lecture15-security · 2016-04-18 · 4/18/16 2 cse 30341 – operang system principles 3 objecves...
TRANSCRIPT
4/18/16
1
CSE30341Opera,ngSystemPrinciples
Security
CSE30341–Opera,ngSystemPrinciples 2
Security• TheSecurityProblem• ProgramThreats• SystemandNetworkThreats• CryptographyasaSecurityTool• UserAuthen,ca,on• Implemen,ngSecurityDefenses• FirewallingtoProtectSystemsandNetworks• Computer-SecurityClassifica,ons• AnExample:Windows
4/18/16
2
CSE30341–Opera,ngSystemPrinciples 3
Objec,ves• Todiscusssecuritythreatsanda3acks
• Toexplainthefundamentalsofencryp7on,authen7ca7on,andhashing
• Toexaminetheusesofcryptographyincompu,ng
• TodescribethevariouscountermeasurestosecurityaUacks
CSE30341–Opera,ngSystemPrinciples 4
TheSecurityProblem• Systemsecureifresourcesusedandaccessedasintendedunderall
circumstances– Unachievable
• Intruders(crackers)aUempttobreachsecurity
• Threatispoten,alsecurityviola,on
• A3ackisaUempttobreachsecurity
• AUackcanbeaccidentalormalicious
• Easiertoprotectagainstaccidentalthanmaliciousmisuse
4/18/16
3
CSE30341–Opera,ngSystemPrinciples 5
SecurityViola,onCategories• Breachofconfiden7ality
– Unauthorizedreadingofdata• Breachofintegrity
– Unauthorizedmodifica,onofdata• Breachofavailability
– Unauthorizeddestruc,onofdata• TheBofservice
– Unauthorizeduseofresources• Denialofservice(DOS)
– Preven,onoflegi,mateuse
CSE30341–Opera,ngSystemPrinciples 6
SecurityViola,onMethods
• Masquerading– Pretendingtobeanauthorizedusertoescalateprivileges
• Replaya3ack– Asisorwithmessagemodifica,on
• Man-in-the-middlea3ack– Intrudersitsindataflow,masqueradingassendertoreceiverandviceversa
• Sessionhijacking– Interceptanalready-establishedsessiontobypassauthen,ca,on
4/18/16
4
CSE30341–Opera,ngSystemPrinciples 7
SecurityMeasureLevels
• Impossibletohaveabsolutesecurity,butmakecosttoperpetratorsufficientlyhightodetermostintruders
• Securitymustoccuratfourlevelstobeeffec,ve:– Physical– Human– Opera7ngSystem– Network
CSE30341–Opera,ngSystemPrinciples 8
ProgramThreats
• Manyvaria,ons,manynames• TrojanHorse
– Codesegmentthatmisusesitsenvironment– ExploitsmechanismsforallowingprogramswriUenbyuserstobeexecutedbyotherusers
• TrapDoor– Specificuseriden,fierorpasswordthatcircumventsnormalsecurityprocedures
– Typicallymeantforbenignpurposes
4/18/16
5
CSE30341–Opera,ngSystemPrinciples 9
ProgramThreats(Cont.)• LogicBomb
– Programthatini,atesasecurityincidentundercertaincircumstances
• StackandBufferOverflow– Exploitsabuginaprogram(overfloweitherthestackormemorybuffers)
– Failuretocheckboundsoninputs,arguments– Writepastargumentsonthestackintothereturnaddressonstack
– Whenrou,nereturnsfromcall,returnstohackedaddress• Pointedtocodeloadedontostackthatexecutesmaliciouscode
– Unauthorizeduserorprivilegeescala,on
CSE30341–Opera,ngSystemPrinciples 10
CProgramwithBuffer-overflowCondi,on
#include <stdio.h> #define BUFFER SIZE 256 int main(int argc, char *argv[]) { char buffer[BUFFER SIZE]; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; }
}
4/18/16
6
CSE30341–Opera,ngSystemPrinciples 11
LayoutofTypicalStackFrame
CSE30341–Opera,ngSystemPrinciples 12
ModifiedShellCode
#include <stdio.h> int main(int argc, char *argv[])
{
execvp(‘‘\bin\sh’’,‘‘\bin \sh’’, NULL);
return 0;
}
4/18/16
7
CSE30341–Opera,ngSystemPrinciples 13
Hypothe,calStackFrame
Before attack After attack
CSE30341–Opera,ngSystemPrinciples 14
ProgramThreats(Cont.)
