Security

1
Security

• Chapter 19

2
Chapter 19 Security

• The Security Problem
• Authentication
• Program Threats
• System Threats
• Securing Systems
• Intrusion Detection
• Encryption
• Windows NT

3
The Security Problem

• Security must consider external environment of
  the system, and protect it from
• unauthorized access to the system
• malicious modification or destruction of data
• accidental introduction of inconsistency.
• Easier to protect against accidental than
  malicious misuse.

4
Security Measures

• Physical
• Secure site against armed or surreptitious entry
• Human
• Screen users carefully
• Network
• Guard against interception of data by encryption
• Guard against denial of service attacks
• Operating system
• Protect itself against security breaches

5
Authentication

• User identity most often established through
  passwords, can be considered a special case of
  either keys or capabilities.
• Passwords must be kept secret.
• Frequent change of passwords.
• Use of non-guessable passwords.
• Log all invalid access attempts.
• Passwords may also either be encrypted or allowed
  to be used only once.

6
Breaking Passwords

• Short passwords
• Four digit PIN has 10,000 variations, takes five
  seconds to break
• Simple words?
• First and last names, street names, dictionary
  entries
• London financial district, 82 easy passwords
  (1997)
• Shoulder surfing
• Watching a user type password
• Sniffing
• Monitor traffic on the network
• Writing down password, sharing passwords
• Cant track security breaches

7
Better Passwords

• Upper and Lower Case
• My mothers name is Katherine ? MmnisK.!
• Hard to crack, easy to remember
• Paired Passwords
• Once in, the user has to supply a second password
• One-time Passwords
• Uses one-way functions, easy to do, difficult to
  undo
• e.g. 2 6 1(mod 7)
• recompute your pass number based on computer
  modulo seed
• Challenge-response
• What is your mothers maiden name?
• Biometrics fingerprint readers, iris readers

8
UNIX Passwords

• User ID and Group ID are defined in /etc/passwd
  for each user
• passwed structure

char pw_name the users name char pw_passwd the
encrypted password uid_t pw_uid the user
ID gid_t pw_gid the users group
ID char pw_comment contents of the comment
field char pw_dir the users home
directory char pw_shell the shell to be invoked
after login
9
UNIX Passwords

• Program to search for user name in passwd

include ltpwd.hgt main(int argc,char
argv) struct passwd pw if (argc !
2) exit(-1) pw getpwnam(argv1) //
searches passwd for user name if (pw ! 0)
printf(Details for user s\nm
argv1 printf( pw_passwd s\n,
pw-gtpw_passwd) printf( pw_uid s\n,
pw-gtpw_uid) printf( pw_gid s\n,
pw-gtpw_gid) printf( pw_comment s\n,
pw-gtpw_comment) printf( pw_dir s\n,
pw-gtpw_dir) printf( pw_shell s\n,
pw-gtpw_shell) else printf(No match found
for s\n, argv1)
10
Program Threats

• Trojan Horse
• Code segment that misuses its environment.
• Exploits mechanisms for allowing programs written
  by users to be executed by other users.
• e.g. a text editor searching files for keywords,
  storing them away
• e.g. login program emulator left running on a
  terminal (vs ctrl-alt-del)
• Trap Door
• Specific user identifier that circumvents normal
  security procedures.
• e.g. accounting code that saves rounding error
  funds to an account.
• Stack and Buffer Overflow
• Exploits a bug in a program to overflow the stack
  or memory buffers
• Overwrites a return address on the stack pointing
  to exploit code
• Exploit code often written in the stack itself

11
System Threats

• Worms
• Standalone programs using a spawn mechanism
• Internet worm
• Exploits UNIX networking features and bugs
• Grappling hook program uploads main worm program
• Viruses
• Fragment of code embedded in a legitimate program
• Targets single-user microcomputer systems
• From public bulletin boards, floppy disks, E-mail
  attachments
• Macros in Microsoft Office suite (could use RTF
  files)
• Denial of Service
• Overload the targeted computer or network
• e.g. Java code to use resources, or TCP
  connection initiation

12
The Morris Internet Worm
13
Morris Internet Worm

• Worm had two programs, a grappling hook and main.
• Grappling hook (l1.c)
• 99 lines of code, compiled and run on each
  machine
• Connected to originating machine, uploaded a copy
  of the main worm
• Main
• Used rsh to search for new machines to infect
• (rsh remote task execution with lists of
  hosts, no password)
• Buffer overflow attack (using finger) to point to
  invading code
• Used sendmail debug mode to send out grappling
  hook
• Searched for passwords, using UNIX on-line
  dictionary
• Result
• No virus included, but infested Sun and VAX
  systems on Internet

