What Are the Threats - Center for Computer Systems Security (1)

Document Sample
What Are the Threats  - Center for Computer Systems Security (1) Powered By Docstoc
					Dr. Jelena Mirkovic
University of Southern California
Information Sciences Institute
 Ifyou wish to enroll and do not have D
  clearance yet, send an email to with:
  oYour name
  oWhich prerequisites you have completed
  oA phone number
  oRequest to receive a D clearance
I   will let you know within a day or two
  oLecture notes (also on DEN)
 Keep checking it!
 o1 of the 4 units
 oInstructor is David Morgan
 oInstruction 4 – 4:50 Fridays in RTH105
   WebCast via DEN
   Hands on work in the lab – exercising the
    theoretical knowledge from class
   Some labs will be done remotely using DETER
 Four reports, due as noted online
 Each discusses a paper of your choice from a
  few top security conferences/journals
  oSummary of the paper and its critique
  oYour ideas on the topic
  o2-4 pages, submitted via DEN
  oYou can submit reports early if you like
 One report from each student will be chosen
  for presentation in class
 Total 20% of your grade, 4% each
4   quizzes
  oDone before each DETER exercise
  oRepeated after the exercise
  oYou MUST take each quiz
 Total 5% of your grade
 Class  e-mail: (TA and inst)
 Instructor
  oDr. Jelena Mirkovic
  oOffice hours Fri 12:30-1:30pm or by appt
  in SAL 234
 oContact via email (on class web page)
 TA
 oMelina Demertzi
 oOffice hours Tu and We 10-11 am
 oContact via email (on class web page)
 Grading:
  oPaper reports/presentations: 20%
  oLab: 20%
  oQuizzes: 5%
  oParticipation: 5%
  oMidterm Exam: 20%
  oFinal Exam: 30%
 Grades assigned using an absolute curve:

  A    A-   B+   B    B-   C+   C    C-   D+   D    D
  93   90   86   83   80   76   73   70   66   63   60
 DEN system will host the class discussion
 oTo gain access and log in
 oContact if you have
  difficulty with the system
 oI will check the discussion board once daily
  but if you want a reliable response from me
  email me directly
 Class   participation is important
  oAsk and answer questions in class
  oAsk, answer, participate on-line
 Class participation carries 5% of your grade
  oIf I don’t remember you from class, I look in the
   web discussion forum to check participation
    Did you ask good questions
    Did you provide good answers
    Did you make good points in discussions
 oFor DEN students, discussion board is the
   primary means of class participation
    You can also call into the class if you like
 What   is and is not OK
 oI encourage you to work with others to learn the
  material but everyone must DO their work ALONE
 oDo not to turn in the work of others
 oDo not give others your work to use as their own
 oDo not plagiarize from others (published or not)
 oDo not try to deceive the instructors
 See   the Web site
 oMore guidelines on academic integrity
 oLinks to university resources
 oDon’t just assume you know what is acceptable.
 No   one should be able to:
 o   Break into my house
 o   Attack me
 o   Steal my TV
 o   Use my house to throw water balloons on
 o   Damage my furniture
 o   Pretend to be my friend Bob and fool me
 o   Waste my time with irrelevant things
 o   Prevent me from going to my favorite
 o   Destroy my road, bridge, city ..
 No   one should be able to:
 o   Break into my computer
 o   Attack my computer
 o   Steal my information
 o   Use my computer to attack others
 o   Damage my computer or data
 o   Use my resources without my permission
 o   Mess with my physical world
I   want to talk to Alice
 o   Pretend to be Alice or myself or our computers
 o   Prevent me from communicating with Alice
 An   isolated computer has a security risk?
 o   Computer security aims to protect a single,
     connected, machine
 Networking  = communication at all times
 and in all scenarios!!!
 o   Network security aims to protect the
     communication and all its participants

       Computer security   Network security

 Security    = robustness or fault tolerance?
 Breaking    into my computer
 o   Hackers
      Break a password or sniff it off the network
      Exploit a vulnerability

