You are on page 1of 62

Security and Authentication

CS-4513
Distributed Computing Systems
(Slides include materials from Operating System Concepts, 7th ed., by Silbershatz, Galvin, & Gagne,
Distributed Systems: Principles & Paradigms, 2nd ed. By Tanenbaum and Van Steen, and
Modern Operating Systems, 2nd ed., by Tanenbaum)

CS-4513 D-term
2008

Security and Au
thentication

Reading Material
Tanenbaum, Modern
Operating Systems,
Chapter 9
Security and threats
Viruses
How to write and
detect!

Silbershatz, Chapters 1415


Protection
Security

Tanenbaum & Van Steen


Chapter 9

Protection
implementation of
security
CS-4513 D-term
2008

Security and Au
thentication

Puzzle
Alice wishes to send secret message to Bob
She places message in impenetrable box
Locks the box with unbreakable padlock
Sends locked box to Bob

Problem: Bob has no key to unlock box


No feasible way to securely send key to Bob

How does Bob retrieve message?


CS-4513 D-term
2008

Security and Au
thentication

Answer
Bob adds 2nd unbreakable padlock to box
Locks with own key
Sends box back to Alice (with two padlocks!)

Alice unlocks and removes her lock


Sends box back to Bob

Bob unlocks his lock


Opens box and reads message

What could go wrong?


CS-4513 D-term
2008

Security and Au
thentication

Answer
Bob adds 2nd unbreakable padlock to box
Locks with own key
Sends box back to Alice (with two padlocks!)

Alice unlocks and removes her lock


Sends box back to Bob

Bob unlocks his lock


Opens box and reads message

What could go wrong?


CS-4513 D-term
2008

Security and Au
thentication

Authentication
How does a system (distributed or not) know
who it is talking to?
Who do I say that I am?
How can I verify that?
Something I know (that nobody else should know)
Something I have (that nobody else should have)
Something I am (that nobody else should be)
CS-4513 D-term
2008

Security and Au
thentication

Threats against Authentication


I want to pretend to be you:
I can steal your password
the sticky note on your monitor or the list in your desk
drawer
by monitoring your communications or looking over
your shoulder

I can guess your password


particularly useful if I can also guess your user name

I can get between you and the system you are


talking to
CS-4513 D-term
2008

Security and Au
thentication

Getting between you and system you are talking to

CS-4513 D-term
2008

Security and Au
thentication

Login Spoof
I create a login screen in my process
On a public machine
Looks exactly like real one

You log into system


My login process records your user ID and password
Logs you in normally

Result: I have gotten between you and system


without your knowledge
Also, I have stolen your user ID and password
CS-4513 D-term
2008

Security and Au
thentication

The Trouble with Passwords

They are given away


They are too easy to guess
They are used too often
There are too many of them
They are used in too many places

CS-4513 D-term
2008

Security and Au
thentication

10

Some ways around the problem


Better passwords
longer
larger character set
more random in nature/encrypted

Used less often


changed frequently, one system per password
challenge/response use only once
CS-4513 D-term
2008

Security and Au
thentication

11

The Challenge/Response Protocol


Mary

Art

Hello, Im Art
Decrypt This {R}P
R
Hello Art! How can I help you?

CS-4513 D-term
2008

Security and Au
thentication

12

The Challenge/Response Protocol

Art

Hello, Im Art

a
is

d
n
a
r

om

be
m
u

Mary

Decrypt This {R}P


Pi

sa

sh

a re

Hello Art! How can I help you?


CS-4513 D-term
2008

Security and Au
thentication

13

ds

ec

ret

Threat: Steal passwords from the system

Dont keep them in an obvious place


Encrypt them so that version seen by
system is not same as what user enters
or version on the wire
or version used last time

CS-4513 D-term
2008

Security and Au
thentication

14

Too many passwords to remember?


Third-party authentication
Get someone to vouch for you

The basics: This guy says you know him..


Yes, I trust him, so you should too..
Kerberos Certificate-based authentication
within a trust community
CS-4513 D-term
2008

Security and Au
thentication

15

What is in a certificate?

Who issued it
When was it issued
For what purpose was it issued
For what time frame is it valid
(possibly other application-specific data)
A signature that proves it has not been
forged

CS-4513 D-term
2008

Security and Au
thentication

16

Systems and Networks Are Not Different


Same basic rules about
code behavior apply
Same authentication
rules apply
The same security
principles apply

CS-4513 D-term
2008

Same Coding Rules


Apply To:

Security and Au
thentication

An application
Code which manages
incoming messages
Code which imposes
access controls on a
network
...

