lecture15-security · 2016-04-18 · 4/18/16 2 cse 30341 – operang system principles 3 objecves...

4/18/16

1

CSE30341Opera,ngSystemPrinciples

Security

CSE30341–Opera,ngSystemPrinciples 2

Security•  TheSecurityProblem•  ProgramThreats•  SystemandNetworkThreats•  CryptographyasaSecurityTool•  UserAuthen,ca,on•  Implemen,ngSecurityDefenses•  FirewallingtoProtectSystemsandNetworks•  Computer-SecurityClassifica,ons•  AnExample:Windows

4/18/16

2


Objec,ves•  Todiscusssecuritythreatsanda3acks

•  Toexplainthefundamentalsofencryp7on,authen7ca7on,andhashing

•  Toexaminetheusesofcryptographyincompu,ng

•  TodescribethevariouscountermeasurestosecurityaUacks


TheSecurityProblem•  Systemsecureifresourcesusedandaccessedasintendedunderall

circumstances–  Unachievable

•  Intruders(crackers)aUempttobreachsecurity

•  Threatispoten,alsecurityviola,on

•  A3ackisaUempttobreachsecurity

•  AUackcanbeaccidentalormalicious

•  Easiertoprotectagainstaccidentalthanmaliciousmisuse

4/18/16

3


SecurityViola,onCategories•  Breachofconfiden7ality

– Unauthorizedreadingofdata•  Breachofintegrity

– Unauthorizedmodifica,onofdata•  Breachofavailability

– Unauthorizeddestruc,onofdata•  TheBofservice

– Unauthorizeduseofresources•  Denialofservice(DOS)

–  Preven,onoflegi,mateuse


SecurityViola,onMethods

•  Masquerading–  Pretendingtobeanauthorizedusertoescalateprivileges

•  Replaya3ack–  Asisorwithmessagemodifica,on

•  Man-in-the-middlea3ack–  Intrudersitsindataflow,masqueradingassendertoreceiverandviceversa

•  Sessionhijacking–  Interceptanalready-establishedsessiontobypassauthen,ca,on

4/18/16

4


SecurityMeasureLevels

•  Impossibletohaveabsolutesecurity,butmakecosttoperpetratorsufficientlyhightodetermostintruders

•  Securitymustoccuratfourlevelstobeeffec,ve:– Physical– Human– Opera7ngSystem– Network


ProgramThreats

•  Manyvaria,ons,manynames•  TrojanHorse

– Codesegmentthatmisusesitsenvironment– ExploitsmechanismsforallowingprogramswriUenbyuserstobeexecutedbyotherusers

•  TrapDoor– Specificuseriden,fierorpasswordthatcircumventsnormalsecurityprocedures

– Typicallymeantforbenignpurposes

4/18/16

5


ProgramThreats(Cont.)•  LogicBomb

–  Programthatini,atesasecurityincidentundercertaincircumstances

•  StackandBufferOverflow–  Exploitsabuginaprogram(overfloweitherthestackormemorybuffers)

–  Failuretocheckboundsoninputs,arguments– Writepastargumentsonthestackintothereturnaddressonstack

– Whenrou,nereturnsfromcall,returnstohackedaddress•  Pointedtocodeloadedontostackthatexecutesmaliciouscode

–  Unauthorizeduserorprivilegeescala,on


CProgramwithBuffer-overflowCondi,on

#include <stdio.h> #define BUFFER SIZE 256 int main(int argc, char *argv[]) { char buffer[BUFFER SIZE]; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; }

}

4/18/16

6


LayoutofTypicalStackFrame


ModifiedShellCode

#include <stdio.h> int main(int argc, char *argv[])

{

execvp(‘‘\bin\sh’’,‘‘\bin \sh’’, NULL);

return 0;

}

4/18/16

7


Hypothe,calStackFrame

Before attack After attack


ProgramThreats(Cont.)

•  Viruses–  Codefragmentembeddedinlegi,mateprogram–  Self-replica,ng,designedtoinfectothercomputers–  VeryspecifictoCPUarchitecture,opera,ngsystem,applica,ons

– Usuallyborneviaemailorasamacro•  VisualBasicMacrotoreformatharddrive

Sub AutoOpen() Dim oFS Set oFS = CreateObject(’’Scripting.FileSystemObject’’) vs = Shell(’’c:command.com /k format c:’’,vbHide) End Sub

4/18/16

8


ProgramThreats(Cont.)•  Virusdropperinsertsvirusontothesystem

•  Manycategoriesofviruses,literallymanythousandsofviruses–  File/parasi,c–  Boot/memory–  Macro–  Sourcecode–  Polymorphictoavoidhavingavirussignature–  Encrypted–  Stealth–  Tunneling–  Mul,par,te–  Armored


ABoot-sectorComputerVirus

4/18/16

9


TheThreatCon,nues•  AUackss,llcommon,s,lloccurring•  AUacksmovedover,mefromscienceexperimentstotoolsoforganizedcrime–  Targe,ngspecificcompanies–  Crea,ngbotnetstouseastoolforspamandDDOSdelivery

–  Keystrokeloggertograbpasswords,creditcardnumbers

•  WhyisWindowsthetargetformostaUacks?– Mostcommon–  Everyoneisanadministrator– Monocultureconsideredharmful


SystemandNetworkThreats(Cont.)

