CS 5950/6030 Network Security Class 4 ( F , 9/ 9 /05)

CS 5950/6030 Network SecurityClass 4 (F, 9/9/05)

Leszek LilienDepartment of Computer Science

Western Michigan University

[Using some slides prepared by:Prof. Aaron Striegel, U. of Notre Dame

Prof. Barbara Endicott-Popovsky, U. Washington, and Prof. Deborah Frincke, U. Idaho]

2

1.2. Survey of Students’ Backgroundand Experience (1)

Background SurveyCS 5950/6030 Network Security - Fall 2005

Please print all your answers.First name: __________________________ Last name: _____________________________Email _____________________________________________________________________Undergrad./Year ________ OR: Grad./Year or Status (e.g., Ph.D. student) ________________Major _____________________________________________________________________

PART 1. Background and Experience1-1) Please rate your knowledge in the following areas (0 = None, 5 = Excellent).

UNIX/Linux/Solaris/etc. Experience (use, administration, etc.)0 1 2 3 4 5Network Protocols (TCP, UDP, IP, etc.)0 1 2 3 4 5Cryptography (basic ciphers, DES, RSA, PGP, etc.)0 1 2 3 4 5Computer Security (access control, security fundamentals, etc.)0 1 2 3 4 5

Any new studentswho did not fill out the survey?

3

Section 1– Class 4Class 1:

1.1. Course Overview Syllabus - Course Introduction

1.2. Survey of Students’ Background and Experience1.3. Introduction to Security

Class 2: …1.3.4. Vulnerabilities, Threats, and Controls – PART 1

…Levels of Vulnerabilities / Threats

A) Hardware level / B) Software level

Class 3: C) Data level / D) Other levels

1.3.5. Attackers1.3.6. How to React to an Exploit?1.3.7. Methods of Defense – PART 1

Class 4: 1.3.7. Methods of Defense – PART 21.3.8. Principles of Computer Security

4

1.3.7. Methods of Defense

Five basic approaches to defense of computing systems Prevent attack

Block attack / Close vulnerability Deter attack

Make attack harder (can’t make it impossible ) Deflect attack

Make another target more attractive than this target

Detect attack During or after

Recover from attack

5

A) Controls Castle in Middle Ages

Location with natural obstacles

Surrounding moat Drawbridge Heavy walls

Arrow slits Crenellations

Strong gate Tower

Guards / passwords

Computers Today Encryption Software controls Hardware controls Policies and

procedures Physical controls

6

Multiple controls in computing systems Fig. 1-6 – p.23 system perimeter – defines „inside/outside” preemption – attacker scared away deterrence – attacker could not overcome defenses faux environment (e.g. honeypot, sandbox) – attack

deflected towards a worthless target (but the attacker doesn’t know about it!)

Note layered defense /multilevel defense / defense in depth

(ideal!)

Medieval castles –photos nad drawings location (steep hill, island, etc.) moat / drawbridge / walls / gate / guards /passwords another wall / gate / guards /passwords yet another wall / gate / guards /passwords tower / ladders up

7

A.1) Controls: Encryption Primary controls!

Cleartext scambled into ciphertext (enciphered text)

Protects CIA: confidentiality – by „masking” data integrity – by preventing data updates

e.g., checksums included availability – by using encryption-based protocols

e.g., protocols ensure availablity of resources for different users

Much more later

[cf. Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]

8

A.2) Controls: Software Controls

Secondary controls – second only to encryption

Software/program controls include: OS and network controls

E.g. OS: sandbox / virtual machine Logs/firewalls, OS/net virus scans, recorders

independent control programs (whole programs) E.g. password checker, virus scanner, IDS

(intrusion detection system) internal program controls (part of a program)

E.g. read/write controls in DBMSs development controls

E.g. quality standards followed by developers incl. testing

9

Considerations for Software Controls: Impact on user’s interface and workflow

E.g. Asking for a password too often?

10

A.3) Controls: Hardware Controls

Hardware devices to provide higher degree of security Locks and cables (for notebooks) Smart cards, dongles, hadware keys, ... ...

11

A.4) Controls: Policies and Procedures

Policy vs. Procedure Policy: What is/what is not allowed Procedure: How you enforce policy

Advantages of policy/procedure controls: Can replace hardware/software controls Can be least expensive

Be careful to consider all costs E.g. help desk costs often ignored for for passwords

(=> look cheap but migh be expensive)

12

Policy - must consider: Alignment with users’ legal and ethical

standards Probability of use (e.g. due to

inconvenience)Inconvenient: 200 character password,

change password every week

(Can be) good: biometrics replacing passwords Periodic reviews

As people and systems, as well as their goals, change

13

A.5) Controls: Physical Controls

Walls, locks Guards, security cameras Backup copies and archives Cables an locks (e.g., for notebooks) Natural and man-made disaster

protection Fire, flood, and earthquake protection Accident and terrorism protection

...

