2. 2
What to Be Covered
Nguyen Tuan Nam/NetSec/Win2010
Cryptography
Authentication
Standard
Electronic mail
Others
3. 3
Assignment & Grading
Nguyen Tuan Nam/NetSec/Win2010
Textbook
Network Security – Private Communication in a Public World, 2nd
edition, Charlie Kaufman, Radia Perlman, Mike Speciner, Prentice Hall
2 exams
Midterm
On the 5th week (4 weeks from today)
25%
Final exam (or final project)
45%
Term projects (20%)
Class participation (10%)
Students are responsible to attend classes and take notes (extra
credit)
Fun and creative
4. 4
Terminology
Nguyen Tuan Nam/NetSec/Win2010
Hacker
Not for the vandals that break into computer systems
Steal money, people’s time
Called intruder, bad guy and imposter (Trudy)
Instead, master programmers
Incorruptly honest
Not motivated by money
Careful not to harm anyone
Secret key cryptography (instead of
symmetric cryptography)
Public key cryptography (instead of
asymmetric cryptography)
5. 5
Terminology
Nguyen Tuan Nam/NetSec/Win2010
Privacy
Keeping communication from being seen by anyone
other than the intended recipients
Other books use confidentiality
Alice and Bob: Alice’s computer and Bob’s
computer
User Alice and user Bob: human
6. 6
Why so many Terminology?
Nguyen Tuan Nam/NetSec/Win2010
Speaker: Isn’t it terrifying that on the Internet
we have no privacy?
A: You mean confidentiality?
B: Why do security types insist on inventing
their own language?
C: It’s a denial-of-service attack
7. 7
Notation
Nguyen Tuan Nam/NetSec/Win2010
Symbol Description
⊕ Bitwise-exclusive-or
| Concatenation
K{message} Message encrypted with secret key K
{message}Bob Message encrypted with Bob’s public
key
[message]Bob Message signed with Bob’s private key
9. 9
OSI Reference Model
Not the only way to construct a network
Designed by the ISO (International Standard
Organization)
Too big a task for single committee subdivide the problem
among several committees 7 layers
Each layer
Uses the services of the layer below
Adds functionality
Provides services to the layer above
Note: real networks seldom neatly fit into the seven-
layer model
12. 12
Directory Service
Directory or Naming Service
Instead of one directory, it is structured as a
tree
of directory
Hierarchical name
Prevent the directory from getting unreasonable
large
Why is it important to security?
13. 13
Replicated Services
Convenient to have 2 or more computers
performing the same function (due to
performance)
Overloaded
Distance
Availability
Why is it so important to security?
14. 14
Packet Switching
In a network, message is generally broken into
smaller chunks
Each chunk (packet) is sent independently
Why?
Messages from various sources can be interleaved
on the same link
Error recovery is done on the chunk
Buffer management in the routers is simpler if
the size of packets has a reasonable upper limit
16. 16
Active vs. Passive Attacks
Passive attack where the intruder
Eavesdrops but does NOT modify the
message stream in anyway
Active attack where the intruder
May transmit messages
Replay old messages
Modify messages in transit
Delete selected messages
Ex: man-in-the-middle attack
17. 17
Layers and Cryptography
Encryption and integrity protection are done
On the original message
Infrastructure does not need to know, just forward the message
Infrastructure and the one that keeps the crypto. protected message
need not be trusted
Any corruption or lost
On each chunk of the message
End-to-end
