introduction to computer and network security session 1
TRANSCRIPT
Page 1
Introduction to computer and network security
Session 1 : Introduction and definition of main concepts
Jean Leneutre
Tél.: 01 45 81 78 81
Page 2
I- Introduction Context Security trends in the US
Picture taken from "CSI/FBI 2010-11, Computer crime and security survey", http://www.gocsi.com/
Page 3
I- Introduction Context Security trends in the US
Picture taken from "CSI/FBI 2008, Computer crime and security survey", http://www.gocsi.com/
Page 4
I- Introduction Context Common computer exploits
Common exploits (http://cwe.mitre.org/documents/vuln-trends/)
Cross-site scripting
Buffer overflow
SQL injection
PHP remote file inclusion
Directory traversal
Information leak
DoS caused by Malformed input
Symbolic link following
Format string vulnerability
Cryptographic error
Page 5
I- Introduction Context Evolution of security (1/2)
q Security in the military domain (communications) § Jamming § Confidentiality of messages through the use of cryptology (Enigma machine)
q System security § MULTICS: "computer security by design" § "Orange Book" (TCSEC, DoD, 1983)
q Distributed system security § Kerberos (Athena project 1983-91)
q Advances in cryptology § DES (symmetric, 1976), then RSA (asymmetric, 1977)
q Network security § Public Key Infrastructures (PKIs) § Security protocols (IPSEC in 1995, SSL in 1996, …) and architecture (firewalls,
VPNs, IDSs, …)
Page 6
I- Introduction Context Evolution of security (2/2)
q Introduction of trusted modules/devices § Smartcards
q Content security § DRM (Digital Right Management), Steganography (Watermarking)
q Security nowadays § Identity Federation, "Single-Sign-On" (SSO) § Evolution of cryptology (AES, elliptical curves, hash function …) § Trusted Computing (TPM) § Information privacy (RFID) § Cloud Computing security
q Security in the future § Security of open and mobile systems : vehicular networks (VANETs) § Quantum cryptography?
Page 7
I- Introduction Perimeter of security Security vs. Safety
q Security (« Sécurité »):
§ Security = Confidentiality + Integrity + Availability
§ Protect information against intentional and non-intentional threats (virus, Trojans, users errors, …)
§ Assets Ø Immaterial entities (contents and services) Ø Material entities linked to the Information System (IS)
q Safety (« Innocuité »)
§ Protect against harmful events
§ Assets Ø Security of humans Ø Tangible possessions
Page 8
I- Introduction Perimeter of security Security vs. Dependability
q Dependability (« Sûreté de Fonctionnement ») § Definition : Dependability = integrity + availability + safety + reliability + maintenability
Confidentiality
Integrity
Availability
Safety
Reliability
Maintenability
DEPENDABILITY
SECURITY
Page 9
I - Introduction Perimeter of security Security of information system vs computer security
q Information System:
§ An Information System is the set of entities that store, process, manage, and distribute information in an organisation.
§ Entities = personnel, data, hardware, software, ..
q Information System Security includes:
§ Computer and network security
§ Physical security (buildings)
Page 10
I- Introduction Perimeter of security Potential targets
q Information System
§ From state institutions, or private enterprises
q Networks
§ Home networks
§ LANs
§ Wireless networks: WiFI, WiMax, Bluetooth, RFID
q Telecom networks
§ Telephone network
§ Mobile phone networks (GSM, GPRS, UMTS)
q Broadcasting networks
§ Television, Satellite networks, localisation networks (GPS)
Page 11
I- Introduction Security sectors
q Different sectors of security in France with their own requirements
1. Restricted sector with classified data (« secteur réglementé ») Ø « Secret de Défense »: French ministry of Defence, SGDN
(Secrétariat Général de la Défense et de la sécurité Nationale), …
2. Non restricted but controlled sector Ø Sensitive sectors: companies working with Ministry of Defence
(Thales, Dassault, …)
3. Non restricted and non controlled sector (sensitive but non classified data) Ø All the other activity sectors
Page 12
I- Introduction Objectives of the course
q Introduction of the fundamental concepts of Information Security + Presentation of the main vulnerabilities/attacks (lecture 1 & practical session 1)
q Introduction to cryptography (lecture 2 & practical session 2)
q Presentation of authentification function and mechanisms (lesson 3)
q Presentation of Access control models and mechanisms (lesson 4)
Ø Reference Book :
§ Dieter Gollman, Computer Security, 2nd edition, Wiley, 2006, ISBN 0 470 86293 9.
