COMP 4704 Systems Security. Ramki Thurimella

Transcription

1 COMP 4704 Systems Security Ramki Thurimella

2 INFOSEC/OPSEC (pp. 20) OPSEC: Process to determine if friendly actions Can be observed by adversaries If it is useful to them If so, execute selected measures to reduce/eliminate exploitation INFOSEC: Protect information from Unauthorized access Use Disclosure Disruption Modification or destruction 2

3 Information Security Confidentiality Integrity availability Subtle differences between Computer Security (ensuring correct operation of computer system) Information Security (electronic, print or other forms) Information Assurance (manage informationrelated risks) Whether the information is in storage or transit Whether threatened by malice or accident 3

4 Countermeasures Educational Strict doctrine about discussion with who and how Training Instill culture of discretion Procedural Limit the number of people with access Don't toss classified material into trash Social Engineering (who initiated the call). Jury duty example Technical Firewalls, IDS, encryption, ACLs Multilevel Security 4

5 Legal Requirements Cyberlaw (Wiki) issues related to use of communicative, transactional, and distributive aspects of networked information devices and technologies leading topics include intellectual property, privacy, freedom of expression, and jurisdiction National Security Telecommunications and Information Systems Security Committee (NSTISSC) NSTISSP No. 11 National Information Assurance Acquisition Policy 5

6 Legal Aspects (cont.) System Security Authorization Agreement (SSAA) Document used by DoD to describe and accredit networks and systems National Policy Includes strategy, policy, and standards regarding the security of and operations in cyberspace Threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure 6

7 Risk Analysis Risk is the probability that a threat agent (cause) will exploit a system vulnerability (weakness) and thereby create an effect detrimental to the system. Risk Analysis Process that examines the risk of something going wrong Everyday examples: Crossing the road Buying lottery ticket Flying a plane 7

8 Threat Analysis Threat Agent Hackers Crackers Organized crime Natural disaster Threat Model Cannot safeguard against every attack cost/benefit ratio (padlock for gym locker) Perceptual Bias Dying from a terrorist attack (low probability) is feared more than dying in a traffic accident (higher probability) People don't care to win $100, but hate to lose $100 8

9 Protocols Challenge/Response Grabber and replay problem (tape & public phones) E: Engine Controller T: Transponder K: Shared key between E and T N: Random Challenge Protocol E T: N //when key in ignition //engine challenges T to prove the //possession of K T E: {T,N} K //Transponder responds by //by encrypting N with K 9

10 Challenge/Response Ex. (Password Generator) S: Server P: Password Generator (handheld by the user) U: User N: NONCE (Number used only ONCE) to thwart replay attacks PIN: Code only the user knows S U: N U P: N,PIN P U: {N,PIN} K U S: {N,PIN} K 10

11 Chosen Protocol Attack 11

12 Key Management In the presence of a trusted 3 rd party (Paradigm): Alice (A) wants to secretly communicate with Bob (B) Alice would like to get a session key from Sam (Key Server S) Assumption: Both A and B have established keys that only they know with the server S, K AS and K BS respectively. A S: A,B S A: {A,B,K AB,T} K AS,{A,B,K AB,T} KBS A B: {A,B,K AB,T} K AS,{M} KAB Is replay possible? 12

13 Needham-Schroeder Based on the previous paradigm Two Nonces N A and N B are added to prevent replay M1 A S: A,B,N A M2 S A: {N A,B,K AB,{K AB,A} KBS } KAS M3 A B: {K AB,A} KBS M4 B A: {N B } KAB M5 A B: {N B -1} KAB Is the key K AB received from Alice necessarily fresh when it arrives at Bob? 13

14 Needham-Schroeder (Cont.) Alice could wait an year after step M2 M1 A S: A,B,N A M2 S A: {N A,B,K AB,{K AB,A} KBS } KAS M3 A B: {K AB,A} KBS M4 B A: {N B } K AB M5 A B: {N B -1} K AB But this may not be a problem Could be seen as caching If Charlie gets hold of K AS after Alice requests S for key to David, then Charlie can pretend to be Alice to David. 14

15 Needham-Schroeder (Cont.) If Charlie gets hold of K AS after Alice requests S for key to David, then Charlie can pretend to be Alice to David. In addition, if Charlie requests keys to Freddie and Ginger, but does follow through steps M3- M5 with the hope of using the keys in the future Alice would have to contact S and revoke all existing keys that might ever have requested Revocation is not easy since Alice might not know Freddie and Ginger N-S designed in 1978 addressed problems in a gentler kindler world. Not safe in the current day standards 15

16 Kerberos Important practical derivate of N-S Used in Windows Below T s stands for server's time stamp from S L is the lifetime A S: A,B, S A: {T s,l,k AB,B,{T s,l,k AB,A} K BS } KAS A B: {T s,l,k AB,A} K BS, {A, T A } KAB A B: {T A +1} K AB T & L fixed one problem in N-S, but introduced another clocks needs to be synchronized 16