• Viruses– Codefragmentembeddedinlegi,mateprogram– Self-replica,ng,designedtoinfectothercomputers– VeryspecifictoCPUarchitecture,opera,ngsystem,applica,ons
– Usuallyborneviaemailorasamacro• VisualBasicMacrotoreformatharddrive
Sub AutoOpen() Dim oFS Set oFS = CreateObject(’’Scripting.FileSystemObject’’) vs = Shell(’’c:command.com /k format c:’’,vbHide) End Sub
4/18/16
8
CSE30341–Opera,ngSystemPrinciples 15
ProgramThreats(Cont.)• Virusdropperinsertsvirusontothesystem
• Manycategoriesofviruses,literallymanythousandsofviruses– File/parasi,c– Boot/memory– Macro– Sourcecode– Polymorphictoavoidhavingavirussignature– Encrypted– Stealth– Tunneling– Mul,par,te– Armored
CSE30341–Opera,ngSystemPrinciples 16
ABoot-sectorComputerVirus
4/18/16
9
CSE30341–Opera,ngSystemPrinciples 17
TheThreatCon,nues• AUackss,llcommon,s,lloccurring• AUacksmovedover,mefromscienceexperimentstotoolsoforganizedcrime– Targe,ngspecificcompanies– Crea,ngbotnetstouseastoolforspamandDDOSdelivery
– Keystrokeloggertograbpasswords,creditcardnumbers
• WhyisWindowsthetargetformostaUacks?– Mostcommon– Everyoneisanadministrator– Monocultureconsideredharmful
CSE30341–Opera,ngSystemPrinciples 18
SystemandNetworkThreats(Cont.)
• Worms–usespawnmechanism;standaloneprogram
• Internetworm– ExploitedUNIXnetworkingfeatures(remoteaccess)andbugsinfingerandsendmailprograms
– Exploitedtrust-rela,onshipmechanismusedbyrshtoaccessfriendlysystemswithoutuseofpassword
– Grapplinghookprogramuploadedmainwormprogram• 99linesofCcode
– Hookedsystemthenuploadedmaincode,triedtoaUackconnectedsystems
– Alsotriedtobreakintootherusersaccountsonlocalsystemviapasswordguessing
– Iftargetsystemalreadyinfected,abort,exceptforevery7th,me
4/18/16
10
CSE30341–Opera,ngSystemPrinciples 19
SystemandNetworkThreats(Cont.)
• Portscanning– AutomatedaUempttoconnecttoarangeofportsononeorarangeofIPaddresses
– Detec,onofansweringserviceprotocol– Detec,onofOSandversionrunningonsystem– nmap scansallportsinagivenIPrangeforaresponse
– nessushasadatabaseofprotocolsandbugs(andexploits)toapplyagainstasystem
– Frequentlylaunchedfromzombiesystems• Todecreasetraceability
CSE30341–Opera,ngSystemPrinciples 20
SystemandNetworkThreats(Cont.)
• DenialofService– Overloadthetargetedcomputerpreven,ngitfromdoinganyusefulwork
– Distributeddenial-of-service(DDOS)comefrommul,plesitesatonce
– ConsiderthestartoftheTCP/IP-connec,onhandshake(SYN)
• Howmanystarted-connec,onscantheOShandle?– Considertraffictoawebsite
• Howcanyoutellthedifferencebetweenbeingatargetandbeingreallypopular?
