Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Copyright 2012 & 2015 – Noah Mendelsohn
Security Fundamentals
Noah Mendelsohn Tufts University Email: [email protected] Web: http://www.cs.tufts.edu/~noah
COMP 150-IDS: Internet Scale Distributed Systems (Spring 2015)
© 2010 Noah Mendelsohn 2
Goal
Learn about fundamental security mechanisms such as encryption, PKI, TLS, and related technologies such as rootkits, etc.
Non Goal This presentation does not attempt to explore broader
issues relating to good security architecture including requirements gathering, threat analysis, design for security, penetration testing, etc.
© 2010 Noah Mendelsohn
Encryption Basics
© 2010 Noah Mendelsohn
Simple Encryption
4
Encryption Function
Data
Encrypted Data
© 2010 Noah Mendelsohn
Decryption
5
Decryption Function
Data
Encrypted Data
© 2010 Noah Mendelsohn
Encryption/Decryption are functions over data+key
6
Data = Fdecrypt (key, Fencrypt(key, data))
EncryptedData = Fencrypt(key, data)
Data = Fdecrypt (key, EncryptedData)
© 2010 Noah Mendelsohn
Encryption/Decryption are functions over data+key
7
EncryptedData = Fencrypt(key, data)
Data = Fdecrypt (key, EncryptedData)
Same key for encryption and decryption
© 2010 Noah Mendelsohn
What’s secret?
8
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Encryption & Decryption Functions Usually not Secret
© 2010 Noah Mendelsohn
What’s secret?
9
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Same secret key needed by sender & receiver
Key distribution/protection is
a big problem
© 2010 Noah Mendelsohn
Public Key Basics
© 2010 Noah Mendelsohn
Ordinary Encryption
11
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Same secret key for sender and receiver
© 2010 Noah Mendelsohn
Data
Encrypted Data Decryption Function
Data
Asymmetric Key Crypto
12
Encryption Function
Key Pairs Different Keys
for Encryption & Decryption!!
Note: the encryption key cannot decrypt…only its pair can Either key can serve to encrypt, then the other decrypts.
© 2010 Noah Mendelsohn
Digital Signatures
© 2010 Noah Mendelsohn
Public Key Crypto
Built on asymmetric crypto
Pair: one part public, one part private – Private cannot be derived from public
To send me a message: – Encrypt it with my public key, which everyone knows is mine
– Only I have the private key to decrypt
Avoids need to distribute secret keys!
…but, we do need to watch for fraudulent public keys
14
© 2010 Noah Mendelsohn
Digital signatures: non-repudiation
Prove that these bits were from me
Step 1: I hash the content yielding a small number unique to the content
Step 2: I encrypt that hash using my private key, resulting in a digital signature
Step 3: I send you the bits and the signature
Step 4: You decrypt the signature using my public key, and compare to hash you compute on bits you’ve received
15
Signature check: you have confidence the message came from me Non-repudiation: I can’t deny having signed those bits!
© 2010 Noah Mendelsohn
Public Key Infrastructure
(PKI)
© 2010 Noah Mendelsohn
Certificates
How do you know the public key is mine?
Certificate: a public key signed by someone you trust!
Their signature asserts: this key is Noah’s public key
Whom do you trust? – The organization you work for (E.g. Tufts University) – Well known signing organizations (Verisign, Thawt, Equifax, etc.) – Yourself (self-signed certs…usually a kludge only for testing)
Trust hierarchies – I am Noah as vouched for by Tufts as vouched for by Equifax – Your browser comes with a trusted set of root certificates
The PKI hierarchy has become fundamental to the integrity of the Web – used to establish identity of https: Web sites!
17
© 2010 Noah Mendelsohn
Identity and Authentication
© 2010 Noah Mendelsohn
PKI and identity management
PKI works best in hierarchical organizations of medium size
Nonetheless, it is the most common framework for authenticating the identity of Web sites
Some systems use PKI to authenticate down to the user-level
In practice, most Web sites use ordinary passwords, with sites authenticated using HTTPS (PKI)
There are ongoing problems with the operational integrity (and business motivations of) the some CA providers
19
© 2010 Noah Mendelsohn
HTTPS and TLS
Warning: the protocol on the following slide is greatly simplified. Actual TLS has many crypto and PKI options, and uses a much more elaborate and robust setup protocol. This is close enough in spirit to give the general idea.
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Tufts.edu
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Tufts.edu Connection setup
Certificate from Tufts
Certificate from Tufts checked against cert hierarchy up to root
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Tufts.edu
Problem:
Public key encryption much too slow for bulk data transfer.
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
Result: an authenticated, encrypted, high-performance connection.
Tufts.edu
Solution:
TLS/SSL use PKI to authenticate server (and optionally client) and to establish
agreement on a private (symmetric) key used to encrypt actual session data.
© 2010 Noah Mendelsohn
Transport Level Security (TLS and SSL)
CPU Memory Storage
CPU Memory Storage
I want an encrypted connection to Tufts, and I want to be sure it’s Tufts
Tufts.edu Connection setup
Certificate from Tufts
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
Browser
Web Server
Many commercial applications work this way
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
Your browser keeps a list of root certs (Verisign, etc.)
These companies control the
verification of secure connections you make on the Web!