Hop-by-hop
Packet switches must be trusted (by definition, the packet switches
see the plaintext)
18. 18
Authorization
Authentication proves who you are
Authorization defines what you are allowed to
do
Access control list (ACL)
Who is allow to do what with a resource
Capability model
For each user, what he/she is allowed to do
19. 19
Tempest
Biggest concern: eavesdrop and modify/inject
messages
Magic of physics: movement of electrons can be measured
from a surprising distance away
Can eavesdrop without even needing to physically access the
link
Wireless, shared medium
US military Tempest program
Measures how far away an intruder must be before
eavesdropping is impossble
That distance is known as the device’s control zone
Control zone is the region that must be physically guarded to
keep out intruders
ban kinh an toan. vao vung nay nghe
len duoc
20. 20
Key Escrow for Careless Users
Prudent to keep your key in a safe place
When misplace your own key still scan retrieve a copy
of the key
A database of keys
Only be reconstructed with the cooperation of
several independent machines
Some applications don’t require recoverable key
Can be reset by third party (administrator)
User may want different keys for different uses
Only some of the keys are escrowed
21. 21
Viruses, Worms, Trojan Horses
Trojan horse
Instructions hidden inside an otherwise useful program that
do bad thing
Usually used when the malicious instructions are installed at
the time the program is written
Viruses
A set of instructions that, when executed, inserts copies
of itself into other programs
Worms
A program that replicates itself by installing copies of
itself on other machines across a network
22. 22
Viruses, Worms, Trojan Horses
Trapdoor
An undocumented entry point intentionally written into a
program
For debugging purposes, which can be exploited as a security
flaw
Logic bomb
Malicious instructions that trigger on some event in the
future
Zombie
Malicious instructions installed on a system that can be
remotely triggered to carry out some attack
Large number of zombies
23. 23
Where Do They Come From?
Trapdoor
May be intentionally installed to facilitate troubleshooting
The rest
Written by bad guys
Problem
Halting problem
Impossible to tell what an arbitrary program will do
Nobody looks
No access to the source code
Even if you did have access to the code, won’t bother reading it at all
24. lL .S . e n a .b l e s C h i n e s e h a c k i n g o f G -
o o g l eB .y B .r u c e S c:h:ne:ie r S p e c i a l t o
C
J a n . = u y 2 3 , 2 0 1 0 .:5:2 0 p .m . E S T
S T O R Y l l l G H L I G H T S
GDCJL!!;le sa.y:. h a c k e r : . -::ron,_ C1:L-i=a.
g o t i n t o i t -s. G:tn.a..i l -s.yst e n 1
B ru--ce Sc:ho.e:i.er ·s;ay:. ha.ck:a:r :.
e x p l o i tee: :'.ea.t u.:re ! ;ru-t i n t o ::.yst e n 1
a t b e h e s t o c U .S . :gove :r n . m = n t
'"'i.o'h=n gove:r:n=J.21l. t :. e t acoe;s.c:. t o
p r i . v a t e co:t:n:I7Lu.:n.i e a .t:i01:L-s." th e y
i n v i t e .a.lrro.-s.e" h e sa.:y-;s;
• G o v t :.u:rvce:i.1 1 a nc e
:an<TJc:o:c.t :rol off" I n t e:r:o.cet a r e
flou.:r:i:.hin._gc, h s ·s;ay-s.
-
E d n o r "s n .o:Le.- B r u ce. S c h n e l ,e r · is a. securizy t e c h n o.logist ·a.n.d a:ui"ho:r o f
' B e:y o n c l F e a r.- T h i n k i ng S,ens i b. ). A b.ou.t S e c u r i ' IJV i.n a n Uncer:ta.i.n "R,..or:ld . '""
l ?e. a d 1'1<!0re. o f h i s 1-'Yitt.ng a t h t t p .- 1.'1l1.'w.schneie.r..co .n ,..
