1 December Security and Privacy. Information Systems Security Systems Operating system, files, databases, accounting information, logs,... Issue if someone.

1 December

Security and Privacy

Information Systems Security

Systems Operating system, files, databases,

accounting information, logs, ... Issue if someone gets access to your

system Information in transit over a network

e-commerce transactions, online banking, confidential e-mails, file transfers,...

Basic Components of Security Confidentiality

Keeping data and resources secret or hidden Integrity

Ensuring authorized modifications Both data and origin

Availability Ensuring authorized access to data and resources

when desired Accountability

Ensuring that an action is traceable uniquely to the actor

Assurance

How much to trust a system Requires

Protection against unintentional errors

Resistance to intentional penetration or by-pass

Info Security 20 Years Ago

Physical security Information was primarily on paper Lock and key Safe transmission

Administrative security Control access to materials Personnel screening Auditing

Information security today Emergence of the Internet and distributed systems

Increasing system complexity Digital information needs to be kept secure

Competitive advantage Protection of assets Liability and responsibility

Financial losses FBI estimates that an insider attack results in an average loss of $2.8

million Estimates of annual losses: $5 billion - $45 billion

National defense Protection of critical infrastructures

Power grid Air transportation

Interlinked government agencies Severe concerns regarding security management and access control

measures (GAO report 2003) Grade F for most of the agencies

Attack Vs Threat

A threat is a “potential” violation of security Violation need not actually occur Fact that the violation might occur

makes it a threat The actual violation of security is

called an attack

Common security attacks Interruption, delay, denial of receipt, denial of

service, distributed denial of service System assets or information become unavailable or

are rendered unavailable Interception or snooping

Unauthorized party gains access to information by browsing through files or reading communications

Modification or alteration Unauthorized party changes information in transit or

information stored for subsequent access Fabrication, masquerade, or spoofing

Spurious information is inserted into the system or network by making it appear as if it is from a legitimate source

Goals of Security Prevention

Prevent someone from violating a security policy Detection

Detect activities in violation of a security policy Verify the efficacy of the prevention mechanism

Recovery Stop attacks Assess and repair damage Ensure availability in presence of an ongoing attack Fix vulnerabilities in order to prevent future attacks Deal with the attacker

Should We Protect Something? Cost-Benefit Analysis

Benefits vs. total cost Is it cheaper to prevent or recover?

Risk Analysis How much should we protect this thing? Risk depends on environment and changes with time

Laws and Customs Are desired security measures illegal? Will people do them? (DNA for identity) Affects availability and use of technology

Human Issues

Outsiders and insiders Insiders account for 80-90% of all

security problems Social engineering

How much do you disclose about security?

Network Security

Information Systems Security

“Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card

information from someone living in a cardboard box to someone living

on a park bench” – Gene Spafford (Purdue)

Network Security Model

Trusted Third Partyarbiter, distributor of

secret information

OpponentSec

ure

Mes

sage

Sec

ure

Mes

sage

Mes

sage

Information channel

Sender Receiver

Secret Information Security related

transformation

Secret Information

Mes

sage

Network Access Model

GateKeeper

Opponent - hackers - software

Access Channel

DataSoftware

firewall or equivalent, password-based login

Firewall Techniques Filtering

Doesn’t allow unauthorized messages through

Can be used for both sending and receiving Most common method

Proxy The firewall actually sends and receives the

information Sets up separate sessions and controls what

passes in the secure part of the network

Key Technologies

Encryption Authentication

Encryption All encryption algorithms from BCE till

1976 were secret key algorithms Also called classical cryptography or

symmetric key algorithms Julius Caesar used a substitution cipher Widespread use in World War II (enigma)

Public key algorithms were introduced in 1976 by Whitfield Diffie and Martin Hellman

Caesar Cipher Substitute the letter 3 ahead for

each one Example:

Et tu, Brute Hw wx, Euxwh

Quite sufficient for its time High illiteracy New idea

Enigma Machine Simple Caesar

cipher through each rotor

But rotors shifted at different rates Roller 1 rotated

one position after every encryption

Roller 2 rotated every 26 times…

http://www.trincoll.edu/depts/cpsc/cryptography/enigma.html

Used by Germany in WW IIAllies broke the codeMajor benefit to the war effort

Terminology Plaintexts – unencrypted text Ciphertexts – encrypted text Keys – used to encrypt and decrypt Encryption functions – algorithm to

change plaintext to ciphertext Decryption functions – algorithm to

change ciphertext to plaintext

Security Level of Encrypted Data

Unconditionally Secure Unlimited resources + unlimited time Still the plaintext CANNOT be recovered

from the ciphertext Computationally Secure

Cost of breaking a ciphertext exceeds the value of the hidden information

The time taken to break the ciphertext exceeds the useful lifetime of the information

Types of Attacks Ciphertext only

adversary has only ciphertext goal is to find plaintext, possibly key

Known plaintext adversary has plaintext and ciphertext goal is to find key

Chosen plaintext adversary can get a specific plaintext

enciphered goal is to find key

Attack Mechanisms

Brute force Statistical analysis

Knowledge of natural language

Classical Cryptography Sender, receiver share common key

Keys may be the same, or trivial to derive from one another

Two basic types Transposition ciphers (rearrange bits) Substitution ciphers

Product ciphers Combinations of the two basic types

Advanced Encryption Standard (AES)

Government adopted in 2001 A block cipher:

encrypts blocks of 128 bits using at least a 128 bit key outputs 64 bits of ciphertext

A product cipher performs both substitution and transposition

(permutation) on the bits Computationally secure: no known

successful attacks

Public Key Cryptography Two keys

Private key known only to individual Public key available to anyone Keys are inverses

Used for Confidentiality encipher using public key decipher using private key

Used for integrity and authentication encipher using private key decipher using public one

Private Key Requirements

Computationally easy to encipher or decipher

Computationally infeasible to derive the private key from the public key

Computationally infeasible to determine the private key from a chosen plaintext attack

RSA Public key algorithm described in 1977

by Rivest, Shamir, and Adelman Exponentiation cipher Basics

Public key: (e, n); private key: d e, d and n computed from two large prime numbers

Encipher: c = me mod n Decipher: m = cd mod n

Computationally secure with 2048 bit key

Summary Two main types of cryptosystems:

classical and public key Classical cryptosystems encipher

and decipher using the same key Public key cryptosystems encipher

and decipher using different keys

Authentication

Assurance of the identity of the party that you’re talking to

Methods Digital Signature Kerberos

Digital Signature Authenticates origin, contents of message in a

manner provable to a disinterested third party (“judge”)

Sender cannot deny having sent message (service is “nonrepudiation”)

Limited to technical proofs Inability to deny one’s cryptographic key was used to

sign One could claim the cryptographic key was stolen or

compromised Legal proofs, etc., probably required

Protocols based on both public and private key technologies

Kerberos Authentication system

Central server plays role of trusted third party Ticket (credential)

Issuer vouches for identity of requester of service Authenticator

Identifies sender User must

Authenticate to the system Obtain ticket to use a specific server

Problems Relies on synchronized clocks Vulnerable to attack

Privacy

What is privacy?

The right to have information that you don’t expect to be available to others remain that way

On many sites, you give up your right to privacy

Some Views on Privacy “All this secrecy is making life harder,

more expensive, dangerous …”Peter Cochran, former head of BT (British Telecom)

Research

“You have zero privacy anyway.”Scott McNealy, CEO Sun Microsystems

“By 2010, privacy will become a meaningless concept in western society”

Gartner report, 2000

Historical Basis of Privacy

Justice of Peace Act (England 1361) Provides for arrest of Peeping Toms

and eavesdroppers Universal Declaration of Human

Rights (1948) European Convention on Human

Rights (1970)

Legal Realities of Privacy Self-regulation approach in US, Japan Comprehensive laws in Europe,

Canada, Australia European Union

Limits data collection Requires comprehensive disclosures Prohibits data export to unsafe countries

Or any country for some types of data

Aspects of Privacy

Anonymity Security Transparency and Control:

knowing what is being collected

Impediments to Privacy Surveillance Data collection and sharing Cookies

Web site last year was discovered capturing cookies that it retained for 5 years

Sniffing, Snarfing, Snorting All are forms of capturing packets as they

pass through the network Differ by how much information is captured

and what is done with it

P3P

Platform for Privacy Preference Voluntary standard still in draft

form Structures a web sites policies in a

machine readable format Allows browsers to understand the

policy and behave according to a user’s defined preferences