A brief introduction to information security. Outline. Safety vs. Security. Safety vs. Security. Notes. Notes. Notes. Part I.

Transcription

1 A brief introduction to information security Part I Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX August 23, 2012 Outline / 41 Safety vs. Security Safety Protects against accidents Defends against nature Can be modeled using probability theory with historical data Security Protects against intentional malice Defends against intelligent beings Must model the strategy of adversaries 4 / 41 Safety vs. Security Safety Security Question: If you were in charge of a building s security, how would preparations differ for a tornado versus a terrorist attack? Hint: When preparing for a tornado, should you consider whether neighboring buildings have been protected? 5 / 41

2 Definition Digital information: information encoded in discrete numbers Hi! 0x / 41 What are the implications of digital representation of information? 1 Costless to create perfect copies 2 Information can be transmitted anywhere immediately 3 Information can be remembered indefinitely Easy to keep detailed record of transactions 4 Digitally encoded information lacks provenance Modifications can t be identified by just looking at the data 7 / 41 Information security is the endeavor to achieve protection goals specific to information. What are those goals? 1 Confidentiality: information is accessible only to authorized parties 2 Integrity: modification of information can be detected 3 Availability: authorized parties can access information (and use resources) when and where it is needed 8 / 41 Confidentiality Broker Exchange BUY,200,GOOG,$ Eve 9 / 41

3 Confidentiality caveats Confidentiality does not cover prior knowledge Breaches of confidentiality cannot be undone Breaches of confidentiality can be difficult to detect Question: what characteristics of digital information make protecting confidentiality difficult? 10 / 41 Integrity Broker Exchange BUY,200,GOOG,$ $ Mallory 11 / 41 Integrity caveats Protecting integrity = correcting modifications Integrity simply ensures that information hasn t been altered Integrity makes no claim of absolute correctness Question: what characteristics of digital information make protecting integrity difficult? 12 / 41 Availability Broker Exchange BUY,200,GOOG,$ BUY,200,GOOG,$ Mallory 13 / 41

4 Availability caveats Integrity is widely seen to be harder to guarantee than confidentiality or integrity Why? guarantees must often be made for more than the information Guarantees of the functionality of other parties may be required 14 / 41 Who are these authorized parties the definitions speak of? Who is an authorized party? How are they authorized? By whom? Parties: human beings controlling computer system, or programs acting on their behalf Authorization: decision a principal must take on whether a party is allowed to undertake a task Authorization decision is the fundamental challenge of security engineering 15 / 41 Identification vs. Authentication vs. Authorization Identification, authentication and authorization answer different questions Identification: Who are you? Authentication: Is it really you? Authorization: Knowing who you are, are you allowed to do something? Common mistake: conflating these concepts Deploying an authentication system does not solve the authorization problem 16 / 41 How computers identify people In order to authorize a user to access computer resources, systems must figure out who they re interacting with Computer systems store (ID, attribute) pairs Upon encountering a user, the system prompts for the ID and attribute. IDs should be unique If the attribute is only known to the user (e.g., a password), it can be used to authenticate the user to the system 17 / 41

5 Case study: authentication and authorization at ATMs ATM Authentication steps 1. Insert card 2. Request matching PIN 3. Enter PIN Authorization steps 4. How much to withdraw? 5. Request $ Dispense $ Balance $100? Bank 7. Approve withdrawal 18 / 41 Authentication failure: ATM fails to authenticate user ATM Authentication steps 1. Insert card 2. Request matching PIN Guess PIN 3. Enter PIN Authorization steps 4. How much to withdraw? 5. Request $ Dispense $100 Mallory 6. Balance $100? Bank 7. Approve withdrawal 19 / 41 Card skimmers: ATM incorrectly authenticates user Source: 20 / 41 Authentication failure: User fails to authenticate ATM ATM Authentication steps 1. Insert card 2. Request matching PIN 3. Enter PIN Authorization steps 4. How much to withdraw? 5. Request $ Dispense $100 Fake ATM Mallory 6. Balance $100? Bank 7. Approve withdrawal 21 / 41

6 Fake ATMs: User fails to authenticate ATM Source: 22 / 41 Question: how does authentication fail on phishing websites? 23 / 41 Four fundamental ideas of computer architecture 1 Code is data 2 Layers of abstraction 3 Moore s law 4 Halting problem 25 / 41 The von Neumann computer architecture The pervasive von Neumann computer architecture does not distinguish between instructions for computer programs and data Consequently, Code is Data Enables great flexibility in reprogramming computers Programs can be costlessly reproduced, not just data There are unfortunate security implications John von Neumann 26 / 41

7 The dark side of Code is Data Source: 27 / 41 Layers of abstraction Abstraction: specifying meaning and behavior of software while hiding implementation details Modular code exploits abstraction and enables composition and reuse Abstraction and code modularity enables rapid software development (which has in turn led to a rapid rise in software complexity) Unlike for mechanical engineering, in software engineering there is no practical limit to the potential combinations of code 28 / 41 Abstraction solves everything? All problems in computer science can be solved by another level of indirection. David Wheeler 29 / 41 Layered computer architecture Active content Application Libraries Operating system Hardware Facebook Mozilla Firefox Gecko, NSPR, OJI,... Microsoft Windows Intel x86 30 / 41

8 Layers good or bad? + Abstraction enables greater compatibility since higher layer only interacts with next layer + Layered approach means that developers can ignore problems already solved at other layers - Higher layers cannot identify or prevent malfunctions at lower layers - Vulnerabilities propagate up the stack - Flaws in a single layer can affect all software developed on top Think back to when Windows was ridden with holes Question: at what layer can a strategic attacker wreak the most havoc at least cost? 31 / 41 Abstraction solves everything? All problems in computer science can be solved by another level of indirection, except security problems. 32 / 41 Moore s law Intel founder Gordon Moore noticed in 1965 that integrated circuit density had been doubling since the 1950s He predicted the trend to continue Moore s Law: computer performance roughly doubles every 18 months Figure from Moore s original paper speculating on the implications of exponential growth in computing power 33 / 41 The halting problem In 1936, Alan Turing proved that it is impossible to write a general-purpose program that can determine whether another program will stop Bear this in mind the next time someone complains that software developers should be able to find and remove all vulnerabilities in their code 34 / 41

9 The Internet circa 1971 Source: 35 / 41 It has long been recognized that there could be value in connecting computers together Researchers developed protocols that specified how computers could communicate with each other Networking protocols also leverage abstraction layers 36 / 41 Networking protocol stack Application Transport Network Data Link Physical HTTP, SMTP, BGP IP TCP, UDP Ethernet n 37 / 41 Networking protocols IP protocol Each computer has a 32-bit unique address (e.g., ) Any computer should be reachable using its IP address Transport layer TCP: establishes connection between devices before sending traffic UDP: connectionless data is simply transmitted Application layer Many available applications, each operating on a different port HTTP (port 80): protocol for web sites (e.g., connecting to :80 delivers the SMU home page) SMTP (port 25): protocol for sending SSH (port 22): secure remote login to computers BGP (port 179): protocol for connecting Internet providers Many applications have been developed (e.g., see a list of common port numbers at 38 / 41

10 Global routing via BGP Source: report/interx-report/at_download/fullreport 39 / 41 Important design decisions for networking protocols Internet protocols incorporated a number of design decisions that impact security 1 IP makes computers globally addressable 2 Packets are delivered on a best-effort basis, making it hard to distinguish malice from bad luck 3 No built-in authentication to protocols, which enables spoofing 4 Design is inherently decentralized, which makes coordination difficult (e.g., to upgrade to a more secure protocol) 40 / 41 Recap / 41