– Accidental–CSstudentswri,ngbadfork() code– Purposeful–extor,on,punishment
4/18/16
11
CSE30341–Opera,ngSystemPrinciples 21
21
FriendsandEnemies
• Bob,Alicewanttocommunicate“securely”• Trudy,the“intruder”mayintercept,delete,addmessages
Figure7.1goeshere
CSE30341–Opera,ngSystemPrinciples 22
FriendsandEnemies
4/18/16
12
CSE30341–Opera,ngSystemPrinciples 23
Overview
• Cryptographyfunc,ons– Secretkey(e.g.,DES)– Publickey(e.g.,RSA)– Messagedigest(e.g.,MD5)
• Securityservices– Privacy:preven,ngunauthorizedreleaseofinforma,on– Authen,ca,on:verifyingiden,tyoftheremotepar,cipant– Integrity:makingsuremessagehasnotbeenaltered
Security
Cryptographyalgorithms
Publickey
(e.g., RSA)
Secretkey
(e.g., DES)
Messagedigest
(e.g., MD5)
Securityservices
AuthenticationPrivacy Messageintegrity
Plaintext
Encrypt withsecret key
Ciphertext
Plaintext
Decrypt withsecret key
Plaintext
Encrypt withpublic key
Ciphertext
Plaintext
Decrypt withprivate key
CSE30341–Opera,ngSystemPrinciples 24
SecretKey(DES)
Plaintext
Encrypt withsecret key
Ciphertext
Plaintext
Decrypt withsecret key
4/18/16
13
CSE30341–Opera,ngSystemPrinciples 25
SymmetricKeySubs,tu,oncipher:subs,tu,ngonethingforanother
– monoalphabe,ccipher:subs,tuteoneleUerforanother
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
E.g.:
CSE30341–Opera,ngSystemPrinciples 26
• 64-bitkey(56-bits+8-bitparity)• 16rounds • EachRound
Initial permutation
Round 1
Round 2
Round 16
56-bitkey
Final permutation
+
F
Li ─ 1 Ri─ 1
Ri
Ki
Li
DataEncryp,onStandard
4/18/16
14
CSE30341–Opera,ngSystemPrinciples 27
• Repeatforlargermessages
Block1
IV
DES
Cipher1
Block2
DES
Block3
DES
Block4
DES
+
Cipher2 Cipher3 Cipher4
+++
DataEncryp,onStandard
CSE30341–Opera,ngSystemPrinciples 28
PublicKey(RSA)
• Encryp,on&Decryp,on c=memodn m=cdmodn
Plaintext
Encrypt withpublic key
Ciphertext
Plaintext
Decrypt withprivate key
4/18/16
15
CSE30341–Opera,ngSystemPrinciples 29
RSA(cont)
• Choosetwolargeprimenumberspandq(each256bits)• Mul,plypandqtogethertogetn• Choosetheencryp,onkeye,suchthateand(p-1)x(q-1)
arerela,velyprime.• Twonumbersarerela,velyprimeiftheyhavenocommon
factorgreaterthanone• Computedecryp,onkeydsuchthat
d*e=1mod((p-1)x(q-1))• Constructpublickeyas(e,n)• Constructprivatekeyas(d,n)• Discard(donotdisclose)originalprimespandq
CSE30341–Opera,ngSystemPrinciples 30
RSAExampleBob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z).
letter m m e c = m mod n e
l 12 1524832 17
c m = c mod n d
17 481968572106750915091411825223072000 12
c d letter
l
encrypt:
decrypt:
4/18/16
16
CSE30341–Opera,ngSystemPrinciples 31
MessageDigest
• Cryptographicchecksum– justasaregularchecksumprotectsthereceiverfromaccidental
changestothemessage,acryptographicchecksumprotectsthereceiverfrommaliciouschangestothemessage.
• One-wayfunc,on– givenacryptographicchecksumforamessage,itisvirtually
impossibletofigureoutwhatmessageproducedthatchecksum;itisnotcomputa,onallyfeasibletofindtwomessagesthathashtothesamecryptographicchecksum.
• Relevance– ifyouaregivenachecksumforamessageandyouareableto
computeexactlythesamechecksumforthatmessage,thenitishighlylikelythismessageproducedthechecksumyouweregiven.
