HW #7: Security Design Principles/Threat Modeling. CS 392/6813: Computer Security Fall 2008 Due 11/30/08. [100pts]

Transcription

1 HW 7: Security Design Principles/Threat Modeling CS 392/6813: Computer Security Fall 2008 Due 11/30/08 [100pts] Note: For this HW, you are free to work in teams of no more than two people! Each team needs to submit only one copy of their HW, with the names of team members clearly marked. Please MAKE SURE that your answers are original and honest if you copy your answers from resources you don t cite, you ll be easily caught, and would not be given any credit! Problem 1 [40pts] In this exercise, your task is to prepare an attack/threat tree related to the security and privacy of RFID communication. Your primary reference is this presentation: which lists various threats (and also possible solutions, you don t need to refer to the solutions for the sake of this exercise). You are also recommended and free to use any other resources (they are there aplenty online) to prepare your attack tree. Try to cover all possible attacks, from the physical layer to the application layer, and with respect to both security and privacy, and try to cover all steps in a particular attack. If your tree becomes huge, you can split it up among separate trees. It is preferable to use a Textual representation for the tree. The tree can also be hand-drawn, but it should be clear and easily understandable (that s the whole purpose of attack trees to document the attacks nicely) Your work would be useful for my present/future research in this area by looking at a well-documented and complete attack tree, I can have a very clear understanding of all possible threats. Thanks to you in advance Problem 2 [7*3=21pts] If you don t know about them already, learn about the following computer security concepts (say, through wikipedia), explain them in your own words and discuss which security design principle(s) they exploit or violate: 1. Two-Factor Authentication 2. Spam ( , web,..) 3. Pharming

2 4. Trusted computing 5. Reverse engineering 6. Site-Specific Browser 7. P2P Pollution Problem 3 [20+19pts] A web server implements access control using two mechanisms. The (perl based) pseudo code for the implementation of these two mechanisms, called version 1 and version2, is provided below. Argue whether or not version 1 and version 2 implementations satisfy the eight security design principles that we studied in class. In case a design principle is not applicable, mention it and explain the reason why it is not applicable Pseudocode for Web Server Access Control Application version 1 Network Setup Setup Socket Listening for Connections socket_listen(); Bind Socket to port 80 bind_socket(port) bind_socket(80); Start Listening to incoming connections listen(); Accept new connection while listen == true accept(); Connected to Client Ask if user is returning or needs new account. send_welcome(); logcredentials(); catch_response will determine what the user's answer is and ensure it is then send it on to create new user or returning user

3 in the format we want (yes or no) catch_response(); new_user(); returning_user(); This function is responsible for keeping track of all attempts to log in to the server. sub logcredentials $username = request_name(); Create a password hash using our propriety hash function. The code for proprietyhash() has not been included in this document because it is closed-source and has been patented. $passhash = proprietyhash(request_passwd()); setuid("root"); open(loghandle, "+<credlog.txt") or die("error opening log file."); print ($loghandle $username. $passhash); close loghandle; setuid("http_daemon"); Create a new user account new_user function $name = request_new_name(); Make sure username is 8 or more characters and less than 15 input_lenght(min, max, name) input_length(8, 15, $name) To prevent username guessing, check that the username contains at least three non-alphanumeric characters while ($numspecialchars < 3) If the provided username does not have the requisite amount of special characters, request a new username. $name = request_new_name(); Count the number of characters in the provided username. $numspecialchars =0 foreach $byte (split //, $name) if(isspecialchar($byte)) $numspecialchars++; See if username exists by checking against /etc/.app_passwd file user_exists($name) Request new name if necessary $name = request_new_name();