•  Worms–usespawnmechanism;standaloneprogram

•  Internetworm–  ExploitedUNIXnetworkingfeatures(remoteaccess)andbugsinfingerandsendmailprograms

–  Exploitedtrust-rela,onshipmechanismusedbyrshtoaccessfriendlysystemswithoutuseofpassword

–  Grapplinghookprogramuploadedmainwormprogram•  99linesofCcode

–  Hookedsystemthenuploadedmaincode,triedtoaUackconnectedsystems

–  Alsotriedtobreakintootherusersaccountsonlocalsystemviapasswordguessing

–  Iftargetsystemalreadyinfected,abort,exceptforevery7th,me

4/18/16

10



•  Portscanning– AutomatedaUempttoconnecttoarangeofportsononeorarangeofIPaddresses

– Detec,onofansweringserviceprotocol– Detec,onofOSandversionrunningonsystem– nmap scansallportsinagivenIPrangeforaresponse

– nessushasadatabaseofprotocolsandbugs(andexploits)toapplyagainstasystem

–  Frequentlylaunchedfromzombiesystems•  Todecreasetraceability



•  DenialofService–  Overloadthetargetedcomputerpreven,ngitfromdoinganyusefulwork

–  Distributeddenial-of-service(DDOS)comefrommul,plesitesatonce

–  ConsiderthestartoftheTCP/IP-connec,onhandshake(SYN)

•  Howmanystarted-connec,onscantheOShandle?–  Considertraffictoawebsite

•  Howcanyoutellthedifferencebetweenbeingatargetandbeingreallypopular?

–  Accidental–CSstudentswri,ngbadfork() code–  Purposeful–extor,on,punishment

4/18/16

11


21

FriendsandEnemies

•  Bob,Alicewanttocommunicate“securely”•  Trudy,the“intruder”mayintercept,delete,addmessages

Figure7.1goeshere


FriendsandEnemies

4/18/16

12


Overview

•  Cryptographyfunc,ons–  Secretkey(e.g.,DES)–  Publickey(e.g.,RSA)–  Messagedigest(e.g.,MD5)

•  Securityservices–  Privacy:preven,ngunauthorizedreleaseofinforma,on–  Authen,ca,on:verifyingiden,tyoftheremotepar,cipant–  Integrity:makingsuremessagehasnotbeenaltered

Security

Cryptographyalgorithms

Publickey

(e.g., RSA)

Secretkey

(e.g., DES)

Messagedigest

(e.g., MD5)

Securityservices

AuthenticationPrivacy Messageintegrity

Plaintext

Encrypt withsecret key

Ciphertext

Plaintext

Decrypt withsecret key

Plaintext

Encrypt withpublic key

Ciphertext

Plaintext

Decrypt withprivate key


SecretKey(DES)

Plaintext

Encrypt withsecret key

Ciphertext

Plaintext

Decrypt withsecret key

4/18/16

13


SymmetricKeySubs,tu,oncipher:subs,tu,ngonethingforanother

–  monoalphabe,ccipher:subs,tuteoneleUerforanother

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

Plaintext: bob. i love you. alice

ciphertext: nkn. s gktc wky. mgsbc

E.g.:


•  64-bitkey(56-bits+8-bitparity)•  16rounds • EachRound

Initial permutation

Round 1

Round 2

Round 16

56-bitkey

Final permutation

+

F

Li ─ 1 Ri─ 1

Ri

Ki

Li

DataEncryp,onStandard

4/18/16

14


•  Repeatforlargermessages

Block1

IV

DES

Cipher1

Block2

DES

Block3

DES

Block4

DES

+

Cipher2 Cipher3 Cipher4

+++

DataEncryp,onStandard


PublicKey(RSA)

•  Encryp,on&Decryp,on c=memodn m=cdmodn

Plaintext

Encrypt withpublic key

Ciphertext

Plaintext

Decrypt withprivate key

4/18/16

15


RSA(cont)

•  Choosetwolargeprimenumberspandq(each256bits)•  Mul,plypandqtogethertogetn•  Choosetheencryp,onkeye,suchthateand(p-1)x(q-1)

arerela,velyprime.•  Twonumbersarerela,velyprimeiftheyhavenocommon

factorgreaterthanone•  Computedecryp,onkeydsuchthat

d*e=1mod((p-1)x(q-1))•  Constructpublickeyas(e,n)•  Constructprivatekeyas(d,n)•  Discard(donotdisclose)originalprimespandq


RSAExampleBob chooses p=5, q=7. Then n=35, z=24.

e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z).

letter m m e c = m mod n e

l 12 1524832 17

c m = c mod n d

17 481968572106750915091411825223072000 12

c d letter

l

encrypt:

decrypt:

4/18/16

16


MessageDigest

•  Cryptographicchecksum–  justasaregularchecksumprotectsthereceiverfromaccidental

changestothemessage,acryptographicchecksumprotectsthereceiverfrommaliciouschangestothemessage.