CSE30341–Opera,ngSystemPrinciples 32
Authen,ca,onProtocols
• Three-wayhandshakeClient Server
ClientId, E ( , CHK)
E(y+ , CHK)
E(SK, SHK)
Y
4/18/16
17
CSE30341–Opera,ngSystemPrinciples 33
Trustedthirdparty(Kerberos)
AS B
E((T, L, K, B), KA),E((A, T), K),
E((T, L, K, A), KB)
A, B
E(T + 1 , K)
E ((T, L, K, A), KB)
CSE30341–Opera,ngSystemPrinciples 34
Publickeyauthen,ca,on
A B
E(x, PublicB )
x
4/18/16
18
CSE30341–Opera,ngSystemPrinciples 35
MessageIntegrityProtocols
• DigitalsignatureusingRSA– specialcaseofamessageintegritywherethecodecanonlyhavebeen
generatedbyonepar,cipant– computesignaturewithprivatekeyandverifywithpublickey
• KeyedMD5– sender:m+MD5(m+k)+E(E(k,rcv_public),snd_private)– receiver
• recoversrandomkeyusingthesender’spublickey• appliesMD5totheconcatena,onofthisrandomkeymessage
• MD5withRSAsignature– sender:m+E(MD5(m),private)– receiver
• decryptssignaturewithsender’spublickey• comparesresultwithMD5checksumsentwithmessage
CSE30341–Opera,ngSystemPrinciples 36
PublicKeyDistribu,on
• Cer,ficate– specialtypeofdigitallysigneddocument:“Icer;fythatthepublickeyinthisdocumentbelongstotheen;tynamedinthisdocument,signedX.”
– thenameoftheen,tybeingcer,fied– thepublickeyoftheen,ty– thenameofthecer,fica,onauthority– adigitalsignature
• Cer,fica,onAuthority(CA)– administra,veen,tythatissuescer,ficates– usefulonlytosomeonethatalreadyholdstheCA’spublickey.
4/18/16
19
CSE30341–Opera,ngSystemPrinciples 37
KeyDistribu,on(cont)
• ChainofTrust– ifXcer,fiesthatacertainpublickeybelongstoY,andYcer,fiesthatanotherpublickeybelongstoZ,thenthereexistsachainofcer,ficatesfromXtoZ
– someonethatwantstoverifyZ’spublickeyhastoknowX’spublickeyandfollowthechain
• Cer,ficateRevoca,onList
CSE30341–Opera,ngSystemPrinciples 38
Cer,ficate• Serialnumber(uniquetoissuer)• infoaboutcer,ficateowner,includingalgorithmandkeyvalueitself
(notshown)❒ info about
certificate issuer
❒ valid dates ❒ digital
signature by issuer
4/18/16
20
CSE30341–Opera,ngSystemPrinciples 39
UserAuthen,ca,on
• Crucialtoiden,fyusercorrectly,asprotec,onsystemsdependonuserID
• Useriden,tymostorenestablishedthroughpasswords,canbeconsideredaspecialcaseofeitherkeysorcapabili,es
• Passwordsmustbekeptsecret– Frequentchangeofpasswords– Historytoavoidrepeats– Useof“non-guessable”passwords– LogallinvalidaccessaUempts(butnotthepasswordsthemselves)
CSE30341–Opera,ngSystemPrinciples 40
40
SecureShell(SSH)• Remoteloginservice(replacestelnetandrlogin).• Providesauthen,ca,on,integrity,andconfiden,ality.• SSHversion2:SSH-TRANS,SSH-AUTH,SSH-CONN.
Applicationclient
Applicationserver
SSH SSHForwarded connection
Direct connection
Host A Host B
4/18/16
21
CSE30341–Opera,ngSystemPrinciples 41
41
TransportLayerSecurity(TLS)
• SecureSocketLayer(SSL).• SecureHTTP(HTTPS).• Handshakeprotocolandrecordprotocol.
Application (e.g., HTTP)Secure transport layer
TCPIP
Subnet
CSE30341–Opera,ngSystemPrinciples 42
Firewalls
• Filter-BasedSolu,on– example
(192.12.13.14,1234,128.7.6.5,80)(*,*,128.7.6.5,80)
– default:forwardornotforward?– howdynamic?
Rest of the Internet Local site
Firewall
4/18/16
22
CSE30341–Opera,ngSystemPrinciples 43
Proxy-BasedFirewalls
• Problem:complexpolicy• Example:webserver
• Solu,on:proxy
• Design:transparentvs.classical• Limita,ons:aUacksfromwithin
Company net Webserver
Randomexternaluser
Remotecompanyuser
Internet
Firewall
Firewall
Externalclient
External HTTP/TCP connection
Proxy
Internal HTTP/TCP connection
Localserver