(C · il.1-) - - 'G o o g le m a d e h e adl.li.:ne s -.;, h e n lt '.<V e n it p u b l ic ;.;r l l i t h e fa c t l l iat
rC h i n es e h a ckretrs h a d p en""'ltlr.a ltred :s.o m re o f lts ,s,en.- o es= su c h .as G m a i l=i n .a
p o l it i c a l ly m o t i -alte d a He:m.p lt a li: i n t rel lig e n o e g a ltfu.<eri:ng _T h e n e".vs h ere s.:n'·lt
·ltfu.a lt C h i n e s e h a c k e rs e:n gag re i n ·ltbes e .ac lti.v ilties O:lf ·ltfu.a lt ·ltbei:lf .atttremp lts .a:lfre
"ltre c h n ic a l ly !S!O pfu.is ltic a ltred - - ". re k n re'i.<V tfu.a lt .abre a d y - - lt' s tfu.att ·itfu.""' U _S_
g o v re£:nme ntt inadl.v re r lte:nttly .a i d e d ·ltbre h a ck e:lfs _
In o r.d e.r ·Ito o o m p y "."'io>'ilth g o v re:lf:l!1.lme:n·lt se a£c h 'i.<V.a:lf:lf.a:nt s o n U !S!e:lf d a t a =G o o g l e
C:lfe at red a b a cl ud o o r a c c e s s .::y;:;;ltr e m i n ·lto 1G m .ail .ac o o u n t s _T h is fre a ltu:lfre s
"'""'"h at tt1hl.e 1C h i n e s e b a ckretrs e xp lo te d ·Ito g a i n .ac o es s _
•
.h
25. 25
What Does a Virus Look Like?
Nguyen Tuan Nam/NetSec/Win2010
Replace any instruction (at location x), by a
jump to some free space in memory (location y)
Write the virus program starting at location y
Place the instruction that was originally at
location x at the end of the virus program
Jump to x+1
26. 26
Viruses
Nguyen Tuan Nam/NetSec/Win2010
Do some damage
Might replicate itself by looking for any executable files
and infecting them
Once an infected program is run
The virus is executed again
Do more damage
Replicate itself to more programs
Usually spread silently until some triggering event
If damage to fast, wouldn’t spread as far
27. 27
How Does a Digital Pest Appear on
Your Computer?
Nguyen Tuan Nam/NetSec/Win2010
Running an infected program
Forum
Program: planted by employees or intruders
Email with attached program
Sometimes you don’t realize you are running
a program
Postscript
Autorun (CD-ROMs, USB flash drives)
29. 29
[mm@noise]$ xmas On the first day of Christmas my true love gave to me a partridge
in a pear tree. On the second day of Christmas my true love gave to me two turtle
doves and a partridge in a pear tree. On the third day of Christmas my true love gave
to me three french hens, two turtle doves and a partridge in a pear tree. On the fourth
day of Christmas my true love gave to me four calling birds, three french hens, two
turtle doves and a partridge in a pear tree. On the fifth day of Christmas my true love
gave to me five gold rings; four calling birds, three french hens, two turtle doves and a
partridge in a pear tree. On the sixth day of Christmas my true love gave to me six
geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and
a partridge in a pear tree. On the seventh day of Christmas my true love gave to me
seven swans a-swimming, six geese a-laying, five gold rings; four calling birds, three
french hens, two turtle doves and a partridge in a pear tree. On the eigth day of
Christmas my true love gave to me eight maids a-milking, seven swans a-
swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two
turtle doves and a partridge in a pear tree. On the ninth day of Christmas my true love
gave to me nine ladies dancing, eight maids a-milking, seven swans a-swimming, six
geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and
a partridge in a pear tree. On the tenth day of Christmas my true love gave to me ten
lords a-leaping, nine ladies dancing, eight maids a-milking, seven swans a-swimming, six
geese a-laying, five gold rings; four calling birds, three french hens, two turtle doves and
a partridge in a pear tree. On the eleventh day of Christmas my true love gave to me
eleven pipers piping, ten lords a-leaping, nine ladies dancing, eight maids a-
milking, seven swans a- swimming, six geese a-laying, five gold rings; four calling
birds, three french hens, two turtle doves and a partridge in a pear tree. On the twelfth
day of Christmas my true love gave to me twelve drummers drumming, eleven pipers
piping, ten lords a-leaping, nine ladies dancing, eight maids a-milking, seven swans a-
swimming, six geese a-laying, five gold rings; four calling birds, three french hens, two
turtle doves and a partridge in a pear tree.