17

The Principles
Understand what you are trying to protect
Understand the threat(s) you are trying to
protect against
Also, costs and risks

Be prepared to establish trust by telling


people how you do it
Assume that the bad guys are at least as
clever as you are!
CS-4513 D-term
2008

Security and Au
thentication

18

Security must occur at four levels to be


effective
Physical
The best security system is no better than the lock on your front
door (or desk, or file cabinet, etc.)!

Human
Phishing, dumpster diving, social engineering

Operating System
Protection and authentication subsystems
Prevention of unauthenticated access to data

Network
Protection and authentication subsystems
Separate from underlying protocols

Security is as weak as the weakest link in chain


CS-4513 D-term
2008

Security and Au
thentication

19

How do these attacks work?


Messages that attack mail readers or
browsers
Denial of service attacks against a web
server
Password crackers
Viruses, Trojan Horses, other malware

CS-4513 D-term
2008

Security and Au
thentication

20

The concept of a Vulnerability


Buffer overflow
Protocol/bandwidth interactions
Protocol elements which do no work

execute this messages


The special case of mobile agents

Human user vulnerabilities


eMail worms
Phishing
CS-4513 D-term
2008

Security and Au
thentication

21

Another Principle
There is a never-ending war going on
between the black hats and the rest of us.
For every asset, there is at least one
vulnerability
For every protective measure we add,
they will find another vulnerability
CS-4513 D-term
2008

Security and Au
thentication

22

Yet Another Principle


There is no such thing as a bullet-proof
barrier
Every level of the system and network
deserves an independent threat evaluation
and appropriate protection
Only a multi-layered approach has a chance
of success!
CS-4513 D-term
2008

Security and Au
thentication

23

Actual Losses:
Approximately 70% are due to human error
More than half of the remainder are caused
by insiders
Social Engineering accounts for more
loss than technical attacks.

CS-4513 D-term
2008

Security and Au
thentication

24

What is Social Engineering?


Hello. This is Dr. Burnett of the cardiology
department at the Conquest Hospital in
Hastings. Your patient, Sam Simons, has
just been admitted here unconscious. He has
an unusual ventricular arrhythmia. Can you
tell me if there is anything relevant in his
record?

CS-4513 D-term
2008

Security and Au
thentication

25

Social Engineering (2)

From: 3dksobinsky@zoom-internet.net
Sent: Sunday, December 3, 2006 8:10 AM
To: rmstronger@charter.net
Subject: Re: Approved
Please read the attached file.

CS-4513 D-term
2008

Security and Au
thentication

26

Program Threats in Operating Systems


Trojan Horse
Code segment that misuses its environment
Exploits mechanisms for allowing programs written by users to be
executed by other users
Spyware, pop-up browser windows, covert channels

Logic Bomb
Program that initiates a security incident under certain
circumstances

Trap Door
Specific user identifier or password that circumvents normal
security procedures
Could be included in a compiler

Stack and Buffer Overflow


Exploits a bug in a program (overflow either the stack or memory
buffers)
CS-4513 D-term
2008

Security and Au
thentication

27

Program Threats Viruses


Code fragment embedded in legitimate programs
Very specific to CPU architecture, operating
system, applications
Usually borne via email or as a macro
E.g., Visual Basic Macro to reformat hard drive
Sub AutoOpen()
Dim oFS
Set oFS =
CreateObject(Scripting.FileSystemObject
)
vs = Shell(c:command.com /k format
c:,vbHide)
End Sub
CS-4513 D-term
2008

Security and Au
thentication

28

Program Threats (Cont.)


Virus dropper inserts virus onto the system
Many categories of viruses, literally many thousands of
viruses

File
Boot
Macro
Polymorphic
Source code
Encrypted
Stealth
Tunneling
Multipartite
Armored

CS-4513 D-term
2008

Security and Au
thentication

29

Questions?

CS-4513 D-term
2008

Security and Au
thentication

30

What is a Security Policy?


What rights MAY a user have?
Define the maximum!

What rights can a user pass on?


How can a user acquire additional rights?
Linux/Unix:

-rwxr-xr-- /foo
-rw--w---- /bar

CS-4513 D-term
2008

Security and Au
thentication

31

Policy Models (1)


A Policy Model is a framework for creating a
specific policy for a specific organization
Linux/Unix

Users, groups, everybody


owner (or ) controls grant of rights
Rights based on UID, GID Focus on files
Process has rights of parent
can change GID or drop rights

CS-4513 D-term
2008

Security and Au
thentication

32

Policy Models (2)


Win200X
Users and groups
Groups may be members of groups
Rights are the combined rights of all groups of
which the user is a direct or indirect member
Administrator controls everything
can grant any right

