FINAL PRIVACY AND

SECURITY

DeliverablesPresentations

Deliverables check list Documentation: updated

Functional specDesign docUser manualsTest plan

CodeCommented source and how I get to itRunning code and instructions (where, what I need

installed, any ids needed) Contact information Team Evaluations – INC without

Logistics

SN011 at 8 am Saturday, Dec 6 Will invite all clients (unlikely). Schedule will be posted and emailed to

clients and you. 13 minute presentations

1 minute warning, then cut Breakfast will be served Attendance is mandatory. Beyond 0 for

presentation, 1 full grade

What is Expected

Overview of your projectReview what you did and whyBriefly explain how you did it

○ Architecture○ Technologies

Lessons learnedDevelopmentProcessTechnologies

Demo

Presentation Basics

Speak loudly and clearly Speak, don’t read: you ARE the experts Look at the class, NOT the computer Everyone MUST speak

Approximately even

Demo Basics

Set up and test demos on FridayLast minute “fixes” are often disasters

Script your demos And avoid a lot of typing

Will have document camera and Mac dongleIf you need more, send me an email

Presentations Hints

Cover all topics, but they don’t need equal time!

Focus on what’s special and interesting about your project

Don’t try to cover too much Keep it light Give the audience something to look at

Remember

You’re speaking for 13 minutes

Everyone is listening for 169 minutes

PRIVACY AND SECURITY

Security and Privacy

Security: the protection of data, networks and computing power

Privacy: complying with a person's desires when it comes to handling his or her personal information

PRIVACY

When you walk into the store, the big-screen displays "Hello Tom," your shopping habits, and other information

from Minority Report

Some Views on Privacy “All this secrecy is making life harder, more

expensive, dangerous …”Peter Cochran, former head of BT (British Telecom)

Research

“You have zero privacy anyway.”Scott McNealy, CEO Sun Microsystems

“By 2010, privacy will become a meaningless concept in western society”

Gartner report, 2000

Legal Realities of Privacy Self-regulation approach in US, Japan Comprehensive laws in Europe,

Canada, Australia European Union

Limits data collectionRequires comprehensive disclosuresProhibits data export to unsafe countries

○ Or any country for some types of data

Aspects of Privacy

Anonymity Security Transparency and Control: knowing

what is being collected

Privacy and Trust Right of individuals to determine if, when,

how, and to what extent data about themselves will be collected, stored, transmitted, used, and shared with others

Includesright to browse the Internet or use applications

without being tracked unless permission is granted in advanced

right to be left alone True privacy implies invisibility Without invisibility, we require trust

Technologies privacy aware technologies (reactive)

non-privacy-related solutions that enable users to protect their privacy

Examples○ password and file-access security programs○ unsubscribe○ encryption○ access control

privacy enhancing technologies (proactive) solutions that help consumers and companies protect

their privacy, identity, data and actions Examples

○ popup blockers○ anonymizers○ Internet history clearing tools○ anti-spyware software

Impediments to Privacy Surveillance Data collection and sharing Cookies

Web site last year was discovered capturing cookies that it retained for 5 years

Sniffing, Snarfing, SnortingAll are forms of capturing packets as they pass

through the networkDiffer by how much information is captured and

what is done with it

P3P (2002)

Platform for Privacy Preference (P3P)World Wide Web Consortium (W3C) project

Voluntary standard Structures a web site’s policies in a

machine readable formatAllows browsers to understand the policy

and behave according to a user’s defined preferences

Do Not Track Opt out technology

HTTP header2012 pledge not honored

Mozilla issue

Privacy and Wireless “Wardriver” program: scans for broadcast

SSIDsbroadcasting improves network access, but at a cost

once the program finds the SSIDobtains the IP addressobtains the MAC address…

Lowe’s was penetrated this wayStole credit card numbers

 

Deep Web

Anything that can’t be indexed (estimate 97%!)

Accessible through secure browsers: TorAnonymityDifficulty in tracingOnion addresses

Security

Consider 1994: Vladimir Levin breaks into Citibank's

network and transfers $10 million dollars into his accounts

Mid 90’s: Phonemasters stole tens of thousands of phone card numbersfound private White House telephone lines

1996: Tim Lloyd, disgruntled employee inserts time bomb that destroys all copies of Omega Engineering machining code. Estimated lost: $10 million.

