introduction to information security [email protected]
TRANSCRIPT
![Page 2: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/2.jpg)
IIS22
Overview
Definitions
Design issues
Cryptography
Security Protocols
[And08] R. J. Anderson. Security Engineering: A guide to building dependable distributed systems. John Wiley & Sons Inc, New York, Second edition, 2008. http://www.cl.cam.ac.uk/~rja14/book.html
[Sch04b] B. Schneier. Secrets and Lies: Digital Security in a Networked World. Wiley Publishing Inc, Indianapolis, Indiana, second edition, 2004. http://www.schneier.com/book-sandl.html
![Page 3: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/3.jpg)
Definitions
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
![Page 4: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/4.jpg)
Security is asset protection
IIS44
owners1
countermeasures5
threat agents7
vulnerabilities4
risk3
assets2
threats6
to reduce
leading to
that increase
that may bereduced by
that may possess
to
impose
give riseto
wish to abuse and/or may damage
may be aware of
thatexploit
wish to minimize
value
to
[ISO09] ITSEC. Information technology security techniques evaluation criteria for IT security part 1: Introduction and general model. Int. Standard ISO/IEC 15408-1, ISO/IEC, Dec 2009. http://standards.iso.org/ittf/PubliclyAvailableStandards/c050341_ISO_IEC_15408-1_2009.zip
![Page 5: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/5.jpg)
IIS55
Definitions
Availability: authorised users want the system to work as/when they expect it to
Reliability: the ability of a system or component to perform its required functions
Safety: being protected against non-desirable events (not specifically malicious)
Confidentiality: to stop unauthorised users from reading sensitive information
Integrity: Every data item/system component is as the last authorised modifier left it
Maintainability: ease with which a software product can be modified
![Page 6: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/6.jpg)
Dependability vs. Security
Availability (systems, data )
Reliability (systems )
Safety (systems )
Confidentiality (data )
Integrity (systems, data )
Maintainability (systems )
IIS66
[Avi04] A. Avižienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. on Dependable and Secure Computing, 1(1):11-33, Jan 2004. http://doi.ieeecomputersociety.org/10.1109/TDSC.2004.2
SecurityDependability
![Page 7: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/7.jpg)
IIS77
Access control model – AU3
Authentication: determine who makes request
Authorisation: determine who is trusted to do which operation on an object
Auditing: determine what happened and why
[Lam04] B. W. Lampson. Computer security in the real world. IEEE Computer, 37(6):37-46, Jun 2004. http://doi.ieeecomputersociety.org/10.1109/MC.2004.17
PrincipalDo
OperationReference
MonitorObject
Audit log
Source request guard resource
Authentication Authorisation
![Page 8: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/8.jpg)
IIS88
Privacy vs. Security
Privacy is the right of an individual to determine what information about oneself to share with others
Security can help» Selectively encrypt data
Security can hinder» Calling home to prevent piracy
» (Audit) logging
[War1890] S. D. Warren and L. D. Brandeis. The right to privacy. Harvard Law Review, 4(5):193-220, Dec 1890. http://www.jstor.org/stable/1321160
![Page 9: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/9.jpg)
Design issues
![Page 10: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/10.jpg)
IIS1010
Examples of design goals
Good:
As secure as the real world [Lam04]
Defense in depth
Make it usable
Be explicit about: naming, typing, freshness, assumptions, goals, limitations etc [And95a]
Bad:
Design security as an afterthought
Security by obscurity [Ker1883]
Make it complicated
[Ker1883] A. Kerckhoffs. La cryptographie militaire. J. des Sciences Militaires, IX:5-38, Jan 1883. http://www.petitcolas.net/fabien/kerckhoffs/
![Page 11: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/11.jpg)
IIS1111
Tools
Policy – what is supposed to happen?» Access control
Mechanisms – how should it happen?» Tamper resistance
» Biometrics
» Cryptography, Hashing, Random numbers
Assurance – does it work?» Risk management
» Protocol verification
![Page 12: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/12.jpg)
IIS1212
Attacks
Definition: a successful exploitation of a vulnerability
Examples:» Attacker shuts you out by trying to log in as you
» Cold boot attack (remember the movie?)