Nguyen Tuan Nam/NetSec/Win2010
30. 30
Virus Checker
Nguyen Tuan Nam/NetSec/Win2010
A race between good and bad
Patterns of command
Knows the instruction sequence for lots of types of viruses
Checks all the files on disk and instruction in memory for those patterns
Raises a warning if it finds a match
Needs to be updated periodically for new patterns file
Hooks into the OS and inspects files before they are written to disk
Polymorphic virus: each time it copies itself
Changes the order of its instructions
Changes to functionally similar instructions
Encryption with a variable key
Poly = many; morphic = form
Heuristic virus checkers only require certain crucial piece parts of code to match still enough patterns
left even in polymorphic code
Constrains the mutation rate
Any other approaches?
Metamorphic virus
Snapshot of disk storage
Goat or bait files
31. 31
Nonresident vs. Resident Viruses
Nguyen Tuan Nam/NetSec/Win2010
Nonresident viruses: can be thought of
Finder module
Replication module
Resident viruses
Replication module is loaded into the memory
This module is executed each time the OS is called to perform a certain operation
Fast infector
Infect as many files as possible
Pros and cons?
Slow infector
Infect host infrequently
Does not seem very successful
Stealth mode
Anti-virus software can be misused if it cannot detect the virus in the memory
Given that there is no Infallible method to test a program for hidden
bad side effects what can we do?
32. 32
What Can We Do Today?
Nguyen Tuan Nam/NetSec/Win2010
Don’t run software from suspicious sources
Frequently run virus checkers
Run programs in the most limited possible
environment
Separate disks
Separate VMs
Watch out for warnings
Frequent backups
External devices
33. 33
Mandatory (Nondiscretionary)
Access Control
Nguyen Tuan Nam/NetSec/Win2010
Discretionary
Someone who owns a resource can make a decision as to who is allowed
to use (access) it
Philosophy: users and the programs they run are good guys
Nondiscretionary access controls
Enforce a policy where users might be allowed to use information
themselves
But might not be allowed to make a copy of it available to someone else
Even owners of the resources has to follow the policy
Philosophy:
Users are careless + programs they run can’t be trusted
System must prevent users from accidentally or intentionally giving info to
someone else
Confine information within a security perimeter
34. 34
Levels of Security
Simplified description of the US DoD as an example
Security level
Unclassified < confidential < secret < top secret
A set of categories (compartments)
CRYPTO, INTEL, NUCLEAR
A clearance
(SECRET; {INTEL, NUCLEAR})
Given 2 security labels (X, S1) and (Y, S2) (X, S1) is at least as
sensitive as (Y, S2) iff
X ≥ Y and S2 is a subset of S1
Example: (TOP_SECRET, {CRYPTO, COMSEC}) > (SECRET,
{CRYPTO})
TRAN
2013-09-09 01:43:30
--------------------------------------------
doc duoc thong tin do minh tao ra hoac
level thap hon.
doc dc thong tin cap cao hon dam bao
cap duoikhong doc duoc
Nguyen Tuan Nam/NetSec/Win2010
35. 35
Mandatory Access Control Rules
Nguyen Tuan Nam/NetSec/Win2010
A human can only run a process that has a security
label below or equal to that of the human’s label
A human can only read information marked with a
security label below or equal to that of the process
A process can only write information marked with a
security label above or equal to that of the process
Will it be enough to protect sensitive data?
36. 36
Covert Channel
Timing channel
Create some signal/behavior to represent 0 or 1 per unit of
time
Noise
Storage channel
The use of shared resources (memory, sound card)
No general way to prevent all the covert channels
Introduce enough noise to reduce the bandwidth of the
covert channel (assuming the secret data is large)
Nguyen Tuan Nam/NetSec/Win2010
37. 37
Legal Issues
Nguyen Tuan Nam/NetSec/Win2010
Patents
Most cryptographic techniques are covered by
patents and historically this has slowed their
deployment
Export controls
The US government used to impose severe
restrictions on export of encryption
Why?