Security “Gospel” The Morris Internet worm of 1988 cost $98

million to clean up The Melissa virus crashed email networks

at 300 of the Fortune 500 companies The Chernobyl virus destroyed up to a

million PCs throughout Asia The ExploreZip virus alone cost $7.6 billion

to clean up

Security Reality The Morris Internet worm of 1988 cost $98

under $1 million to clean up The Melissa virus crashed scared executives

into disconnecting email networks at 300 of the Fortune 500 companies

The Chernobyl virus destroyed caused replacement of up to a million PCs throughout Asia

The ExploreZip virus alone could have cost $7.6 billion to clean up

Information Systems Security Deals with

Security of (end) systems○ Operating system, files, databases,

accounting information, logs, ...Security of information in transit over

a network○ e-commerce transactions, online

banking, confidential e-mails, file transfers,...

Basic Components of Security Confidentiality

Keeping data and resources secret or hidden Integrity

Ensuring authorized modifications Refers to both data and origin integrity

Availability Ensuring authorized access to data and resources when

desired Accountability

Ensuring that an entity’s action is traceable uniquely to that entity

Security assurance Assurance that all four objectives are met

Info Security 20 Years Ago Physical security

Information was primarily on paperLock and keySafe transmission

Administrative securityControl access to materialsPersonnel screeningAuditing

Information Security Today Increasing system complexity

Digital information security importance Competitive advantage Protection of assets Liability and responsibility

Financial losses FBI estimates that an insider attack results in an average loss of $2.8

million Estimates of annual losses: $5 billion - $45 billion (Why such a big

range?) Protection of critical infrastructures

Power grid Air transportation

Government agencies GAO report (03): “severe concerns” security mgmt & access control Grade F for most of the agencies Limkages accerbate

Attack Vs Threat

A threat is a “potential” violation of securityViolation need not actually occurFact that the violation might occur makes it

a threat The actual violation (or attempted

violation) of security is called an attack

Common security attacks Interruption, delay, denial of receipt or denial of service

System assets or information become unavailable or are rendered unavailable

Interception or snooping Unauthorized party gains access to information by browsing through

files or reading communications Modification or alteration

Unauthorized party changes information in transit or information stored for subsequent access

Fabrication, masquerade, or spoofing Spurious information is inserted into the system or network by making

it appear as if it is from a legitimate source Repudiation of origin

False denial that the source created something

Denial of Service Attacks

explicit attempt to prevent legitimate users from using service

two types of attacks denial of service (DOS) distributed denial of service (DDOS)

asymmetric attack attacker with limited resource (old PC and slow

modem) may be able to disable much faster and more sophisticated machines or networks

methods Bots or Zombie machines Trojans or Smurf attack: distributed attack that sends

specified number of data packets to a victim

Phishing (Spoofing)

use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal

financial data credit card numbersaccount usernames and passwordssocial security numbers

hijacking of trusted brands banksonline retailers credit card companies

able to convince up to 5% of recipients to respond http://www.antiphishing.org/

Goals of Security Prevention

Prevent someone from violating a security policy Detection

Detect activities in violation of a security policyVerify the efficacy of the prevention mechanism

RecoveryStop attacksAssess and repair damageEnsure availability in presence of ongoing attackFix vulnerabilities to prevent future attacksDeal with the attacker

Human Issues

Outsiders and insidersWhich is the real threat?

Social engineeringHow much should a company disclose

about security?Claim more or less security than exists

Honeypots

Setting up a server to attract hackersUsed by corporations as early warning

systemUsed to attract spam to improve filtersUsed to attract viruses to improve

detection http://www.honeypots.net/

ENCRYPTION

Security Level of Encrypted Data

Unconditionally SecureUnlimited resources + unlimited timeStill the plaintext CANNOT be recovered

from the ciphertext Computationally Secure

Cost of breaking a ciphertext exceeds the value of the hidden information

The time taken to break the ciphertext exceeds the useful lifetime of the information

Types of Attacks

Ciphertext only adversary has only ciphertext goal is to find plaintext, possibly key

Known plaintext adversary has plaintext and ciphertext goal is to find key

Chosen plaintext adversary can get a specific plaintext

enciphered goal is to find key

Attack Mechanisms

Brute force Statistical analysis

Knowledge of natural languageExamples:

○ All English words have vowels○ There are only 2 1-letter words in English○ High probability that u follows q○ …

PRIVATE KEY

Caesar Cipher Substitute the letter 3 ahead for each

one Example:

Et tu, BruteHw wx, Euxwh

Quite sufficient for its timeHigh illiteracyNew idea

Enigma Machine(Germany, World War II)

