security and authentication cs-4513 d-term 20081 security and authentication cs-4513 distributed...

Security and Authentication

CS-4513 D-term 2008 1


CS-4513Distributed Computing Systems

(Slides include materials from Operating System Concepts, 7th ed., by Silbershatz, Galvin, & Gagne, Distributed Systems: Principles & Paradigms, 2nd ed. By Tanenbaum and Van Steen, and

Modern Operating Systems, 2nd ed., by Tanenbaum)


CS-4513 D-term 2008 2

Reading Material

• Tanenbaum, Modern Operating Systems, Chapter 9– Security and threats

– Viruses• How to write and

detect!

– Protection – implementation of security

• Silbershatz, Chapters 14-15– Protection

– Security

• Tanenbaum & Van Steen– Chapter 9


CS-4513 D-term 2008 3

Puzzle

• Alice wishes to send secret message to Bob– She places message in impenetrable box– Locks the box with unbreakable padlock– Sends locked box to Bob

• Problem:– Bob has no key to unlock box– No feasible way to securely send key to Bob

• How does Bob retrieve message?


CS-4513 D-term 2008 4

Answer

• Bob adds 2nd unbreakable padlock to box– Locks with own key– Sends box back to Alice (with two padlocks!)

• Alice unlocks and removes her lock– Sends box back to Bob

• Bob unlocks his lock– Opens box and reads message

• What could go wrong?


CS-4513 D-term 2008 5

Answer

• Bob adds 2nd unbreakable padlock to box– Locks with own key– Sends box back to Alice (with two padlocks!)

• Alice unlocks and removes her lock– Sends box back to Bob

• Bob unlocks his lock– Opens box and reads message

• What could go wrong?


CS-4513 D-term 2008 6

Authentication

• How does a system (distributed or not) know who it is talking to?

• Who do I say that I am?

• How can I verify that?• Something I know (that nobody else should know)• Something I have (that nobody else should have)• Something I am (that nobody else should be…)


CS-4513 D-term 2008 7

Threats against Authentication

I want to pretend to be you:• I can steal your password

– the sticky note on your monitor or the list in your desk drawer

– by monitoring your communications or looking over your shoulder

• I can guess your password – particularly useful if I can also guess your user name

• I can get between you and the system you are talking to


CS-4513 D-term 2008 8

Getting between you and system you are talking to


CS-4513 D-term 2008 9

Login Spoof

• I create a login screen in my process– On a public machine

– Looks exactly like real one

• You log into system– My login process records your user ID and password

– Logs you in normally

• Result:– I have gotten between you and system without your knowledge– Also, I have stolen your user ID and password


CS-4513 D-term 2008 10

The Trouble with Passwords

• They are given away

• They are too easy to guess

• They are used too often

• There are too many of them

• They are used in too many places


CS-4513 D-term 2008 11

Some ways around the problem

• Better passwords– longer– larger character set– more random in nature/encrypted

• Used less often– changed frequently, one system per password– challenge/response – use only once


CS-4513 D-term 2008 12

The Challenge/Response Protocol

Art MaryHello, I’m Art

Decrypt This {R}P

R

Hello Art! How can I help you?


CS-4513 D-term 2008 13

The Challenge/Response Protocol

Art MaryHello, I’m Art

Decrypt This {R}P

R

Hello Art! How can I help you?

P is a shared secret

R is a r

andom number


CS-4513 D-term 2008 14

Threat: Steal passwords from the system

• Don’t keep them in an obvious place

• Encrypt them so that version seen by system is not same as what user enters

• … or version on the wire

• …… or version used last time


CS-4513 D-term 2008 15

Too many passwords to remember?

• Third-party authentication– Get someone to vouch for you

• The basics: “This guy says you know him..”“Yes, I trust him, so you should too..”

• Kerberos – Certificate-based authentication within a trust community


CS-4513 D-term 2008 16

What is in a certificate?

• Who issued it

• When was it issued

• For what purpose was it issued

• For what time frame is it valid

• (possibly other application-specific data)

• A “signature” that proves it has not been forged


CS-4513 D-term 2008 17

Systems and Networks Are Not Different

• Same basic rules about code behavior apply

• Same authentication rules apply

• The same security principles apply

• Same Coding Rules Apply To: – An application

– Code which manages incoming messages

– Code which imposes access controls on a network

– ...


CS-4513 D-term 2008 18

The Principles

• Understand what you are trying to protect

• Understand the threat(s) you are trying to protect against– Also, costs and risks

• Be prepared to establish trust by telling people how you do it

• Assume that the bad guys are at least as clever as you are!