Web Server
Many commercial applications work this way
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
If someone can get a bogus cert for google.com or microsoft.com,
that’s a big deal!
Web Server
Many commercial applications work this way
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
Some Cert Authorities (Cas) aren’t nearly careful enough in
when issuing certs
Web Server
Many commercial applications work this way
© 2010 Noah Mendelsohn
HTTPS: HTTP over TLS or SSL
E.g. Firefox E.g. Apache
Some Cert Authorities (Cas) aren’t nearly careful enough in
when issuing certs
Web Server
Many commercial applications work this way
News Reports on Lax CA Administration 2015 http://arstechnica.com/security/2015/03/google-warns-of-unauthorized-tls-certificates-trusted-by-almost-all-oses/
2011 http://www.theregister.co.uk/2011/04/11/state_of_ssl_analysis/
© 2010 Noah Mendelsohn
The Web itself is a 2 or 3 Tier system
E.g. Squid E.g. Firefox E.g. Apache
Browser
Proxy Cache
Web Server
© 2010 Noah Mendelsohn
The Web itself is a 2 or 3 Tier system
E.g. Squid E.g. Firefox E.g. Apache
Browser HTTP CONNECT header used to
make proxy transparent to TLS…benefits of proxy are lost!
Web Server
© 2010 Noah Mendelsohn
The Web itself is a 2 or 3 Tier system
E.g. Squid E.g. Firefox E.g. Apache
Browser A malicious proxy with a
trusted cert can implement “man-in-the-middle” attacks
Web Server
© 2010 Noah Mendelsohn
Trust
© 2010 Noah Mendelsohn
What must be trusted?
36
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Storage and filesystem for data in the clear at
source
© 2010 Noah Mendelsohn
What must be trusted?
37
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Encryption software and OS on which it
runs
© 2010 Noah Mendelsohn
What must be trusted?
38
Decryption Function
Data
Encryption Function
Data
Encrypted Data
The compiler and linker used to build the
OS & encryption (per K. Thompson)
© 2010 Noah Mendelsohn
What must be trusted?
39
Decryption Function
Data
Encryption Function
Data
Encrypted Data
Key store at source
© 2010 Noah Mendelsohn
What must be trusted?
40
Decryption Function
Data
Encryption Function
Data
Encrypted Data
The CPU, device HW and microcode used to
run the system
© 2010 Noah Mendelsohn
What must be trusted?
41
Decryption Function
Data
Encryption Function
Data
Encrypted Data
All the equivalent at the receiver
© 2010 Noah Mendelsohn
Trust is a key system design issue
Always consider: what/who is being trusted?
What is the consequence if trust is misplaced?
Can we tell if trust is misplaced – Reflections on Trusting Trust tells us “it’s at best really hard to be sure”
Can we change our minds (revoke trust)?
Watch for: – Any place where information is stored “in the clear”
– Any place where “capabilities” are stored or given out
– Note that keys are a kind of capability
42
© 2010 Noah Mendelsohn
Some actual attacks that have worked
Freezing (I.e. chilling) RAM chips to retain data after power down
Timing attack: SSH password cracking facilitated by keystroke timing
Timing attack: SSL private keys revealed!! – Demonstrated on production Web servers*
Rootkits, bootkits & VM attacks
43
* SSL timing paper: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
© 2010 Noah Mendelsohn
A Bit about Operating Systems and Virtual Machines
© 2010 Noah Mendelsohn
Unix Kernel
Operating Systems and Virtual Machines
Sector
Ap
pli
cati
on
File
syst
em Sector
In-memory Block Cache B
lock
Dev
ice
Dri
ver
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
Virtual Machine “Hypervisor”
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
Virtual Machine “Hypervisor”
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
TTY
Dri
ver
Virtual Machine “Hypervisor”
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
TTY
Dri
ver
Virtual Machine “Hypervisor”
The Virtual Machine “Hypervisor” provides the illusion of a complete CPU
+ memory +I/O to each virtual machine
© 2010 Noah Mendelsohn
Virtual Machines and Trust
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
TTY
Dri
ver
Virtual Machine “Hypervisor”
The Hypervisor has access to all resources of the VM’s, including RAM, disk, running program images, etc.
… Experimental exploits have been
implemented as hypervisors
© 2010 Noah Mendelsohn
Operating Systems and Virtual Machines
Sector
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
TTY
Dri
ver
Unix Kernel
Ap
pli
cati
on
File
syst
em
Sector
In-memory Block Cache
Blo
ck D
evic
e D
rive
r
Raw
Dev
ice
Dri
ver
Dis
k vi
rtu
aliz
atio
n
Network virtualization
Dis
pla
y V
irtu
aliz
atio
n
Memory virtualization
TTY
Dri
ver
Virtual Machine “Hypervisor”
Timing attacks have been attempted across VMs.
© 2010 Noah Mendelsohn
Summary
© 2010 Noah Mendelsohn
Summary
Typical security mechanisms are build on core technologies like simple encryption & PKI
Those are just building blocks: security must be considered in all aspects of system design
Abstractions leak: (computation can be timed, etc.)
Many vulnerabilities are operational, not technical
There are serious vulernabilities in the Interent infrastructure and the Web – it’s not entirely clear how severe the consequences will be