CSE 513 I ntroduction to Operating Systems Class 10 - Security J - PowerPoint PPT Presentation

CSE 513 I ntroduction to Operating Systems Class 10 - Security J onat han Walpole Dept . of Comp. Sci. and Eng. Oregon Healt h and Science Universit y

Overview � I ntro to cryptography tools � one-way f unct ions, public vs pr ivat e key encr ypt ion, hash f unct ions, and digit al signat ur es � Protection domains and protection mechanisms � User authentication � I nternal attacks � Tr oj an hor ses, spoof ing, logic bombs, t r ap door s, buf f er over f low at t acks � External attacks � Vir uses, wor ms, mobile code, sand boxing, int er pr et at ion

Security overview Security f lavors � � Conf ident ialit y - Abilit y t o prot ect secret s � I nt egrit y -Abilit y t o prot ect t he dat a cont ent s � Availabilit y - Abilit y t o cont inue t o operat e Know thy enemy! � � User st upidit y (bad def ault set t ings f rom companies) � I nsider snooping � Out sider snooping � Blat ant at t acks (viruses and worms) � Bot s!

Accidental data loss Acts of God � f ires, f loods, wars - Hardware or sof tware errors � CP U malf unct ion, bad disk, program bugs - Human errors � dat a ent ry, wrong t ape mount ed - “you” are probably t he biggest t hreat you’ll ever f ace -

I ntroduction to Cryptography Tools

Basics of Cryptography Relationship between the plaintext and the ciphertext

Cryptography: conf identiality and integrity

Secret- key cryptography � Example: mono- alphabetic substitution Plaint ext : ABCDEFGHIJKLMNOPQRSTUVWXYZ Cypher t ext : QWERTYUIOPASDFGHJKLZXCVBNM � Given the encryption key ( QWERTYUI OPASDFGHJKLZXCVBNM ), � easy t o f ind decr ypt ion key using st at ist ical pr oper t ies of nat ur al language (common let t er s and digr ams) � … despit e size of sear ch space of 26! possible keys � Function should be more complex and search space very large.

Symmetric cryptography: DES Mangler f unction DES operates on 64- bit blocks of data � init ial permut at ion � 16 rounds of t ransf ormat ions each using a dif f erent encrypt ion key �

Per- round key generation in DES Each key derived f rom a 56- bit master by mangling f unction � based on splitting, rotating, bit extraction and combination

Symmetric (secret) key cryptography � Fast f or encryption and decryption � Dif f icult to break analytically � Subject to brute f orce attacks � as comput er s get f ast er must incr ease t he number of r ounds and lengt h of keys � Main problem � how t o dist r ibut e t he keys in t he f ir st place ?

Public- key cryptography � Use dif f erent keys f or encryption and decryption � Knowing the encryption key doesn’t help you decrypt � t he encr ypt ion key can be made public � encr ypt ion key is given t o sender � decr ypt ion key is held pr ivat ely by t he r eceiver � But how does it work?

Public- key cryptography � Asymmetric (one- way) f unctions � given f unct ion f it is easy t o evaluat e y = f (x) � but given y it s comput at ionally inf easible t o f ind x � Trivial example of an asymmetric f unction encr ypt ion: y = x 2 decr ypt ion: x = squar er oot (y) � Challenge � f inding a f unct ion wit h st r ong secur it y pr oper t ies but ef f icient encr ypt ion and decr ypt ion

Public- key cryptography: RSA RSA (Rivest, Shamir, Adleman) � encr ypt ion involves mult iplying lar ge pr ime number s � cr acking involves f inding pr ime f act or s of a lar ge number � Steps to generate encryption key ( e ) and decryption � key ( d ) Choose t wo ver y lar ge pr ime number s, p and q � Comput e n = p x q and z = (p – 1) x (q – 1) � Choose a number d t hat is r elat ively pr ime t o z � Comput e t he number e such t hat e x d = 1 mod z �

Public- key cryptography: RSA Messages split into f ixed length blocks of bits � int er pr et ed as number s wit h value 0 < = m i < n � Encryption � e (mod n) c i = m i r equir es t hat you have n and encr ypt ion key e � Decryption � d (mod n) m i = c i r equir es t hat you have n and decr ypt ion key d �

RSA vs DES � RSA is more secure than DES � RSA requires 100- 1000 times more computation than DES to encrypt and decrypt � RSA can be used to exchange private DES keys � DES can be used f or message contents