CS-4513 D-term 2008 19

Security must occur at four levels to be effective

• Physical– The best security system is no better than the lock on your front

door (or desk, or file cabinet, etc.)!

• Human– Phishing, dumpster diving, social engineering

• Operating System– Protection and authentication subsystems– Prevention of unauthenticated access to data

• Network– Protection and authentication subsystems– Separate from underlying protocols

• Security is as weak as the weakest link in chain


CS-4513 D-term 2008 20

How do these attacks work?

• Messages that attack mail readers or browsers

• Denial of service attacks against a web server

• Password crackers

• Viruses, Trojan Horses, other “malware”


CS-4513 D-term 2008 21

The concept of a “Vulnerability”

• Buffer overflow

• Protocol/bandwidth interactions– Protocol elements which do no work

• “execute this” messages– The special case of “mobile agents”

• Human user vulnerabilities– eMail worms– Phishing


CS-4513 D-term 2008 22

Another Principle

• There is a never-ending war going on between the “black hats” and the rest of us.

• For every asset, there is at least one vulnerability

• For every protective measure we add, “they” will find another vulnerability


CS-4513 D-term 2008 23

Yet Another Principle

• There is no such thing as a bullet-proof barrier

• Every level of the system and network deserves an independent threat evaluation and appropriate protection

• Only a multi-layered approach has a chance of success!


CS-4513 D-term 2008 24

Actual Losses:

• Approximately 70% are due to human error

• More than half of the remainder are caused by insiders

• “Social Engineering” accounts for more loss than technical attacks.


CS-4513 D-term 2008 25

What is “Social Engineering”?

“Hello. This is Dr. Burnett of the cardiology department at the Conquest Hospital in Hastings. Your patient, Sam Simons, has just been admitted here unconscious. He has an unusual ventricular arrhythmia. Can you tell me if there is anything relevant in his record?”


CS-4513 D-term 2008 26

Social Engineering (2)

From: [email protected]: Sunday, December 3, 2006 8:10 AMTo: [email protected]: Re: Approved

Please read the attached file.


CS-4513 D-term 2008 27

Program Threats in Operating Systems

• Trojan Horse– Code segment that misuses its environment– Exploits mechanisms for allowing programs written by users to be

executed by other users– Spyware, pop-up browser windows, covert channels

• Logic Bomb– Program that initiates a security incident under certain

circumstances• Trap Door

– Specific user identifier or password that circumvents normal security procedures

– Could be included in a compiler• Stack and Buffer Overflow

– Exploits a bug in a program (overflow either the stack or memory buffers)


CS-4513 D-term 2008 28

Program Threats – Viruses

• Code fragment embedded in legitimate programs• Very specific to CPU architecture, operating

system, applications• Usually borne via email or as a macro• E.g., Visual Basic Macro to reformat hard drive

Sub AutoOpen()Dim oFSSet oFS = CreateObject(’’Scripting.FileSystemObject’’)vs = Shell(’’c:command.com /k format c:’’,vbHide)

End Sub


CS-4513 D-term 2008 29

Program Threats (Cont.)

• Virus dropper inserts virus onto the system• Many categories of viruses, literally many thousands of

viruses– File– Boot– Macro– Polymorphic– Source code– Encrypted– Stealth– Tunneling– Multipartite– Armored


CS-4513 D-term 2008 30

Questions?


CS-4513 D-term 2008 31

What is a “Security Policy?”

• What rights MAY a user have? – Define the maximum!

• What rights can a user pass on?

• How can a user acquire additional rights?

• Linux/Unix: -rwxr-xr-- /foo -rw--w---- /bar


CS-4513 D-term 2008 32

Policy Models (1)

A “Policy Model” is a framework for creating a specific policy for a specific organization

• Linux/Unix– Users, groups, everybody– “owner” (or “…”) controls grant of rights– Rights based on UID, GID – Focus on files– Process has rights of parent

• can change GID or drop rights


CS-4513 D-term 2008 33

Policy Models (2)

• Win200X– Users and groups– Groups may be members of groups– Rights are the combined rights of all groups of

which the user is a direct or indirect member– Administrator controls everything

• can grant any right

– The default is strong control over admin functions and little control over files


CS-4513 D-term 2008 34

Policy Models (3)

• Typical Business– Managers can (usually) grant rights to their staff

– Information is visible to people above in the organization

– Managers do not have authority to grant access downward for some classes of information

– Overall control is maintained by restricting access to applications rather than to data

