computer and network security

1
computer and network security

• matt barrie
• ltmattb_at_alumni.stanford.orggt

2
goals

• Understanding of security fundamentals
• Introduction to applied cryptography
• Issues involved with designing secure systems
• Experience in designing and implementing one
• Examination of real world case studies
• Understanding of the cross-disciplinary issues
• Including psychology, politics and the law
• Why systems fail

3
about myself

• Consulting Lecturer in Information Security
• CTO Sensory Networks
• Designing a Security Platform and Coprocessor
• Formerly
• CTO Infilsec, a computer security consulting firm
• Director of Packet Storm (packetstormsecurity.org)
  
• Ran the Systems and Network Assessment Practice
  at Kroll-OGara Information Security Group

4
syllabus

• Hash functions
• Authentication
• Secret key encryption
• Public key encryption
• Key exchange
• Digital signatures
• Cryptographic protocols
• Secure programming
• Real world systems and protocols
• Political and legal issues
• Attacks
• How and why systems fail
• The shape of things to come

5
mechanics

• Two lectures per week
• One two hour lab working on a project
• Fourteen weeks of lectures
• Tutors
• Stephen Gould ltsgould_at_alumni.stanford.orggt
• Jack Zeng ltzzeng_at_ee.usyd.edu.augt
• Assessment
• Homework assignments (20)
• One project (30)
• Final Exam (50) two hours, closed book

6
textbooks

• Cryptography and Network Security, William
  Stallings, (Prentice Hall), 1999
• Handbook of Applied Cryptography, A. Menezes, P.
  Van Oorscho, S. Vanstone (online)
• URL http//www.cacr.math.uwaterloo.ca/hac/
• 3. Lecture notes and additional reading material
  will also be handed out in class.
• Highly recommended
• Applied Cryptography, 2nd Ed., Bruce Schneier,
  (Wiley), 1996
• Security Engineering, Ross Anderson, (Wiley), 2001

7
project
8
project

• It is 2004 and Big Brother is back on schedule.
• All your moves are being tracked.
• All your communications are being monitored.
• A small price to pay for an ideal world?
• Internet crime rates are down
• Trusted computers are given out for free and to
  all
• Bandwidth is ubiquitous
• Digital entertainment is happiness
• All thanks to the softmedia megacorps!

9
project

• All software is licensed through state sponsored
  portals
• Possessing unlicensed software is a crime.
• Programming without a license is punishable by
  jail.
• Circumventing security mechanisms is a capital
  offense.
• You belong to an outlaw faction known as the Free
  Software Youth League.
• Your groups ideals of open source // free
  software are branded subversive by the softmedia
  megacorp controlled government.
• Driven underground, your loose knit organisation
  of programmers and engineers sustains its
  guerilla operations coding illegal software as
  guns-for-hire.

10
stealthnet

• Your group has been hired by the Mafia to build a
  secure communications application for underground
  messaging and file transfers
• Think of it as a secure version of ICQ
  (www.icq.com)
• You may assume that anonymity will be handled by
  the underlying MafiaNet network layers
• Written in Java with crypto library support
• Teams of two
• Later parts of the project will migrate client
  end functionality to the Dallas Semiconductor
  Java Crypto iButton
• You will be supplied with an insecure skeleton
  for reference

11
iButton

• Dallas Semiconductor Java Powered iButton 2.2
• Stainless steel-encased single-chip Java virtual
  machine (VM).
• Java Card 2.0-compliant, sends data as applets
  over the Internet.
• 32-bit integers, random number generator, garbage
  collector.
• Resources 64-kbyte ROM for firmware and VM, 134
  kbytes fast NV RAM for stack support in multiple,
  independent applications.
• Firmware contains support for javacardx.crypto
  (SHA-1, RSA, DES, triple DES). Sub-second math
  accelerator for RSA encryption.
• The iButton case initiates immediate zeroization
  of memory if opened. Can store over 30 X.509v3
  certificates with 1024-bit keys.
• Can store hundreds of user names and passwords, a
  color ID picture and application programs.

12
help!