•  One-wayfunc,on–  givenacryptographicchecksumforamessage,itisvirtually

impossibletofigureoutwhatmessageproducedthatchecksum;itisnotcomputa,onallyfeasibletofindtwomessagesthathashtothesamecryptographicchecksum.

•  Relevance–  ifyouaregivenachecksumforamessageandyouareableto

computeexactlythesamechecksumforthatmessage,thenitishighlylikelythismessageproducedthechecksumyouweregiven.


Authen,ca,onProtocols

•  Three-wayhandshakeClient Server

ClientId, E ( , CHK)

E(y+ , CHK)

E(SK, SHK)

Y

4/18/16

17


Trustedthirdparty(Kerberos)

AS B

E((T, L, K, B), KA),E((A, T), K),

E((T, L, K, A), KB)

A, B

E(T + 1 , K)

E ((T, L, K, A), KB)


Publickeyauthen,ca,on

A B

E(x, PublicB )

x

4/18/16

18


MessageIntegrityProtocols

•  DigitalsignatureusingRSA–  specialcaseofamessageintegritywherethecodecanonlyhavebeen

generatedbyonepar,cipant–  computesignaturewithprivatekeyandverifywithpublickey

•  KeyedMD5–  sender:m+MD5(m+k)+E(E(k,rcv_public),snd_private)–  receiver

•  recoversrandomkeyusingthesender’spublickey•  appliesMD5totheconcatena,onofthisrandomkeymessage

•  MD5withRSAsignature–  sender:m+E(MD5(m),private)–  receiver

•  decryptssignaturewithsender’spublickey•  comparesresultwithMD5checksumsentwithmessage


PublicKeyDistribu,on

•  Cer,ficate–  specialtypeofdigitallysigneddocument:“Icer;fythatthepublickeyinthisdocumentbelongstotheen;tynamedinthisdocument,signedX.”

–  thenameoftheen,tybeingcer,fied–  thepublickeyoftheen,ty–  thenameofthecer,fica,onauthority–  adigitalsignature

•  Cer,fica,onAuthority(CA)–  administra,veen,tythatissuescer,ficates–  usefulonlytosomeonethatalreadyholdstheCA’spublickey.

4/18/16

19


KeyDistribu,on(cont)

•  ChainofTrust–  ifXcer,fiesthatacertainpublickeybelongstoY,andYcer,fiesthatanotherpublickeybelongstoZ,thenthereexistsachainofcer,ficatesfromXtoZ

– someonethatwantstoverifyZ’spublickeyhastoknowX’spublickeyandfollowthechain

•  Cer,ficateRevoca,onList


Cer,ficate•  Serialnumber(uniquetoissuer)•  infoaboutcer,ficateowner,includingalgorithmandkeyvalueitself

(notshown)❒  info about

certificate issuer

❒  valid dates ❒  digital

signature by issuer

4/18/16

20


UserAuthen,ca,on

•  Crucialtoiden,fyusercorrectly,asprotec,onsystemsdependonuserID

•  Useriden,tymostorenestablishedthroughpasswords,canbeconsideredaspecialcaseofeitherkeysorcapabili,es

•  Passwordsmustbekeptsecret–  Frequentchangeofpasswords–  Historytoavoidrepeats–  Useof“non-guessable”passwords–  LogallinvalidaccessaUempts(butnotthepasswordsthemselves)


40

SecureShell(SSH)•  Remoteloginservice(replacestelnetandrlogin).•  Providesauthen,ca,on,integrity,andconfiden,ality.•  SSHversion2:SSH-TRANS,SSH-AUTH,SSH-CONN.

Applicationclient

Applicationserver

SSH SSHForwarded connection

Direct connection

Host A Host B

4/18/16

21


41

TransportLayerSecurity(TLS)

•  SecureSocketLayer(SSL).•  SecureHTTP(HTTPS).•  Handshakeprotocolandrecordprotocol.

Application (e.g., HTTP)Secure transport layer

TCPIP

Subnet


Firewalls

•  Filter-BasedSolu,on–  example

(192.12.13.14,1234,128.7.6.5,80)(*,*,128.7.6.5,80)

–  default:forwardornotforward?–  howdynamic?

Rest of the Internet Local site

Firewall

4/18/16

22


Proxy-BasedFirewalls

•  Problem:complexpolicy•  Example:webserver

•  Solu,on:proxy

•  Design:transparentvs.classical•  Limita,ons:aUacksfromwithin

Company net Webserver

Randomexternaluser

Remotecompanyuser

Internet

Firewall

Firewall

Externalclient

External HTTP/TCP connection

Proxy

Internal HTTP/TCP connection

Localserver

lecture15-security · 2016-04-18 · 4/18/16 2 cse 30341 – operang system principles 3 objecves...

Documents