4 If name is ok, ask for password $newpass = request_new_pass(); Ensure password is 8 or more characters max 30 input_length(8, 30, $newpass); If password fails check, ask for new one $newpass = request_new_pass(); If password and name are ok, record them to /etc/app_passwd First need hash of password, passwd_hash calls the unix command line md5 -s program to create a secure hash $passwd_hash = gen_hash($newpass) Write out username, password and date of creation to /etc/app_passwd file Grab Date $date = gen_timestamp(); add_user(date, username, password hash) add_user($date, $name, $passwd_hash); Authenticate Returning User returning_user function $username = request_name(); $pass = request_passwd(); $rsakey = getrsakey(); First need hash of password, passwd_hash calls the unix command line md5 -s program to create a secure hash $passwd_hash = gen_hash($pass) Compare the given username and password hash to the hash stored in /etc/app_passwd file for the given user through the compare_pass() function compare_pass(user, hash) $validcredentials = compare_pass($username, $passwd_hash); Check if the RSA Key supplied by the user matches the one stored by the server $legitimatekey = keycheck($rsakey); Grab Date so we can record last login time $date = gen_timestamp(); If the user is authenticated, report last login time and record current time if ($validcredentials && $legitimatekey) $lastlogin = grab_logintime($username);

5 record_login_time($username, $date); From here user can procede into system else if user fails login, start back over and let them try again else send_welcome(); Pseudocode for Web Server Access Control Application version 2 This function is responsible for checking whether or not a user has been authenticated within a given time span. sub getauthentication($username) $authenticationstatus; setuid("root"); open(authfilehandle, "+<authentication.txt") or die("error opening authentication file."); $line = <authfilehandle>; chomp $line; if ($line == $username) $authenticationstatus=1; else $authenticationstatus=0; setuid("http_daemon"); return $authenticationstatus $authenticated =getauthentication($username); Network Setup Setup Socket Listening for Connections socket_listen(); Bind Socket to port 80 bind_socket(port) bind_socket(80);

6 Start Listening to incoming connections listen(); Accept new connection while listen == true accept(); Connected to Client If connecting client is running v2 then they should send cert right away $cert = grab_cert(); Check if the certificate sent by the client has been previously accepted if ($authenticated) Allow the user access to the server. spawnshell(); else See if cert is signed by our CA and if signature is valid check_cert(certificate) returns true or false $signed_cert = check_cert($cert); Procede with Certificate Authentication If the cert is signed by our CA we can procede to check cert for freshness if($signed_cert) $cert_date = get_cert_date($cert) Grab Date so we can compare to date on cert $today = gen_timestamp(); cert false Compare date on cert to today's date to determine freshness of compare_dates(date, date, time limit in days) returns true or $fresh = compare_dates($today, $cert_date, 365) if (!$fresh) then disconnnect("certificate is no longer valid.") else continue $username = extract_user($cert); Check name on cert against list in /etc/app_certs check_user(username) returns true or false depending on

7 if the Name from the certificate is stored in the app_certs file $valid_user = check_user($username); From here user can procede into system if $valid $authenticated = 1; Note this authentication for later use. setauthentication($authenticated, $username); continue... else disconnect("certificate does not contain valid Authentication Name") Revert to version 1 else if!$signed_cert If Certificate is not valid, either the cert is bad or the client is not using v2 of software. Lets post a message about where to get info on v2 of software and how to get a valid cert from our cert server then drop back to username/password access Welcome tells user about upgrade procedures send_welcome(); Authenticate Returning User returning_user function $username = request_name(); $pass = request_passwd(); First need hash of password, passwd_hash calls the unix command line md5 -s program to create a secure hash $passwd_hash = gen_hash($pass) in Compare the given username and password hash to the hash stored

8 /etc/app_passwd file for the given user through the compare_pass() function compare_pass(user, hash) $valid = compare_pass($username, $passwd_hash); Grab Date so we can record last login time $date = gen_timestamp(); If the user is authenticated, report last login time and record current time if ($valid) $lastlogin = grab_logintime($username); record_login_time($username, $date); From here user can procede into system $authenticated = 1; Note this authentication for later use. setauthentication($authenticated, $username); spawnshell(); else if user fails login, let them in as a guest. else $username = "guest"; $pass = ""; Allow the guest user access to the server. spawnshell();