14

B) Effectiveness of Controls

Awareness of problem People convined of the need for these controls

Likelihood of use Too complex/intrusive security tools are often

disabled Overlapping controls

>1 control for a given vulnerability To provide layered defense – the next layer

compensates for a failure of the previous layer Periodic reviews

A given control usually becomess less effective with time

Need to replace ineffective/inefficient controls with better ones

15

1.3.8. Principles of Computer Security

Principle of Easiest Penetration (p.5)An intruder must be expected to use any available means of penetration.The penetration may not necessarily be by the most obvious means, nor is it necessarily the one against which the most solid defense has been installed.

Principle of Adequate Protection (p.16)Computer items must be protected to a degree consistent with their value and only until they lose their value.

[modified by LL]

16

Principle of Effectiveness (p.26)Controls must be used—and used properly—to be effective.They must be efficient, easy to use, and appropriate.

Principle of Weakest Link (p.27)Security can be no stronger than its weakest link. Whether it is the power supply that powers the firewall or the operating system under the security application or the human, who plans, implements, and administers controls, a failure of any control can lead to a security failure.

17

Section 1 Summary

1.1. Course Overview Syllabus - Course Introduction

1.2. Survey of Students’ Background and Experience

1.3. Introduction to Security Examples – Security in Practice What is „Security?”

18

Section 2 Outline

2. Cryptology2.1. Threats to Messages2.2. Basic Terminology and Notation2.3. Requirements for Crypto Protocols ...

19

2.1. Threats to Messages

Interception Interruption

Blocking msgs Modification Fabrication

“A threat is blocked by control of a vulnerability” [Pfleeger & Pfleeger]

[cf. B. Endicott-Popovsky, U. Washington]

20

2.2. Basic Terminology & Notation

Cryptology: cryptography + cryptanalysis

Cryptography: art/science of keeping message secure

Cryptanalys: art/science of breaking ciphertext

Enigma in WW2 Read the real story – not fabrications!

21

Basic Cryptographic Scheme

plaintext ciphertext

original plaintext

ENCRYPTION

ENCODING

ENCIPHERING

E

DECRYPTION

DECODING

DECIPHERING

D

P C P

P = <p1, p2, ..., pn> pi = i-th char of P

P = „DO NOT TELL ANYBODY” p1 = „D”, p2 = „O”, etc.

By convention, cleartext in uppercase C = <c1, c2, ..., cn> ci = i-th char of C

C = „ep opu ufmm bozcpez” c1 = „e”, c2 = „p”, etc.

By convention, ciphertext in lowercase

22

Benefits of Cryptography

Improvement not a Solution! Minimizes problems Doesn’t solve them

Remember: There is no solution!

Adds an envelope (encoding) to an open postcard (cleartext)

[cf. D. Frincke, U. of Idaho]

23

Formal Notation

C = E(P) E – encryption rule/algorithm

P = D(C) D – decryption rule/algorithm

We need a cryptosystem, where: P = D(C)= D(E(P))

i.e., able to get the original message back

plaintext ciphertextoriginal

plaintextENCRYPTION

ENCODING

ENCIPHERING

E

DECRYPTION

DECODING

DECIPHERING

D

P C P

24

Cryptography in Practice

plaintext

P

ciphertext

ENCRYPTION

ENCODING

ENCIPHERING

E

C

hostile environmen

t

ciphertext

original plaintext

DECRYPTION

DECODING

DECIPHERING

D

C P

hostile environmen

t

Sending a secure message

Receiving a secure message

25

Crypto System with Keys

C = E(KE, P) E = set of encryption algorithms / KE selects Ei E

P = D(KD, C) D = set of decryption algorithms / KD selects Dj D

Crypto algorithms and keys like door locks and keys (p.37)

W need: P = D(KD, E(KE, P))

E DP C P

EncryptionKey

Decryption Key

KE KD

26

Cryptosystems w.r.t. Keys

Keyless cryptosystems exist (e.g., Caesar’s cipher - below) Less secure

Symmetric cryptosystems: KE = KD (p.38)

Classic Encipher and decipher using the same key

Or one key is easily derived from other

Asymmetric cryptosystems: KE ≠ KD (revious slide)

Public key system Encipher and decipher using different keys

Computationally infeasible to derive one from other [cf. B. Endicott-Popovsky, U. Washington]

27

2.3. Requirements for Crypto Protocols

Messages should get to destination Only the recipient should get it Only the recipient should see it Proof of the sender’s identity Message shouldn’t be corrupted in transit Message should be sent/received once

Proofs that message was sent/received (non-repudiation)

[cf. D. Frincke, U. of Idaho]

Continued – Class 5