roles that their administration and allocation becomes overly complex.
4.6.2 Principle of Least Privilege
The principle of least privilege states that users should only be granted privileges to perform operation for which they have a legitimate need.
Designer based on this rule should ensure the granularity of role is fine enough to allow for different types of allocations.
4.6.3 Transformation and Revocation
By transformation, we imply that some change is being associated with the privileges allocated to a user. The transformation of privilege may occur internally to a single user in which certain roles and privilege are changed.
Transformation may also occur externally to a single user in which a user transfer a role or privilege to another user. Usually, external transformation occurs when a user is associated with a role or privilege that allows for such transfer to another user.
Privilege or role revocation is a special type of privilege transform that involves the timely removal of the ability to perform certain operations, presumably because of some event that changes the job requirements.
Example:
if a user associated with some privilege or role and is found to be a malicious intruder with motivation to harm the system, then immediate revocation of that user’s role and privilege may be necessary.
Examples: commands in UNIX
$ su
$ su adduser
$ su deluser
4.7 Security kernels
A security kernel is defined as an isolated portion of a computer system that is designed to enforce the security policy of the system.
Users and Application
Operating System
Hardware
Security Kernel
Security Kernel Organization
4.7.1 Principles of Kernel Design
Avoidance of Tampering: must protect from malicious or inadvertent tampering.Explicit attention must be placed on ensuring the security kernel is tamper-proof.
Avoidance of Bypass: Kernel must be designed in a manner that ensures complete avoidance of security kernel bypass by a subject requesting some service.
Provision for Assurance: Convincing evidence is needed to assure a system is secure: demonstrated secure usage over a period of
time full documentation on security mechanisms,
development methods, relevant information to ensure proper attention is addressed
results of security tests - ensure security results of penetration tests - ensure all possible
attack
Formal methods to prove evaluation, certification or accreditation from
authority individual or agency
Hardware Mechanisms: hardware to implement certain portions of security kernel functionality presents some advantages provide memory protection protect integrity of executing processes provide security support for I/O operations
Minimization of Complexity: if system is large and complex, the formal proof will be hindered. Minimizing the size of kernel is critical.
Fault tolerance: must designed to resist against any classes of faults because recovery from fault is always complicated and needs human intervention.
References:
Amoroso: chapters 19,21-26