Page 14
II- Definitions 1. Security properties
q Usual definition : Security = set of properties including at least
§ Confidentiality (« Confidentialité »): no non-authorized divulgation of information
§ Integrity (« Intégrité »): no non-authorized modification of information
§ Availability (« Disponibilité »): no non-authorized retention of information or resources
q In one sentence
§ No non-authorized actions
è Authorized actions are defined in the security policy
Page 15
II- Definitions 1. Security properties
q Confidentiality
§ No non-authorized divulgation of information Ø Only authorized entities are able to observe information
Ø Access operations: read, print, list a directory, …
Ø Examples: confidentiality of a text, confidentiality of a network flow, …
Ø Attacks: eavesdropping, password cracking, cryptanalysis of a ciphering algorithm, …
§ Secrecy / Privacy (« Intimité ») Ø Confidentiality of personal information in the latter case
Page 16
II- Definitions 1. Security properties
q Integrity § No non-authorized modification of information
Ø Only authorized entities are able to modify information
Ø Access operations: write, delete, creation, change status, …
Ø Examples: integrity of a message, integrity of a program, integrity of a database, …
Ø Attacks: insertion of a virus, modification of an access control list, …
§ Several meanings depending on the context Ø No modification: integrity of communications (detection and correction of
modifications due to transmission errors or intentional manipulation) Ø Modifications must satisfy some properties: integrity of relations in a
database (consistency), integrity of a variable in a program, … Ø Modifications must only be performed by trusted entities (human,
process)
Page 17
q Availability § No retention of information or resources
Ø Authorized entities can obtain information or use a resource Ø Access type: execute, download, … Ø Example: availability of a server, availability of a network Ø Attacks: jamming attack in a wireless network, Denial of Service (DoS)
caused by a flooding attack on a server, …
§ Several aspects Ø Presence of information or usability of services Ø Ability to answer to a request, Ø Ability to answer to a request in bounded time, Ø Fairness in resource allocation
§ Usually in security Ø Availability = no Denial of Service
II- Definitions 1. Security properties
Page 18
II- Definitions 1. Security properties
q Interdependencies between confidentiality, integrity & availability
§ Mutual exclusion
Ø Example: a strong confidentiality protection based on robust cryptographic mechanisms may impact availability
§ Causality relation Ø Example: integrity must be a pre-requisite to ensure confidentiality
Ø An attacker may bypass read access control mechanisms to files by modifying an access control table used by the OS
Integrity Availability
Confidentiality
Page 19
II- Definitions 1. Security properties
q Other security properties
§ Accountability (« Imputabilité »): to be able to determine who is responsible for any action against the security policy
Ø Requires Auditability: to be able to trace the events impacting security during a given period
Ø Requires user Identification/Authentication
§ Non-repudiation: to be able to provide a proof that an action has been performed by a given entity
Ø Impossibility for an entity to deny the reception or emission of a message
Ø Requires use of digital signatures and time-stamps
Page 20
II- Definitions 1. Security properties
q Properties related to dependability
§ Reliability (« Fiabilité ») Ø Capacity of a system to provide a correct service Ø Characterized by the probability that a component or the system works
on a time interval [0,t] Ø Metrics: Mean Time Between Failures (MTBF)
§ Maintenability (« Maintenabilité ») Ø Capacity of a system to work again after a fault Ø Metrics: Mean Time To Repair (MTTR)
Page 21
II- Definitions 1. Security properties
q How to assess security ?