The default is strong control over admin


functions and little control over files
CS-4513 D-term
2008

Security and Au
thentication

33

Policy Models (3)


Typical Business
Managers can (usually) grant rights to their staff
Information is visible to people above in the
organization
Managers do not have authority to grant access
downward for some classes of information
Overall control is maintained by restricting access to
applications rather than to data
Databases have their own distinct access controls

CS-4513 D-term
2008

Security and Au
thentication

34

Policy Models (4)


The Military Mind
Access rights are granted only by a higher
authority
Access is broken into two models
need-to-know (usually organizational with upward
visibility)
item-by-item (classification may occur in advance
of creation or after)
Creator may be denied access to own work
Some weird anomalies
CS-4513 D-term
2008

Security and Au
thentication

35

Policy Models (5)


The BMA (British Medical Assoc.) model (1995)
Each medical record has an access control list
Access may be granted to a new clinician by the subject
or the primary clinician
Patient must be notified of all ACL changes, and may
revoke access
Deletions are not allowed
All access must be logged and auditable
Information may be aggregated from A into B only if
ACL(A) is a superset of ACL(B)

Reference
Anderson, Ross, An Update on the BMA Security Policy,
1996. (.pdf)
CS-4513 D-term
2008

Security and Au
thentication

36

Policy Models (6)


The HIPAA model (1998)
The patient controls the right to access
personally identifiable health information
Access is granted to any clinician or facility
staff participating in the care of the patient
Patient must be notified of all breaches
Deletions are not allowed
All access must be logged and auditable
Privileges may be revoked
CS-4513 D-term
2008

Security and Au
thentication

37

More Principles
Think about Assets, Threats and
Vulnerabilities FIRST
Find an appropriate (and minimally
complex) Policy Model
Match your OS capabilities to the policy
model as best you can
Train staff to recognize social engineering!
Train staff to make a habit out of the policy!
CS-4513 D-term
2008

Security and Au
thentication

38

Fun with Cryptography


What is cryptography about?
General Principles of Cryptography
Basic Protocols
Single-key cryptography
Public-key cryptography

An example...

CS-4513 D-term
2008

Security and Au
thentication

39

Cryptography as a Security Tool


Broadest security tool available
Source and destination of messages cannot be
trusted without cryptography
Means to constrain potential senders (sources)
and / or receivers (destinations) of messages

Based on secrets (keys)

CS-4513 D-term
2008

Security and Au
thentication

40

Principles
Cryptography is about the exchange of
messages
The key to success is that all parties to an
exchange trust that the system will both
protect them from threats and accurately
convey their message
TRUST is essential

CS-4513 D-term
2008

Security and Au
thentication

41

Therefore
Algorithms must be public and verifiable
We need to be able to estimate the risk of
compromise
The solution must practical for its users, and
impractical for an attacker to break

CS-4513 D-term
2008

Security and Au
thentication

42

Guidelines
Cryptography is always based on algorithms
which are orders of magnitude easier to
compute in the forward (normal) direction
than in the reverse (attack) direction.
The attackers problem is never harder than
trying all possible keys
The more material the attacker has the easier
his task
CS-4513 D-term
2008

Security and Au
thentication

43

Example
What is
314159265358979 314159265358979?
vs.
What are prime factors of
3912571506419387090594828508241?
CS-4513 D-term
2008

Security and Au
thentication

44

Time marches on
We must assume that there will always be
improvements in computational power,
mathematics and algorithms.
Messages which hang around get less secure
with time!

Increases in computing power help the good


guys and hurt the bad guys for new and
short-lived messages
CS-4513 D-term
2008

Security and Au
thentication

45

Caveat
We cannot mathematically PROVE that the
inverse operations are really as hard as they
seem to beIt is all relative
The Fundamental Tenet of Cryptography:
If lots of smart people have failed to solve a
problem, it wont be solved (soon)
CS-4513 D-term
2008

Security and Au
thentication

46

Secret key cryptography


K

Cleartext

f (T,K)

CS-4513 D-term
2008

K
C
Cyphertext

Security and Au
thentication

g (C,K)

Cleartext

47

Secret Key Methods


DES (56 bit key)
IDEA (128 bit key)
http://www.mediacrypt.com/community/index.asp

Triple DES (three 56 bit keys)


AES
From NIST, 2000
choice of key sizes up to 256 bits and more
Commercial implementations available
CS-4513 D-term
2008

Security and Au
thentication

48

Diffie Hellman
Alice

Agree on p,g

choose random A

Bob
choose random B

TA = gA mod p
TB = gB mod p

compute (TB)A

compute (TA)B
Shared secret key is gAB mod p

CS-4513 D-term
2008

Security and Au
thentication

49

DH Problems
Not in itself an encryption method we
must still do a secret key encryption
Subject to a man in the middle attack
(Alice thinks she is talking to Bob, but actually
Trudy is intercepting all of the messages and
substitution her own)

CS-4513 D-term
2008

Security and Au
thentication

50

RSA Public key cryptography


Key #1

Cleartext

f ()

Key #2
C
Cyphertext

f ()

T
Cleartext

Key #1 can be either a Public Key or a Private Key.