14
Securing Systems

• Periodically scan for
• Short or easy-to-guess passwords
• Unauthorized privileges programs, such as setuid
• Unauthorized programs in system directories
• Unexpected long-running processes
• Improper directory protections
• Improper protections on system data files
• Dangerous entries in the program search path
• (e.g. Trojan horse)
• Unexpected or hidden network daemons

15
FireWall

• Firewall
• Computer or router placed between trusted and
  untrusted systems.
• Limits network access between these two security
  domains.
• Monitor and log all connections
• Limit connections based on IP addresses
• Allow only http to web servers (no finger)
• Separate a network into multiple domains
• Tunnelling
• Travelling within protocols that the firewall
  allows
• e.g. spoofing pretending to be an authorized
  host
• e.g denial of service attacks http still gets
  through

16
Network Security Through Domain Separation Via
Firewall
DMZ demilitarized zone (semisecure network)
17
Intrusion Detection

• Detect attempts to intrude into computer systems.
• Signature-based detection
• e.g. repeated password attempts
• Anomaly detection
• e.g. shell commands untypical of a user
• Detection methods
• Audit-trail processing, match against signatures.
• Tripwire checks if certain files and directories
  have been altered, watching a hash function of
  the files
• System call monitoring
• Compares system calls of a program to expected
  ones

18
Data Structure Derived From System-Call Sequence
open, read, mmap, mmap, open, getrlimit, mmap,
close
Deviations would be detected quickly.
19
Encryption

• Encrypt clear text into cipher text.
• Properties of good encryption technique
• Relatively simple for authorized users to incrypt
  and decrypt data.
• Encryption scheme depends not on the secrecy of
  the algorithm but on a parameter of the algorithm
  called the encryption key.
• Extremely difficult for an intruder to determine
  the encryption key.
• Data Encryption Standard substitutes characters
  and rearranges their order on the basis of an
  encryption key provided to authorized users via a
  secure mechanism. Scheme only as secure as the
  mechanism.

20
Encryption

• Symmetric-key cryptography
• A B C D E F G H I J K L M N O P Q R S T U V W
  X Y Z
• Q W E R T Y U I O P A S D F G H J K L Z X C
  V B N M
• Asymmetric encryption algorithm
• Question 1 314159265358979 x 314159265358979
• Question 2 Square root of 39125715064193870905948
  28508151
• The second question is harder to compute
• Factorization is the basis of the RSA algorithm
• (factoring numbers of hundreds of digits using
  modulo arithmetic)

21
Encryption

• Public-key encryption based on each user having
  two keys
• public key published key used to encrypt data.
• private key key known only to individual user
  used to decrypt data.
• Padlocks
• Bob padlocks the message with Alices lock
• Only Alice has the key to the lock
• Alice chooses prime numbers p 17,159 q
  10,247
• Multiplying, she gets N 175,828,273, her public
  key
• The values p and q become her private key
• (made more complex with modulo arithmetic)

22
Encryption Example - SSL

• SSL Secure Socket Layer
• Commonly used cryptographic protocol for Web
• Initiated by a client
• Client has a public verification algorithm
• Server is certified with unique and common names
• Server and client exchange random numbers, plus
  certificate from server, checked with public
  verification
• They establish 46-byte premaster secret code pms
• They computer 48-byte master secret ms
• Remainder of communication uses symmetric
  encoding

23
Computer Security Classifications

• U.S. Department of Defense outlines four
  divisions of computer security A, B, C, and D.
• D Minimal security (e.g. MS-DOS, Windows 3.1).
• C Provides discretionary protection through
  auditing.
• C1 identifies cooperating users with the same
  level of protection (e.g. UNIX)
• C2 allows user-level access control.
• B All the properties of C, however each object
  may have unique sensitivity labels. Divided into
  B1, B2, and B3.
• A Uses formal design and verification
  techniques to ensure security.
• TEMPEST to guard against electronic
  eavesdropping

24
Windows NT Example

• Configurable security allows policies ranging
  from D to C2.
• Security is based on user accounts where each
  user has a security ID. At login, a user gets a
  security access token.
• Uses a subject object to ensure access security,
  linking the security access token and the
  programs the user runs. Subject tracks and
  manages permissions for each program.
• Each object in Windows NT has a security
  attribute defined by a security descriptor. For
  example, a file has a security descriptor that
  indicates the access permissions for all users.