Introduction to Security

Size: px

Start display at page:

Download "Introduction to Security"

Martin Farmer
6 years ago
Views:

1 Introduction to Security Avinanta Tarigan Universitas Gunadarma 1 Avinanta Tarigan Introduction to Security

2 Layout Problems General Security Cryptography & Protocol reviewed 2 Avinanta Tarigan Introduction to Security

3 Problems Life was beautiful before computer, getting worse after Internet Distributed systems: each depends on others How can we assure system behaves correctly & securely? Can we trust systems on the other side? 3 Avinanta Tarigan Introduction to Security

4 Problems.. (cont) How to assure security of the network How to quantify risk What are the boundaries of the system? Relationship to political, social, enomical aspects is not well understood Uncertainty 4 Avinanta Tarigan Introduction to Security

5 Definition In General : Computer Security deals with the method against unauthorized actions in computer systems More General : Dependability to other institution is also insecurity 5 Avinanta Tarigan Introduction to Security

6 Basic 6 Avinanta Tarigan Introduction to Security

7 Basic 7 Avinanta Tarigan Introduction to Security

8 Basic State (Keadaan) * Unauthorized Access (Cracked) * Sensible Information Sniffed Vulnerability (Kelemahan) * Password Stolen * Unauthenticated Sites Security Violation (Pelanggaran) Attacker who attacks State Transition 8 Avinanta Tarigan Introduction to Security

9 What is secure? Computer based system behaves according to 1 algorithms (program/software) 2 user direction (input) Given systems & environment: 1 secure states (system maintains security properties) 2 insecure states (violation of security policy) 3 paths lead to insecure states (vulnerability) Correctness: maintain intended behavior according to correct specification while unintended behavior will not be reachable Security policy: definition of (1,2,3) Attack : Persistence, Intentional, Outsider vs Insider, Loss vs Gain 9 Avinanta Tarigan Introduction to Security

10 Threats... (cont) Towards vulnerable system [Abadi] : Interaction with uncertain physical, network, software environment. Using public network, distributed administration, diverse operators COTS, business demand is the priority, Monocultures 10 Avinanta Tarigan Introduction to Security

11 Threats... (cont) Attack : Physical attack ex. theft of harddisk/cdroms, bombing, etc. Syntatic attack ex. buffer overflow, domain theft, SQL injection Semantic attack ex. Social engineering, site phising 11 Avinanta Tarigan Introduction to Security

12 Security Policy We define secure states and insecure states Define paths which always bring system in secure states: what is permited Define also paths might lead to insecure states: what is not allowed Specified in formal language for clearness, unambiguity, consistency, and verificability Written in natural language for better understanding 12 Avinanta Tarigan Introduction to Security

13 Properties Confidentiality (Secrecy) Unauthorized disclosure of information is not reachable (Acces Control - Cryptography) Integrity Unauthorized modification of information is not reachable Data integrity - Origin integrity / authentication Prevention (access control) - Detection (hash function) 13 Avinanta Tarigan Introduction to Security

14 Properties... (cont) Availability Prevention & detection of denial of service Accountability The availablity and completeness of the track of past system states Who - Whom - What - When - Where Implementation: should be forensic ready 14 Avinanta Tarigan Introduction to Security

15 Goals Prevention to fail the attack Detection to detect unprevented attack Recovery to stop the attack & repair attacked system 15 Avinanta Tarigan Introduction to Security

16 Security Mechanism Way to enforce security policies How to limit system behavior according to policies Specification - Design - Implementation - Operation & Maintenance - Audit (Forensic) Access Control & Cryptography 16 Avinanta Tarigan Introduction to Security

17 Access Control Reference Monitor Set of precise rules according to security policy, applied as a filter to the transition states of the system, which prevents system in entering insecure state Authentication is mandatory Subjects, Objects, Actions, Time, Location, and other attributes 17 Avinanta Tarigan Introduction to Security

18 Model of Acces Control Mandatory Access Control (MAC) Top Secret Obj N Discretionary Access Control (DAC) Role Based Access Control (RBAC) Obj 1 Obj 2 Obj N Obj 1 Obj 2 Obj N Safe Dealing (SD) Obj 1 Obj 2 Obj N Secret Confident Obj 1 Obj 2 Attribute Control Ticket K Ticket K Ticket K Enrollment Subj 1 Subj 2 Subj N Subj 1 Subj 2 Subj N Subj 1 Subj 2 Subj N Subj 1 Subj 2 Subj N 18 Avinanta Tarigan Introduction to Security

19 Implementation: Cryptography Algorithm to protect secrecy of data Also used to gain : authentication integrity non repudiation Includes : algorithm and key(s) 19 Avinanta Tarigan Introduction to Security

20 Cryptography... (cont) Chipertext = Encrypt(Message, Key) Message = Decrypt(Chipertext, Key) Decrypt(Chipertext) hard without Key Research questions : Is there any algorithm which is hard to compute original message but easy to verify it In implementation requires a protocol (Cryptographic Protocol) 20 Avinanta Tarigan Introduction to Security

21 Symmetric Crypt. A B : {M } Kab Principal A sends B message M encrypted with shared-key K ab Key is shared between 2 principals Needs N 2 keys for N principals Fast but key management is not easy Example of Chiper: DES, 3DES, Blowfish, AES 21 Avinanta Tarigan Introduction to Security