Key #2 is then the corresponding Private Key or Public Key.
CS-4513 D-term
2008

Security and Au
thentication

51

RSA Public Key Cryptography


Rivest, Shamir and Adelman (1978)
I can send messages that only you can read
I can verify that you and only you could
have sent a message
I can use a trusted authority to distribute my
public key
The trusted authority is for your benefit!

CS-4513 D-term
2008

Security and Au
thentication

52

RSA Details
We will use the same operation to encrypt
and decrypt
To encrypt, we will use e as a key, to
decrypt we will use d as a key
e and d are inverses with respect to the
chosen algorithm

CS-4513 D-term
2008

Security and Au
thentication

53

RSA Details
Choose n as the product of two large primes
Finding the factors of a large number is
mathematically hard (difficult)
Finding primes is also hard

Choose e to be a (fairly small) prime and


compute d from e and the factors of n
THROW AWAY THE FACTORS OF n!
Publish two numbers, e (public key) and n
CS-4513 D-term
2008

Security and Au
thentication

54

RSA Details
Encryption: Cyphertext = (Cleartext)e mod n
Decryption: Cleartext = (Cyphertext)d mod n
Typical d will be on the order of 500 to 700 bits
The cost of the algorithm is between 1 and 2
the size of n,
Each operation is a giant shift and add (multiply by a
power of 2)

CS-4513 D-term
2008

Security and Au
thentication

55

RSA Problems
It is much more costly than typical secretkey methods
Use RSA to hide (i.e., encrypt) a secret key,
Encrypt the message with the secret key and
append/prefix the encrypted key

Requires a Public Key Infrastructure for


effective key generation and distribution
Chain of trust thing again!
CS-4513 D-term
2008

Security and Au
thentication

56

Message Digests (aka Digital Signatures)


A message digest is a non-reversable
algorithm which reduces a message to a
fixed-length summary
The summary has the property that a change
to the original will produce a new summary
The probability that the new summary is the
same as the old should be 1/(size of digest)
Silbershatz, p. 582 (15.4.1.3)
Tanenbaum, p. 590 (9.2.4)
CS-4513 D-term
2008

Security and Au
thentication

57

Message Digests (2)


There are several good (but possibly no
perfect) message digest algorithms
MD5 is probably the most common one in
use 128 bit digest
has known weaknesses

SHA-1 160 bit digest (current best choice)


[Another product of NIST]

CS-4513 D-term
2008

Security and Au
thentication

58

Conclusion
Protection in OS and distributed system is
Difficult
Important

Security is needed for


Authentication of users
Validation of communication

CS-4513 D-term
2008

Security and Au
thentication

59

Resources
Network World Security Newsletter
http://www.nwsubscribe.com
Practical advice, not a virus alert newsletter. Especially good for
the links to other security resources at the bottom of each article

CERT Coordination Center at CMU


http://www.cert.org

News about system threats, including viruses and other


problems. Source for OCTAVE papers and process
Norton AntiVirus Site (Symantec)
http://securityresponse.symantec.com/avcenter/

McAfee Security (Network Associates)


http://us.mcafee.com/virusinfo/
CS-4513 D-term
2008

Security and Au
thentication

60

Textbooks
Network Security: C. Kaufman, R. Perlman, M. Speciner,
Prentice Hall (2002)
A practical but rigorous presentation of network security issues
and techniques with emphasis on cryptographic solutions

Security Engineering: R. Anderson, Wiley (2001)


Focused on learning from past mistakes in security system design.
Excellent discussion of policies and policy models.
See authors web site (www.ross-anderson.com) if you are
interested in current research.

CS-4513 D-term
2008

Security and Au
thentication

61

Other Books
Real World Linux Security: R. Toxen, Prentice Hall (2003)
An excellent read. Lists hundreds of vulnerabilities and what to do
about them. Valuable for non Linux users too.

Windows 2003 Security Bible: B. Rampling, Wiley (2003)


Good example of a how-to book. Specific to WIN2003

The Art of Deception: K. Mitnick, Wiley (2002)


Mitnick is one of the most famous social engineers.
Must-read for those involved in broad security planning, and fun
for everyone.

CS-4513 D-term
2008

Security and Au
thentication

62