             A vulnerability is a bug in the software that creates
             unexpected computer behavior when exploited, such
             as enabling access without login, running unauthorized
             code or crashing the computer.
             An exploit is an input to the buggy program that makes
             use of the existing vulnerability.
      Use social engineering
      Impersonate someone I trust
 o   Viruses and worms
 Attacking   my computer
 o   Denial-of-service attacks
               A DOS attack aims to disrupt a service by either
               exploiting a vulnerability or by sending a lot of
               bogus messages to a computer offering a service

 o   Viruses and some worms
                A virus is a self-replicating program that requires
                user action to activate such as clicking on E-mail,
                downloading an infected file or inserting an infected
                floppy, CD, etc ..
                A worm is a self-replicating program that does not
                require user action to activate. It propagates itself
                over the network, infects any vulnerable machine it
                finds and then spreads from it further.
 Stealing   my information
 o   From my computer or from communication
 o   I will use cryptography!
      There are many ways to break ciphers
      There are many ways to divulge partial
       information (e.g. who do you talk to)
 o   I would also like to hide who I talk to and when
      I will use anonymization techniques
      Anonymization hinders other security
       approaches that build models of normal
       traffic patterns
 Using   my machine to attack others
 o   E-mail viruses
 o   Worms
 o   Denial-of-service attacks (including reflector
 o   Spam, phishing
 Damaging     my computer or data
 o   I have to prevent break-ins
 o   I will also use cryptography to detect
 o   I must replicate data to recover from
 o   Denial-of-service attacks and worms can
     sometimes damage computers
       up my resources with irrelevant
 Taking
 o   Denial-of-service attacks
 o   Spam mail (takes time to read and fills space)
 o   Malicious mail (may contain a virus)
 o   Viruses and worms
 Messing        up with my physical world
 o   Cyber-physical attacks or collateral victims
     o   Power systems, traffic control, utilities
     o   Travel agencies
     o   Medical devices
     o   Smart vehicles
 Pretending    to be Alice or myself or our
 o   I want to be sure who I am talking to
     (authentication and digital signatures)
 o   It is hard to impersonate a computer in two-
     way communication, such as TCP
      But it has been done
 o   Plain IP spoofing seems an extremely hard
     problem to solve
               IP spoofing means putting a fake IP address in the
               sender field of IP packets.
 Preventing   me from communicating with
 o   Alice could be attacked
 o   Routers could be overloaded or tampered with
 o   DNS servers could be attacked
 Confidentiality   (C)
  oKeep data secret from non-participants
 Integrity (I)
  oAka “authenticity”
  oKeep data from being modified
  oKeep it functioning properly
 Availability (A)
  o Keep the system running and reachable
 No   one should be able to:
 oBreak into my computer – A, C, I
 oAttack my computer – A, C, I
 oSteal my information - C
 oUse my computer to attack others – I?
 oDamage my computer or data - I
 o   Use my resources without my permission – A
 o   Mess with my physical world – I, A
I   want to talk to Alice
 o   Pretend to be Alice or myself or our computers – C, I
 o   Prevent me from communicating with Alice - A
 Policy
 oDeciding what confidentiality, integrity and
   availability mean
 Mechanism
 oImplementing the policy
 Your   security frequently depends on
  oTragedy of commons
 A good solution must
  o Handle the problem to a great extent
  o Handle future variations of the problem, too
  o Be inexpensive
  o Have economic incentive
  o Require a few deployment points
  o Require non-specific deployment points
 Fighting   a live enemy
 o   Security is an adversarial field
 o   No problem is likely to be completely solved
 o   New advances lead to improvement of attack
 o   Researchers must play a double game
 Attack  patterns change
 Often there is scarce attack data
 Testing security systems requires
  reproducing or simulating legitimate and
 o   No agreement about realistic traffic patterns
 No agreement about metrics
 There is no standardized evaluation