• Help algorithm
• Check the website
• http//ee.usyd.edu.au/mattb/elec5610
• If FAIL, post on the class message board
• http//ee.usyd.edu.au/mattb/elec5610/forum.html
• others may have already asked your question
• others may be having the same problem
• If FAIL, e-mail us
• elec5610_at_ee.usyd.edu.au
• we have a neural connection to the Internet

13
we are entering a brave new world ...
14
(No Transcript)
15
actual newspaper headlines

• WebTV virus dials 911
• GSM cell-phone encryption cracked by Birykof and
  Shamir
• German bank being blackmailed by putative
  cracker
• Feds warn of May Day attacks on U.S. Web sites
• Tampered heart monitors, simulating failure to
  get human organs
• Secret American spy photos broadcast unencrypted
  over satellite TV
• Software flaw in submarine-launched ballistic
  missile system
• Accidental launch of live Canadian Navy missile
  color-code mixup
• Navy to use Windows 2000 on aircraft carriers
• Classified data in wrong systems at Rocky Flats
  nuclear weapons plant
• Russian nuclear warheads armed by computer
  malfunction
• U.S. House approves life sentences for crackers
• Courtesy of RISKS (http//catless.ncl.ac.uk/Risks/
  )

16
and now, the bad news...
17
nothing is perfectly secure in the digital world

• The digital world behaves differently to the
  physical world
• Everything in the digital world is made of bits
• Bits have no uniqueness
• Its easy to copy bits
• Therefore, if you have something, I can copy it
• information
• privileges
• identity
• media
• software
• digital money
• Pretty much all of information security revolves
  around making it hard to copy bits

18
my definition of information security

• You spend X so that your opponent has to spend Y
  to do something you dont want them to do
• Y is rarely greater than X
• and there are lots of opponents
• Its all a resource game
• time
• computational power (time x )
• Implication
• Given enough resources, someones going to get in
• Given enough attackers, someones going to get in
• The trick is to raise the bar to an adequate
  level of (in)security for the resource you are
  trying to protect.

19
security requirements

• Everything you have been taught so far in
  engineering revolves around building dependable
  systems that work
• Typically engineering efforts are associated with
  ensuring something does happen e.g. John can
  access this file
• Security engineering revolves around building
  dependable systems that work in the face of a
  world full of clever, malicious attackers
• Typically security has been about ensuring
  something cant happen e.g. the Chinese
  government cant access this file.
• Reality is far more complex
• Security requirements differ greatly between
  systems

20
security requirements

• Systems often fail because designers
• protect the wrong things
• protect the right things in the wrong way
• make poor assumptions about their systems
• do not understand their systems threat model
  properly
• make poor assumptions about attackers
• fail to account for paradigm shifts (e.g. the
  Internet)
• fail to understand the scope of their system

21
bank security requirements

• Core of a banks operations is its bookkeeping
  system
• goal highest level of integrity
• most likely threat internal staff stealing petty
  cash
• ATMs
• goal authentication of customers, resist attack
• most likely threat petty thieves
• High value transaction systems
• goal integrity of transactions
• most likely threat internal staff, sophisticated
  criminals
• Internet banking
• goal authentication and availability
• most likely threat hacking the website or
  account
• Safe
• goal physical integrity

22
military communications

• Electronic warfare systems
• jam enemy radar without being jammed yourself
• goal covertness, availability
• countermeasures, countercountermeasures etc.
• Military communications
• goal confidentiality, covertness, availability
• low probability of intercept (LPI) - spread
  spectrum, etc.
• Compartmentalisation
• e.g. logistics software- administration of boot
  polish different from stinger missiles
• goal confidentiality, availability, resilience
  to traffic analysis?
• Nuclear weapons command control
• goal prevent weapons from being used outside the
  chain of command

23
hospital security requirements

• Use of web based technologies
• e.g. online reference books
• goal integrity of data
• Remote access for doctors
• goal authentication, confidentiality
• Patient record systems
• nurses may only look at records of patients who
  have been in their ward in the last 90 days
• anonymisation of records for research
• Paradigm shifts introduce new threats
• e.g. shift to online drug databases means paper
  records are no longer kept
• results in new threats on
• availability e.g. denial of service of network
• integrity e.g. malicious temporary tampering of
  information

24
risk analysis
Risk Impact Matrix
Impact
Extreme High Medium Low
Negligible
Certain 1 1 2 3 4 Likely 1 2 3 4 5 Moderate 2 3
4 5 6 Unlikely 3 4 5 6 7 Rare 4 5 6 7 7
Likelihood
1 severe must be managed by senior management
with a detailed plan 2 high detailed research
and management planning required at senior
levels 3 major senior management attention is
needed 4 significant management responsibility
must be specified 5 moderate manage by specific
monitoring or response procedures 6 low manage
by routine procedures 7 trivial unlikely to
need specific application of resources
25
axioms of information security

• All systems are buggy
• The bigger the system the more buggy it is
• Nothing works in isolation
• Humans are most often the weakest link
• Its a lot easier to break a system than to make
  it secure

26
a system can be..