[Hal08] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold boot attacks on encryption keys. In 17th USENIX Security Symp., pp 45-60, San Jose, California, Jul 2008. USENIX Association. http://citp.princeton.edu/memory/
![Page 13: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/13.jpg)
Cryptography
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
![Page 14: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/14.jpg)
Algorithms + keys
Cipher (aka cryptosystem)» “Public” algorithm +
» Secret keys
IIS1414
encrypt decrypt“attack” “sdwr$350” “attack”“gfd6#Q”
![Page 15: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/15.jpg)
IIS1515
Symmetric ciphers
Public algorithm + one secret key
Standard algorithms: DES, AES
Example: one time pad
01011001 Message
01010101 Secret key
----------------- XOR
00001100 Cipher text
01010101 Secret key
----------------- XOR
01011001 Decrypted message
![Page 16: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/16.jpg)
IIS1616
Asymmetric ciphers
Public algorithm+private key+public key
Example: El Gamal
» Multiplicative group Zn*={1...n-1} with n prime
» Generator g: Zn* = { gi | i N }
» Private key: x Zn*
» Public key: h = gx
» Salt: y R Zn*
» Enc(m,h): (c,d) = (mhy, gy)
» Dec((c,d),x): c/dx
Exercise: prove that this works...
All calculationsmodulo n
![Page 17: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/17.jpg)
IIS1717
Random numbers
Pseudo random in SW True random in HW Standard statistical tests
» NIST web site
For example» Linear Congruential Method» r0 = s» rn+1=(a rn+c) mod m» Cyclic » Deterministic
![Page 18: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/18.jpg)
IIS1818
Hash functions
Map arbitrary bit string to fixed size output» Easy to calculate for given input
» Practically impossible to invert
» Extremely unlikely that two inputs give the same hash
For example» Knuth’s variant on Division
» Hash(n) = n(n+h) mod m
» Try it out…
![Page 19: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/19.jpg)
IIS1919
Visual Cryptography
[Nao97] M. Naor and B. Pinkas. Visual authentication and identification. In Burton S. Kaliski Jr., editor, 17th Int. Conf. on Advances in Cryptology (CRYPTO), volume LNCS 1294, pages 322-336, Santa Barbara, California, Aug 1997. Springer. http://www.springerlink.com/content/ghv31wm0pexkd3kq/
![Page 20: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/20.jpg)
Security Protocols
[And95a] R. J. Anderson and R. Needham. Programming satan's computer. In J. van Leeuwen, editor, Computer Science Today, volume LNCS 1000, pages 426-440. Springer, 1995. http://dx.doi.org/10.1007/BFb0015258
![Page 21: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/21.jpg)
IIS2121
Definitions
Sequence of communications by two or more parties to achieve security objective(s)
Not like this (why?):
A B: A “Hi, I’m Alice”
B A: Enter password: “Prove It!”
A B: $R%&^8! “Here’s the proof”
![Page 22: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/22.jpg)
IIS2222
Eve can:» See all messages
» Delete, alter, inject and redirect messages
» Initiate new communications
» Reuse messages from past sessions
Eve cannot:» Solve “hard” problems (such as?)
» Guess pseudo-random values (eg. nonces)
» Get another identity (identity theft)
» Time computations
What to do: Make everything explicit
Dolev Yao attacker model
![Page 23: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/23.jpg)
IIS2323
Design is hard
‘‘Security protocols are three line programs that people still manage to get wrong’’ (Roger Needham)
[Low96] G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key protocol using FDR. In 2nd Int. Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume LNCS 1055, pages 147-166, Passau, Germany, Mar 1996. Springer. http://dx.doi.org/10.1007/3-540-61042-1_43
![Page 24: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/24.jpg)
IIS2424
Authentication protocol (1)
What’s the problem with this?» The nonce Nb leaks, so it cannot be used to secure
the session
A B: A “Hi, I’m Alice”
B A: Enc(Nb,PKa) “Prove It!”
A B: Nb “Here’s the proof”
![Page 25: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/25.jpg)
IIS2525
Authentication protocol (2)
(Wo)man in the middle attack:
A B: A “Hi, I’m Alice”
B A: Enc(Nb,PKa) “Prove It!”
A B: Enc(Nb,PKb) “Here’s the proof”
A E B : A B receives “A” from E
B E A : Enc(Nb,PKa) E uses A to decrypt Nb
A E : Enc(Nb,PKe) Now E has Nb
E B : Enc(Nb,PKb) E fools B
![Page 26: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/26.jpg)
IIS2626
Authentication protocol (3)
Does it work now?
A B: A “Hi, I’m Alice”
B A: Enc({B,Nb},PKa) “Prove It!”
A B: Enc(Nb,PKb) “Here’s the proof”
A E B : A “Hi, I’m Alice”
B E A : Enc({B,Nb},PKa) A can see that the message is not from E
![Page 27: Introduction to Information Security Pieter.Hartel@utwente.nl](https://reader036.vdocuments.site/reader036/viewer/2022081515/56649d305503460f94a095cc/html5/thumbnails/27.jpg)
IIS2727
Conclusions
Consider the system as a whole
Know your enemy
Be explicit
Use standard tools