Simple Caesar cipher through each rotor

But rotors shifted at different ratesRoller 1 rotated one

position after every encryption

Roller 2 rotated every 26 times…

Private Key Cryptography Sender, receiver share common key

Keys may be the same, or trivial to derive from one another

Sometimes called symmetric cryptography or classical cryptography

Two basic typesTransposition ciphers (rearrange bits)Substitution ciphers

Product ciphersCombinations of the two basic types

DES (Data Encryption Standard) A block cipher:

encrypts blocks of 64 bits using a 64 bit keyoutputs 64 bits of ciphertextA product cipher

○ performs both transposition (permutation) and substitution on the bits

Considered weakSusceptible to brute force attack

Cracking DES 1998: Electronic Frontier Foundation

cracked DES in 56 hrs using a supercomputer

1999: Distributed.net cracked DES in 22 hrs

With specialized hardware, DES can be cracked in less than an hour.

History of DES IBM develops Lucifer for banking systems (1970’s )

NIST and NSA evaluate and modify Lucifer (1974) Modified Lucifer adopted as federal standard (1976)

Name changed to Data Encryption Standard (DES) Defined in FIPS (46-3) and ANSI standard X9.32

NIST defines Triple DES (3DES) (1999) Single DES use deprecated - only legacy systems.

NIST approves Advanced Encryption Std. (AES) (2001) AES (128-bit block) Attack published in 2009

Current state of the art is AES-256

PUBLIC KEY

Public Key Cryptography

Two keysPrivate key known only to individualPublic key available to anyone

○ Public key, private key inverses

Confidentialityencipher using public keydecipher using private key

Integrity/authenticationencipher using private key decipher using public one

Public Key Requirements

1. Computationally easy to encipher or decipher a message given the appropriate key

2. Computationally infeasible to derive the private key from the public key

3. Computationally infeasible to determine the private key using a chosen plaintext attack

RSA Public key algorithm described in 1977 by

Rivest, Shamir, and Adelman Exponentiation cipher Relies on the difficulty of factoring a large

integer RSA Labs now owned by EMC

RSA Usage for Encryption Public key: (n,e); private key: (n,d)

Public key to encipherPrivate key to decipher

EncryptionEncipher: c = me mod nDecipher: m = cd mod n

RSA Basics for choosing keys Choose two large primes p and q n = pq Choose e

Less than nRelatively prime to (p-1)(q-1)

Choose d(ed-1) divisible by (p-1)(q-1)

Public key: (n,e); private key: (n,d)

A Guide to RSA

Summary Private key (classical) cryptosystems

encipher and decipher using the same key Public key cryptosystems

encipher and decipher using different keyscomputationally infeasible to derive one

from the other Both depend on keeping keys secret

Depend on computational difficultyAs computers get faster, …

Photon Cryptography

Use photons for key distribution Prevents eavesdropping: reading a

photon changes its state

AUTHENTICATION

Authentication

Assurance of the identity of the party that you’re talking to

Primary technologiesDigital SignatureKerberos

Digital Signature Authenticates origin, contents of message in a

manner provable to a disinterested third party (“judge”)

Sender cannot deny having sent message (service is “nonrepudiation”)Limited to technical proofs

○ Inability to deny one’s cryptographic key was used to sign

One could claim the cryptographic key was stolen or compromised○ Legal proofs, etc., probably required

Protocols based on both public and private key technologies

RSA for Digital Signature

Public key: (n,e); private key: (n,d)Public key to signPrivate key to validate

Digital signatureSign: s = md mod n; send (s,m)Validate: m = se mod n

Kerberos Authentication system

Central server plays role of trusted third party Ticket (credential)

Issuer vouches for identity of requester of service

Authenticator Identifies sender

User must1. Authenticate to the system2. Obtain ticket to use server S

Problems Relies on synchronized clocks Vulnerable to attack

“Using encryption on the Internet is the equivalent of arranging

an armored car to deliver credit card information from someone

living in a cardboard box to someone living on a park bench”

– Gene Spafford (Purdue)

NETWORK SECURITY

Firewall Techniques Filtering

Doesn’t allow unauthorized messages through Can be used for both sending and receivingMost common method

ProxyThe firewall actually sends and receives the

informationSets up separate sessions and controls what

passes in the secure part of the network

DMZ: Demilitarized Zone

Arrangement of firewalls to form a buffer or transition environment between networks with different trust levels

Internet Firewall

Firewall

Internal resources

Three Tier DMZ

Internet Firewall

Firewall

Firewall

Internal resources

WebServer

AppServer