§ Quantitative approach
Ø Use the number of vulnerabilities already detected and the time required for detection to predict the discovery time for next vulnerability
Ø Measure the attack surface of a system (number of interfaces, number of dangerous instructions used in a code, …)
è Quantitative approaches rarely used to assess security
§ Qualitative approach Ø Risk analysis: assess risks that threats assets è Methods: EBIOS (DCSSI), MEHARI (CLUSIF), CRAMM, OCTAVE, …
Page 22
II- Definitions 2. Asset, vulnerability, threat and risk
q Asset (« Actif» ou « Bien»): everything which has a value § Medium assets or entities
Ø Hardware, Ø Software, Ø Include also locations (server room) and humans (system administrator)
§ Essential assets Ø Information
– example: a list of names Ø Function processing information
– example: a ciphering algorithm
q Asset valuation § Supposing the asset is compromised
Ø Medium asset: financial cost Ø Essential assets: Impact (loss of reputation, loss of competitive
advantage, …)
Page 23
II- Definitions 2. Asset, vulnerability, threat and risk
q Vulnerability § Security flaw in a component of the system (medium asset)
Ø Problem in the requirements, functional specification, design, implementation or during the deployment
§ Examples : Ø Program with known flaws (no verification of buffer size) Ø Account providing privileges, with password set at default value
§ Principle of the weakest link in a chain (Principe du maillon faible) : Ø vulnerability level of a system = vulnerability level of its weakest component
(easier to exploit for the attacker)
§ Vulnerability analysis: find the vulnerabilities in a system Ø Vulnerability databases: CERTs (Computer Emergency Response Teams,
http://www.cert.org), SANS (http://www.sans.org) Ø Vulnerability scanner: tool automating the identification of vulnerabilites using
a vulnerabilities database (example: Nessus)
Page 24
II- Definitions 2. Asset, vulnerability, threat and risk
q Source of a threat
§ Type Ø Human origin (user or hacker), natural origin (river, …) Ø Non intentional cause or intentional cause (attacker) Ø Internal vs. external
§ Attacker model or Attacker potential (in case of an intentional origin) Ø Motivation Ø Expertise (technical skills, …) Ø Available resources (financial resources, time, exploits…)
Page 25
II- Definitions 2. Asset, vulnerability, threat and risk
q Threat (Menace)
§ Method used by the source of the attack Intentional threat = attack Non intentional threat = errors
§ Exemples : Ø Eavesdropping, Ø River flooding, Ø Buffer overflow attack, …
Page 26
II- Definitions 2. Asset, vulnerability, threat and risk
q Attack types § Passive attack:
Ø Attack only requiring interception § Active attack:
Ø Attack requiring interruption or modification or forging
q Steps during an attack: § Information gathering § Identification of vulnerabilities § Implementation and execution of the attack
Page 27
q Threat scenario § Scenario with a likelihood, grouping a threat, its source, a vulnerability
exploited by the threat, and a medium asset.