Secure hash f unctions � Hash f unctions h = H(m) are one way f unctions � can’t f ind input m f r om out put h � easy t o comput e h f r om m � Weak collision resistance � given m and h = H(m) dif f icult t o f ind dif f er ent input m’ such t hat H(m) = H(m’) � Strong collision resistance � given H it is dif f icult t o f ind any t wo dif f er ent input values m and m’ such t hat H(m) = H(m’) � They typically generate a short f ixed length output string f rom arbitrary length input string

Example secure hash f unctions � MD5 - (Message Digest) � pr oduces a 16 byt e r esult � SHA - (Secure Hash Algorithm) � pr oduces a 20 byt e r esult

Secure hash f unctions : MD5 � The structure of MD5 � pr oduces a 128-bit digest f r om a set of 512-bit blocks � k block digest s r equir e k phases of pr ocessing each wit h f our r ounds of pr ocessing t o pr oduce one message digest

Per phase processing in MD5 � Each phase involves f or rounds of processing F (x,y,z) = (x AND y) OR ((NOT x) AND z) G (x,y,z) = (x AND z) OR (y AND (NOT z)) H (x,y,z) = x XOR y XOR z I (x,y,z) = y XOR (x OR (NOT z))

Per round processing in MD5 The 16 iterations during the f irst round in a phase of � MD5 using f unction F

What can you use a hash f unction f or? � To verif y the integrity of data � if t he dat a has changed t he hash will change (weak and st r ong collision r esist ance pr oper t ies) � To “sign” or “certif y” data or sof tware

Digital signatures (b) � Computing a signature block � What the receiver gets

Digital signatures using a message digest Not at ion Descr ipt ion K A, B Secret key shared by A and B + K Public key of A A − Private key of A K A

Digital signatures with public- key cryptography Not at ion Descr ipt ion K A, B Secret key shared by A and B + K Public key of A A − Private key of A K A

Protection Domains

Protection domains � Every process executes in some protection domain � det er mined by it s cr eat or , aut hent icat ed at login t ime � OS mechanisms f or switching protection domains � syst em calls � set UI D capabilit y on execut able f ile � r e-aut hent icat ing user

A protection matrix

Protection matrix with domains as objects Domain

Protection Mechanisms

Access control lists (ACLs) Domain � Domain matrix is typically large and sparse � inef f icient t o st or e t he whole t hing � st or e occupied columns only, wit h t he r esour ce? - ACLs � st or e occupied r ows only, wit h t he domain? - Capabilit ies

Access control lists f or f ile access

Access Control Lists (2) � Two access control lists with user names and roles (groups)

Capabilities Domain � Domain matrix is typically large and sparse � inef f icient t o st or e t he whole t hing � st or e occupied columns only, wit h t he r esour ce? - ACLs � st or e occupied r ows only, wit h t he domain? - Capabilit ies

Capabilities associated with processes � Each process has a capability list

Cryptographically- protected capabilities Cryptographically- protected capability can be � held in user space Server Object Rights f (Objects, Rights, Check) Generic Rights � Copy capabilit y � Copy obj ect � Remove capabilit y � Dest r oy obj ect �

User Authentication

User authentication Basic Principles. Authentication must identif y: � Somet hing t he user knows � Somet hing t he user has � Somet hing t he user is � This is done bef ore user can use the system ! �

Authentication using passwords (a) A successf ul login (b) Login rejected af ter name entered (easier to crack) (c) Login rejected af ter name and password typed

Problems with pre- set values � How a cracker broke into LBL � a U.S. Dept . of Ener gy r esear ch lab

Authentication using passwords and salt , , , , Password Salt � The use of salt to def eat precomputation of encrypted passwords � salt changes each t ime passwor d changes � incr eases t he size of t he sear ch space

Authentication using a physical object � Magnetic cards � magnet ic st r ipe car ds � chip car ds: st or ed value car ds, smar t car ds

Authentication using biometrics A device f or measuring f inger length.

Attacks on the authentication process � Authentication - making sure the user is the user � Attacks include � Placement of passwor ds in t he clear • Written on desk, included in a network packet etc… � Net wor k packet snif f ers • Listen to the network and record login sessions � Snooping • observing key strokes � Aut omat ed bot s • Try a password every minute (don’t get greedy)