22 Asymmetric/Public Key Crypt. A B : {M } Kb Principal A sends B message M encrypted with B s public-key K b Only with private-key K 1, B can decrypt M b Principal has its own K which is published and K 1 which must be keeped secret Key management is less difficult, usualy managed by Certification Authority Example of Chiper: RSA (Rivest-Shamir-Addleman), Elliptic-Curve 22 Avinanta Tarigan Introduction to Security

23 One-Way-Hash Algorithm to compute large data into small integer, producing fingerprint of the message Used for maintaining integrity of message being transferred Example: MD5, SHA1, SHA-256, Ripemd, Haval 23 Avinanta Tarigan Introduction to Security

24 Digital Signature (Sign) 24 Avinanta Tarigan Introduction to Security

25 Digital Signature (Verify) 25 Avinanta Tarigan Introduction to Security

26 Digital Signature A B : {M,{Hash(M )} Ka } Kb A s digital signature on a message is the hash of message encrypted with A s private-key Authentication: only with A s public-key, the hash can be decrypted Integrity: Hash function Confidentiality: message can be decrypted only with B s private-key Non-Repudiation: explain for your self 26 Avinanta Tarigan Introduction to Security

27 Pictures of Cryptographer 27 Avinanta Tarigan Introduction to Security

28 Cryptographic Protocol Implementation of Cryptography Algorithm Achieving security properties (authentication, secrecy, etc.) Example : Needham-Schroeder (authentication) Kerberos (authentication) SSL/TLS (auth - secrecy) 28 Avinanta Tarigan Introduction to Security

29 Cryptographic Protocol Example : Needham-Schroeder Protocol M1 M2 M3 M4 M5 A S : A, B, N a S A : {N a, B, K ab, {K ab, A}K bs }K as A B : {K ab, A}K bs B A : {N b }K ab A B : {N b 1}K ab Intoducing Nonce (N) 29 Avinanta Tarigan Introduction to Security

30 Cryptographic Protocol More example : Kerberos Protocol M1 M2 M3 M4 A S : A, B S A : {T s, L, B, K ab, {T s, L, K ab, A}K bs }K as A B : {T s, L, K ab, A}K bs, {A, T a }K ab B A : {T a + 1}K ab Introducing TimeStamp (T ) and Lifetime (L) Used in many system, including Windows 30 Avinanta Tarigan Introduction to Security

31 Cryptographic Protocol Problem : Wrong design could lead to flaw Needham-Schroeder Protocol SSLv1.0 Wrong implementation could lead to vulnerability Padding problem in SSL, SSH, and WTLS User Interface design in Browser Vulnerability arise between two protection technologies (Anderson, Ross) 31 Avinanta Tarigan Introduction to Security

32 Assurance : Formal Method To prove correctness in achieving security properties which protocol carry out There are two development approach : Extention from method used in communication Newly developed method Four classifications : 1. General purpose tools 3. Expert System 2. Logic based 4. Algebraic approach 32 Avinanta Tarigan Introduction to Security

33 Formal Method Using General Purpose Tools Treated as ordinary comm. protocol Adversary is explicit, capable in read, intercept, and modify messages Method : FSM, CSP, FDR, Petri Nets Example : Lotos, Ina Jo, Murphy System State A INTRUDER B 33 Avinanta Tarigan Introduction to Security

34 Formal Method Using Expert System Investigate every possible scenario of Attack - Flaw - Defence Needs to define insecure states and search paths to them More successful than General Purpose Tools Example : Interrogator by Millen, NRL Protocol Analyzer by Meadows, Longley and Rigby 34 Avinanta Tarigan Introduction to Security

35 Formal Method Algebraic Approach Capabilties in modeling knowledge which represents component in cryptographic operation (Nonce, Key(s), and old messages) Example : Dolev - Yao (term re-writing systems) Sphi - Calculus by Abadi and Gordon (to prove secrecy) 35 Avinanta Tarigan Introduction to Security

36 Formal Method Logic Based One sees crypt. protocol as distributed algorithm Develop logics from modal logic There are inference rules Goal is to derived statements which represents correct condition Example : BAN Logic and GNY Logic 36 Avinanta Tarigan Introduction to Security

37 Towards Secure System Specification : Security Policy Implementation : Security Mechanism Correctness : Assurance Man - Machine - Management 37 Avinanta Tarigan Introduction to Security

38 Towards... (cont) Preventive measures Detective measures Responsive measures Desktop Servers Perimeter Managers General Users Security Team 38 Avinanta Tarigan Introduction to Security

39 Towards.. (cont) Security Goals Constituent OrganizationalUnits Availability Integrity Confidentiality Non Repudiation etc Government Agent Financial Institutions Organizations Local etc Policy User Education Secure OS, Application, Perimeter etc Constituent Systems 39 Avinanta Tarigan Introduction to Security

40 Books, Papers, and Links Ross Anderson, Security Engineering Matt Bishop, Computer Security Schneider et. al. Modelling and Analysis of Security Protocols Martin Abadi s homepage at abadi 40 Avinanta Tarigan Introduction to Security

41 The End End of this presentation 41 Avinanta Tarigan Introduction to Security

Lecture 15: Cryptographic algorithms

06-06798 Distributed Systems Lecture 15: Cryptographic algorithms 22 March, 2002 1 Overview Cryptographic algorithms symmetric: TEA asymmetric: RSA Digital signatures digital signatures with public key