§ Example: Ø A hacker perform a buffer overflow attack exploiting a non verification of
input size in a system program (moderatly likely)
II- Definitions 2. Asset, vulnerability, threat and risk
Page 28
II- Definitions 2. Asset, vulnerability, threat and risk
q Risk § Likelihood of a threat scenario + importance of the impact § Risk assessment using a table
§ Risk management
Ø Reducing, transferring or taking the risk Ø Residual risk: risk still existing after the risk processing Ø Risk analysis methods: Ebios, Mehari, Cramm, Octave, …
1 2 3 4 1 1 1 2 2 2 1 2 2 3 3 2 2 3 4 4 2 3 4 4
Impact
Threat
Page 29
Risk
II- Definitions 2. Asset, vulnerability, threat and risk
may induce
uses
linked to
Owner
Source of attack
Attack
Asset
Counter-measures
Vulnerability Impact loss produces
Likelihood: L
reduces
applies
protects
exploits
Threat scenario
Loss rating: LR
Page 30
II- Definitions 3. Security policy, measure, function, mechanism
q Security objective
§ Define the security properties required for a given essential asset (information)
§ Example: confidentiality of the specification of the new software
q Security measure or counter-measure
§ Physical, organisational or technical measure
§ Technical counter-measures: security function and mechanisms in order to satisfy security objectives
§ Reduce vulnerabilities or the impact and thus risks
§ May induce new vulnerabilities
Page 31
II- Definitions 3. Security policy, measure, function, mechanism
q Prevention: measures to avoid an incident § Training of non expert users to security
§ Dissuasion Ø Watermarking (insert copyright statement in an electronic
image)
§ Protection Ø Cryptography (art of secret): hide information to third parties Ø Steganography (art of dissimulation): hide information in
another content (hide both information and its existence) Ø Acces control (filtering using a firewall)
§ Misinformation (of attacker) Ø Use deception techniques to counter or slow down attacker
(Honeypots)
Before the incident
Page 32
II- Definitions 3. Security policy, measure, function, mechanism
q Detection: measures to detect the incident § Intrusion detection (IDS)
q Correction : measures to mitigate the consequences of an incident § Confinement: quarantine isolation, modification of filtering
rules (IPS, Intrusion Prevention System) § Ensure availability during an attack (load balancing)
q Recovery: measures to recover the losses after the incident § Understand the incident and search evidence: Computer
Forensics § Repair the damages (restore the resources in their initial
state) § Fix the vulnerabilities to prevent future similar attacks § Legal action against cyber-criminals, against a third party
Beginning of the incident
During the incident
After the incident
Page 33
II- Definitions 3. Security policy, measure, function, mechanism
q Security Policy (Politique de sécurité) § Set of laws, rules and usages that specify how assets must be managed,
and protected inside an organization Ø Specifies the authorizations, forbidden actions and obligations of subjects
that access to the SIs
Ø Includes organisational, physical and technical aspects of security
Page 34
II- Terminologie de la sécurité 3. Security policy, measure, function, mechanism
q Security function
§ Technical measure providing a security objective
§ Example : classes of security functions introduced in Common Criteria (CC)
Ø FIA: Identification and Authentication
Ø FTA: Target of Evaluation Access
Ø FAU: Security Audit
Ø FPR: Privacy
Ø FCO: Communication security
Ø FDP: Protection of user datas
Ø … and others (11 classes)
Page 35
II- Definitions 3. Security policy, measure, function, mechanism
q Identification : declaration of an identity by an entity § Example: entering your login
q Authentication (Entity authentication): process that checks the identity § Verifies that a user is indeed the person he pretends to be § Example : verification of password entered after the login § Pre-requisite for access control § Functionalities associated to authentication
Ø Identity management: add new identities, remove, … Ø Ensure integrity of authentication credentials / information Ø Allow authorized users to access to information requiredto check users’
identity Ø Limit the number of online successive attempts to establish a false identity Ø Reuse of authentication (single-sign-on)
Page 36
II- Definitions 3. Security policy, measure, function, mechanism
q Access Control:
§ Function controlling that subjects (users and processes) can only access to information and resources, if they have the corresponding authorizations
§ Functionalities associated to access control Ø functions that manage the authorization specifications
q Flow Control:
§ Function that controls the information flows between objects
Page 37
II- Definitions 3. Security policy, measure, function, mechanism
q Audit § Function ensuring that information concerning events potentially impacting
security is recorded, so that a further examination is able to determine whether there has been a security problem
q Acountability § Function ensuring that actions from a user (or user’s process) are recorded
so that it is possible in the future to determine who was responsible for a given event
q Privacy § Function ensuring the privacy of the data and actions of a user
Ø May be in conflict with other functions (audit and accountability)
Page 38
II- Definitions 3. Security policy, measure, function, mechanism
q Security mechanism
§ Algorithm or protocol implemented via hardware or software to provide a security function
§ Ensure that the system does not accept non-authorized actions
§ Example: authentication mechanisms Ø One-time password protocol HOTP Ø Challenge response protocol KERBEROS
Security mechanism must also be secured