• A product or component
• e.g. software program, cryptographic protocol,
  smart card
• The above plus infrastructure
• e.g. PC, operating system, communications
• The above plus applications
• e.g. web server, payroll system
• The above plus IT staff
• The above plus users and management
• The above plus customers and external users
• The above plus the law, the media, competitors,
  politicians, regulators, etc.

27
aspects of security

• Authenticity
• proof of a messages origin
• integrity plus freshness (ie. message is not a
  replay)
• Confidentiality
• the ability to keep messages secret (for time t)
• Integrity
• messages should not be able to be modified in
  transit
• attackers should not be able to substitute fakes
• Nonrepudiation
• cannot deny that a message was sent
• Availability

28
passive attacks

• Those that do not involve modification of
  fabrication of data
• Examples include eavesdropping on communications
• Interception
• An unauthorised party gains access to an asset
• Release of message contents an attack on
  confidentiality
• Traffic analysis an attack on covertness

29
active attacks

• Those which involve some modification of the data
  stream or creation of a false stream
• Fabrication
• An unauthorised party inserts counterfeit objects
  into the system
• Examples include masquerading as an entity to
  gain access to the system
• An attack on authenticity
• Interruption
• An asset of the system is destroyed or becomes
  unavailable or unusable
• Examples include denial-of-service attacks on
  networks
• An attack on availability
• Modification
• An unauthorised party not only gains access to
  but tampers with an asset
• Examples include changing values in a data file
  or a virus
• An attack on integrity

30
definitions

• Secrecy
• A technical term which refers to the effect of
  actions to limit access to information
• Confidentiality
• An obligation to protect someone or some
  organisations secrets
• Privacy
• the ability and/or right to protect the personal
  secrets of you or your family including
  invasions of your personal space
• Privacy does not extend to corporations
• Anonymity
• the ability/desire to keep message
  source/destination confidentiality

31
trust

• A trusted system is one whose failure can break
  security policy.
• A trustworthy system is one which wont fail.
• A NSA employee caught selling US nuclear secrets
  to a Chinese diplomat is trusted but not
  trustworthy.
• In information security trust is your enemy.

32
trust is your enemy

• You cannot trust software or vendors
• they wont tell you their software is broken
• they wont fix it if you tell them
• You cannot trust the Internet nor its protocols
• its built from broken pieces
• its a monoculture, something breaks - everything
  breaks
• it was designed to be work, not be secure
• You cannot trust managers
• they dont want to be laggards nor leaders
• security is a cost centre not a profit centre!
• You cannot trust the government
• they only want to raise the resource game to
  their level
• You cannot trust your employees or users
• they are going to pick poor passwords
• they are going to mess up the configuration

33
trust is your enemy

• You cannot trust your peers
• they are as bad as you
• You cannot trust algorithms nor curves
• Moores law does not keep yesterdays secrets
• tomorrow they might figure out how to factor
  large numbers
• tomorrow they might build a quantum computer
• You cannot trust the security community
• they are going to ridicule you when they find a
  problem
• just before they tell the whole world about it
• You cannot trust information security
• its always going to be easier to break knuckles
  than break codes
• You cannot trust yourself
• you are human
• one day youre going to screw up

34
tenet of information security

• Security through obscurity does not work
• Full disclosure of the mechanisms of security
  algorithms and systems (except secret key
  material) is the only policy that works
• If the algorithms are known but cannot be broken,
  the system is a good system
• If an algorithm is kept secret and no-one has
  looked at it, nothing can be said for its security

35
morals of the story

• Nothing is perfectly secure
• Information security is a resource game
• Nothing works in isolation
• Know your system
• Know your threat model
• Trust is your enemy
• All systems can and will fail
• Humans are most often the weakest link
• Attackers often know more about your system than
  you do

36
references

• Stallings
• 1