Embed Size (px)
Citation preview
Overview of SecurityOverview of Security
Dr. Sriram [email protected]
These slides are available at BlackBoard
OverviewOverview
Security Definitions Security threats and attacks Security Services Operational Issues
The DefinitionThe Definition Security is a state of well-being of information and
infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable
Security rests on confidentiality, authenticity, integrity, availability, non-repudiation
In OS termsIn OS terms Operating System Computer security
– Addresses the issue of preventing unauthorized access to resources and information maintained by computers
– Encompasses the following issues:
• Guaranteeing the privacy and integrity of sensitive data
• Restricting the use of computer resources
• Providing resilience against malicious attempts to incapacitate the system
– Employs mechanisms that shield resources such as hardware and operating system services from attack
The Basic ComponentsThe Basic Components Confidentiality is the concealment of information or
resources. Authenticity is the identification and assurance of the origin
of information. Related to privacy
Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
Availability refers to the ability to use the information or resource desired.
Non-repudiation means that it can be verified that the sender and the recipient were, in fact, the parties who claimed to send/ receive a particular message, and the message sent/ received were the same
Security Threats and AttacksSecurity Threats and Attacks A threat is a potential violation of security.
Flaws in design, implementation, and operation. An attack is any action that violates security.
Active adversary. A threat is typically a precursor to an attack
Eavesdropping - Message Eavesdropping - Message Interception (Attack on Interception (Attack on
Confidentiality)Confidentiality) Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs
S R
Eavesdropper
Techniques to Enforce Techniques to Enforce ConfidentialityConfidentiality
Symmetric key distribution What are the challenges
How to secure transmit the symmetric keys Key revocation after a certain point in time Protect the key from being lost
Latest technique to solve this problem Asymmetric keys
Integrity Attack - Tampering Integrity Attack - Tampering With MessagesWith Messages
Stop the flow of the message Delay and optionally modify the message Release the message again
S R
Perpetrator
Techniques to Enforce IntegrityTechniques to Enforce Integrity
Message Authentication Codes Accomplished using hash functions That are collision resistant and have one-way
property
Authenticity Attack - FabricationAuthenticity Attack - Fabrication
Unauthorized assumption of other’s identity Generate and distribute objects under this identity
S R
Masquerader: from S
Techniques to Enforce Techniques to Enforce AuthenticationAuthentication
Standard Techniques are passwords Easy to be captured by adversary Easy to be guessed by adversary
Evolving techniques Biometrics One time password generator Expand sample space of secret – password mapping
Access control mechanisms Kerberos – A well known authentication technique
What is Kerberos?What is Kerberos? Developed by MIT Shared secret-based strong 3rd party authentication Provides single sign-on capability Passwords never sent across network
And now – the players…
Susan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
Susan’sDesktop
Computer
Think “Kerberos Server” and don’t let yourself get mired in terminology.
Susan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
Susan’sDesktop
Computer
Represents something requiring Kerberos authentication (web server, ftp server, ssh server, etc…)
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
“I’d like to be allowed to get tickets from the Ticket Granting Server, please.
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service“Okay. I locked this box with your secret password. If you can unlock it, you can use its contents to access my Ticket Granting Service.”
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
myPassword
XYZ Service
TGT
TGT
Because Susan was able to open the box (decrypt a message) from the Authentication Service, she is now the owner of a shiny “Ticket-Granting Ticket”.
The Ticket-Granting Ticket (TGT) must be presented to the Ticket Granting Service in order to acquire “service tickets” for use with services requiring Kerberos authentication.
The TGT contains no password information.
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
“Let me prove I am Susan to XYZ Service.
Here’s a copy of my TGT!”
use XYZ
TGTTGT
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGT
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
You’re Susan.
Here, take this.
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGTHey XYZ:
Susan is Susan.CONFIRMED: TGS
I’m Susan. I’ll prove it. Here’s a copy of my legit service ticket for
XYZ.
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGTHey XYZ:
Susan is Susan.CONFIRMED: TGS
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
That’s Susan alright. Let me determine if she
is authorized to use me.
Authorization checks are performed by the XYZ service…
Just because Susan has authenticated herself does not inherently mean she is authorized to make use of the XYZ service.
One remaining note:
Tickets (your TGT as well as service-specific tickets) have expiration dates configured by your local system administrator(s). An expired ticket is unusable.
Until a ticket’s expiration, it may be used repeatedly.
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGTHey XYZ:
Susan is Susan.CONFIRMED: TGS
ME AGAIN! I’ll prove it. Here’s
another copy of my legit service ticket
for XYZ.
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
use XYZ
Susan’sDesktop
ComputerSusan
KeyDistribution
Center
TicketGrantingService
Authen-TicationService
XYZ Service
TGTHey XYZ:
Susan is Susan.CONFIRMED: TGS
Hey XYZ: Susan is Susan.
CONFIRMED: TGS
That’s Susan… again. Let me determine if she
is authorized to use me.
Attack on AvailabilityAttack on Availability Destroy hardware (cutting fiber) or software Corrupt packets in transit
Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource)
S R
Techniques to Enforce Techniques to Enforce AvailabilityAvailability
Think of an example Standard technique is almost always redundancy –
Also called over-provisioning Can be counter-productive sometimes
Think how
Impact of AttacksImpact of Attacks Economic impacts Societal impacts Military impacts
All attacks can be related and are dangerous!
Some trade-offs w.r.t. securitySome trade-offs w.r.t. security
Availability vs. Privacy Confidentiality vs. Power management Privacy vs. Delay Bandwidth vs. Privacy
Security Policy and MechanismSecurity Policy and Mechanism Policy: a statement of what is, and is not allowed. Mechanism: a procedure, tool, or method of enforcing a
policy. Security mechanisms implement functions that help
prevent, detect, and respond to recovery from security attacks.
Security functions are typically made available to users as a set of security services through APIs or integrated interfaces.
Cryptography underlies many security mechanisms.
Operational IssuesOperational Issues
Cost-Benefit Analysis Risk Analysis Laws and Customs
Human IssuesHuman Issues Organizational Problems People Problems
Proprietary and Open-Source SecurityProprietary and Open-Source Security Advantages of open-source security applications
Interoperability Open-source applications tend to implement standards and
protocols that many developers include in their products. An application’s source code is available for extensive testing
and debugging by the community at large Weaknesses of proprietary security
Nondisclosure The number of collaborative users that can search for security
flaws and contribute to the overall security of the application is limited
Proprietary systems, however, can be equally as secure as open-source systems