– Databases have their own distinct access controls


CS-4513 D-term 2008 35

Policy Models (4)

• The Military Mind– Access rights are granted only by a higher

authority– Access is broken into two models

• need-to-know (usually organizational with upward visibility)

• item-by-item (classification may occur in advance of creation or after)

– Creator may be denied access to own work

– Some weird anomalies


CS-4513 D-term 2008 36

Policy Models (5)

• The BMA (British Medical Assoc.) model (1995)– Each medical record has an access control list– Access may be granted to a new clinician by the subject

or the primary clinician– Patient must be notified of all ACL changes, and may

revoke access– Deletions are not allowed– All access must be logged and auditable– Information may be aggregated from A into B only if

ACL(A) is a superset of ACL(B)• Reference

Anderson, Ross, “An Update on the BMA Security Policy,” 1996. (.pdf)

http://web.cs.wpi.edu/~cs502/s06/Papers/Anderson,%20BMA%20Security%20Policy.pdf

http://web.cs.wpi.edu/~cs502/s06/Papers/Anderson,%20BMA%20Security%20Policy.pdf


CS-4513 D-term 2008 37

Policy Models (6)

• The HIPAA model (1998)– The patient controls the right to access

“personally identifiable health information”– Access is granted to any clinician or facility

staff participating in the care of the patient– Patient must be notified of all breaches– Deletions are not allowed– All access must be logged and auditable– Privileges may be revoked


CS-4513 D-term 2008 38

More Principles

• Think about Assets, Threats and Vulnerabilities FIRST

• Find an appropriate (and minimally complex) Policy Model

• Match your OS capabilities to the policy model as best you can

• Train staff to recognize social engineering!

• Train staff to make a habit out of the policy!


CS-4513 D-term 2008 39

Fun with Cryptography

• What is cryptography about?

• General Principles of Cryptography

• Basic Protocols– Single-key cryptography– Public-key cryptography

• An example...


CS-4513 D-term 2008 40

Cryptography as a Security Tool

• Broadest security tool available– Source and destination of messages cannot be

trusted without cryptography– Means to constrain potential senders (sources)

and / or receivers (destinations) of messages

• Based on secrets (keys)


CS-4513 D-term 2008 41

Principles

• Cryptography is about the exchange of messages

• The key to success is that all parties to an exchange trust that the system will both protect them from threats and accurately convey their message

• TRUST is essential


CS-4513 D-term 2008 42

Therefore

• Algorithms must be public and verifiable

• We need to be able to estimate the risk of compromise

• The solution must practical for its users, and impractical for an attacker to break


CS-4513 D-term 2008 43

Guidelines

• Cryptography is always based on algorithms which are orders of magnitude easier to compute in the forward (normal) direction than in the reverse (attack) direction.

• The attacker’s problem is never harder than trying all possible keys

• The more material the attacker has the easier his task


CS-4513 D-term 2008 44

Example

• What is 314159265358979 314159265358979?

vs.

• What are prime factors of3912571506419387090594828508241?


CS-4513 D-term 2008 45

Time marches on…

• We must assume that there will always be improvements in computational power, mathematics and algorithms.– Messages which hang around get less secure

with time!

• Increases in computing power help the good guys and hurt the bad guys for new and short-lived messages


CS-4513 D-term 2008 46

Caveat

• We cannot mathematically PROVE that the inverse operations are really as hard as they seem to be…It is all relative…

The Fundamental Tenet of Cryptography:

If lots of smart people have failed to solve a problem, it won’t be solved (soon)


CS-4513 D-term 2008 47

Secret key cryptography

f (T,K) g (C,K)Cleartext Cleartext

K K

CyphertextT TC


CS-4513 D-term 2008 48

Secret Key Methods

• DES (56 bit key)

• IDEA (128 bit key)• http://www.mediacrypt.com/community/index.asp

• Triple DES (three 56 bit keys)

• AES– From NIST, 2000– choice of key sizes up to 256 bits and more– Commercial implementations available

http://www.mediacrypt.com/community/index.asp


CS-4513 D-term 2008 49

Diffie – Hellman

Alice Agree on p,g Bob

choose random A choose random BTA = gA mod p

TB = gB mod p

compute (TB)A compute (TA)B

Shared secret key is gAB mod p


CS-4513 D-term 2008 50

D–H Problems

• Not in itself an encryption method – we must still do a secret key encryption

• Subject to a “man in the middle” attack– (Alice thinks she is talking to Bob, but actually

Trudy is intercepting all of the messages and substitution her own)


CS-4513 D-term 2008 51

RSA Public key cryptography

f () f ()Cleartext Cleartext

Key #1 Key #2

Cyphertext

Key #1 can be either a Public Key or a Private Key.Key #2 is then the corresponding Private Key or Public Key.