 Some security problems require a lot of
  resources to be reproduced realistically
 Risk   analysis and risk management
  o How important it is to enforce a policy
  o Which threats matter
  o Legislation may play a role
 The role of trust
  o Assumptions are necessary
 Human factors
  o The weakest link
 Motivation
  o Bragging Rights
  o Profit (Spam, Scam, Phishing, Extortion)
  o Revenge / to inflict damage
  o Terrorism, politics
 Risk to the attacker
  o Usually small
  o Can play a defensive role
 Buggy  code
 Protocol design failures
 Weak crypto
 Social engineering/human factor
 Insider threats
 Poor configuration
 Incorrect policy specification
 Stolen keys or identities
 Misplaced incentives (DoS, spoofing, tragedy
  of commons)
 Policy defines what is allowed and how the
  system and security mechanisms should act
 Policy is enforced by mechanism which
  interprets and enforces it, e.g.
  o Firewalls
  o IDS
  o Access control lists
 Implemented as
  o Software (which must be implemented correctly and
   without vulnerabilities)
 Encryption          VPNs
 Checksums           Intrusion Detection
 Key management      Intrusion Response
 Authentication      Virus scanners
 Authorization       Policy managers
 Accounting          Trusted hw
 Firewalls
 Most  deployment of security services today
 handles the easy stuff, implementing security
 at a single point in the network, or at a single
 layer in the protocol stack:
 o Firewalls, VPN’s
 o IPSec
 o SSL
 o Virus scanners
 o Intrusion detection
 Unfortunately,    security isn’t that easy. It must
 be better integrated with the application.
 o At the level at which it must ultimately be specified,
   security policies pertain to application level objects,
   and identify application level entities (users).
 Security  is made even more difficult to
 implement since today’s systems lack a
 central point of control.
 o Home machines unmanaged
 o Networks managed by different organizations.
 o A single function touches machines managed by
   different parties.
    Clouds
 o Who is in control?
 Goal:  Protect private communication in
  the public world
 Alice and Bob are shouting messages in a
  crowded room
 Everyone can hear what they are saying
  but no one can understand (except them)
 We have to scramble the messages so
  they look like nonsense or alternatively
  like innocent text
 Only Alice and Bob know how to get the
  real messages out of the scramble
 Authentication
 o   Bob should be able to verify that Alice has
     created the message
 Integrity   checking
 o   Bob should be able to verify that message has
     not been modified
 Non-repudiation
 o   Alice cannot deny that she indeed sent the
 Exchanging   a secret with someone you
  have never met, shouting in a room full
  of people
 Proving to someone you know some
  secret without giving it away
 Sending secret messages to any m out of
  n people so only those m can retrieve
  messages and the rest n-m cannot
 Sending a secret message so that it can
  be retrieved only if m out of n people
  agree to retrieve it
      could give a message covertly
 Alice
 “Meeting at the old place”
  o Doesn’t work for arbitrary messages and
  o Doesn’t work if Alice and Bob don’t know
    each other
 Alice could hide her message in some
  other text – steganography
 Alice could change the message in a
  secret way
   o Bob has to learn a new algorithm
   o Secret algorithms can be broken by bad guys
                 Good cryptography assumes knowledge of algorithm
                 by anyone, secret lies in a key!!!
 Substitute  each letter with a letter which
  is 3 letters later in the alphabet
    o HELLO becomes KHOOR
 Instead of using number 3 we could use
  n [1,25]. n would be our key
 How can we break this cipher? Can you
  decipher this:
  Bpqa kzgxbwozixpg ammua zmit miag.
  Em eivb uwzm!
 We  can also choose a mapping for each
  (H is A, E is M, L is K, O is Y). This
  mapping would be our key. This is
  monoalphabetic cipher.
   o HELLO becomes AMKKY
 How can we break this cipher?
 Symmetric   key crypto: one key
   o We will call this secret key or shared key
   o Both Alice and Bob know the same key
 Asymmetric key crypto: two keys
   o Alice has public key and private key
   o Everyone knows Alice’s public key but only
     Alice knows her private key
   o One can encrypt with public key and decrypt
     with private key or vice versa
 Hash   functions: no key
   o Output depends on input in non-linear

Shared By:
pptfiles pptfiles