T C T


CS-4513 D-term 2008 52

RSA Public Key Cryptography

• Rivest, Shamir and Adelman (1978)

• I can send messages that only you can read

• I can verify that you and only you could have sent a message

• I can use a trusted authority to distribute my public key – The trusted authority is for your benefit!


CS-4513 D-term 2008 53

RSA Details

• We will use the same operation to encrypt and decrypt

• To encrypt, we will use “e” as a key, to decrypt we will use “d” as a key

• e and d are inverses with respect to the chosen algorithm


CS-4513 D-term 2008 54

RSA Details

• Choose n as the product of two large primes– Finding the factors of a large number is

mathematically hard (difficult)– Finding primes is also hard

• Choose e to be a (fairly small) prime and compute d from e and the factors of n

• THROW AWAY THE FACTORS OF n!

• Publish two numbers, e (public key) and n


CS-4513 D-term 2008 55

RSA Details

• Encryption: Cyphertext = (Cleartext)e mod n• Decryption: Cleartext = (Cyphertext)d mod n

• Typical d will be on the order of 500 to 700 bits• The cost of the algorithm is between 1 and 2

the size of n, – Each operation is a giant shift and add (multiply by a

power of 2)


CS-4513 D-term 2008 56

RSA Problems

• It is much more costly than typical secret-key methods – Use RSA to hide (i.e., encrypt) a secret key, – Encrypt the message with the secret key and

append/prefix the encrypted key

• Requires a “Public Key Infrastructure” for effective key generation and distribution– Chain of trust thing again!


CS-4513 D-term 2008 57

Message Digests (aka Digital Signatures)

• A message digest is a non-reversable algorithm which reduces a message to a fixed-length “summary”

• The summary has the property that a change to the original will produce a new summary

• The probability that the new summary is the same as the old should be 1/(size of digest)

• Silbershatz, p. 582 (§15.4.1.3)• Tanenbaum, p. 590 (§9.2.4)


CS-4513 D-term 2008 58

Message Digests (2)

• There are several good (but possibly no perfect) message digest algorithms

• MD5 is probably the most common one in use – 128 bit digest

• has known weaknesses

• SHA-1 – 160 bit digest (current best choice)• [Another product of NIST]


CS-4513 D-term 2008 59

Conclusion

• Protection in OS and distributed system is • Difficult

• Important

• Security is needed for• Authentication of users

• Validation of communication


CS-4513 D-term 2008 60

Resources

• Network World Security Newsletter– http://www.nwsubscribe.com– Practical advice, not a virus alert newsletter. Especially good for

the links to other security resources at the bottom of each article

• CERT Coordination Center at CMU– http://www.cert.org

• News about system threats, including viruses and other problems. Source for OCTAVE papers and process

• Norton AntiVirus Site (Symantec)– http://securityresponse.symantec.com/avcenter/

• McAfee Security (Network Associates)– http://us.mcafee.com/virusinfo/

http://www.nwsubscribe.com/

http://www.cert.org/

http://securityresponse.symantec.com/avcenter/

http://us.mcafee.com/virusinfo/


CS-4513 D-term 2008 61

Textbooks

Network Security: C. Kaufman, R. Perlman, M. Speciner, Prentice Hall (2002)– A practical but rigorous presentation of network security issues

and techniques with emphasis on cryptographic solutions

Security Engineering: R. Anderson, Wiley (2001)– Focused on learning from past mistakes in security system design.

– Excellent discussion of policies and policy models.

– See author’s web site (www.ross-anderson.com) if you are interested in current research.

http://www.ross-anderson.com/


CS-4513 D-term 2008 62

Other Books

Real World Linux Security: R. Toxen, Prentice Hall (2003)– An excellent read. Lists hundreds of vulnerabilities and what to do

about them. Valuable for non Linux users too.

Windows 2003 Security Bible: B. Rampling, Wiley (2003) – Good example of a how-to book. Specific to WIN2003

The Art of Deception: K. Mitnick, Wiley (2002)– Mitnick is one of the most famous social engineers.

– Must-read for those involved in broad security planning, and fun for everyone.

security and authentication cs-4513 d-term 20081 security and authentication cs-4513 distributed...

Documents

authentication cs

bob bob

password slide

box locks

tanenbaum slide

key sends box

bob problem

locked box