security engineering - iit madras cse dept.chester/courses/17o_sse/slides/2_threats.pdf · security...
TRANSCRIPT
SecurityEngineering
ChesterRebeiroIITMadras
Examplesmo<vatedfromProf.NickolaiZeldovichlectures;partofMITOpencourseWork
ThreatAssump<ons• Assump<onsabouttheaNacker
– IstheaNackerallpowerful?(Theore<cal;verydifficulttoachieveinprac<ce)
– WhatcantheaNackerdo?(guesskeywords;sniffkeystrokes;co-residesonthesamemachine)
– Isagovernmentanadversary?(Snowdenrevela<ons;hardwaretrojans;mayneedmoreassuranceaboutthehardware)
– InsideraNackers (knowledgeoftheen<resystemarchitecture,securitypoliciesleaked)
4
SecurityGoalsAnysecuritysystemmustaddressthefollowinggoals• Confiden<ality
keepdatasecretexcepttoauthorizedusers
• Integrity– preventunauthorizedusersfrommakingmodifica<ons– Preventauthorizedusersfrommakingimpropermodifica<ons
• Availabilityofdatatounauthorizedusers– HandleDenialofService,lossduetonaturaldisasters,equipmentfailure
5
eg.Moodle,facebook
SecurityPolicy• Documentthatoutlinestherules,laws,andprac<cessothat
securitygoalsareachieved.• Highlevelstatementsgenerallysignedbythecompany’sCEO
– Doesnotgointothetechnicaldetailsofhowsecuritygoalsareachieved
7
SecurityPolicyforanITLaboratory• ForaLabsecurity• Thisistakenfrom
hNps://www.sans.org/security-resources/policies/server-security/pdf/lab-security-policy
• Notethehighlevellanguage,succentstatements,andnodetailsabouthowthethepolicyisimplemented
8
Whatdoesitinvolve?
• Securitygoals• Securitypolicy• SecurityMechanism
Implementa<onaspectsforthepolicy.(involvescode,crypto,protocols,standards,…)
• Threatassump<ons
13
What’stheBigDealaboutSecurityEngineering?
• Asecuritysystemshould– Allowauthorizedusersaccesstoaresource– Disallowallotherusersaccesstotheresource(inspiteofusershavingsupremepower,accesstosourcecode,etc.)(weakestlinkma-ers)
14
eg.MoodleAssignmentsubmissionsshouldbeaccessibletoallTAsàthisiseasilyachievedAssignmentsubmissionsshouldnotbeaccessibletoanyonebuttheTasànotthateasy!
Whatcangowrong?
Therecanbemistakesineachofthese• Securitypolicy• SecurityMechanism
• Threatassump<ons
15
MessingupSecurityPolicies
16hNps://en.wikipedia.org/wiki/Sarah_Palin_email_hack
ForgotPasswordSecurityQues:ons
MessingupSecurityPolicies
17
Whenforgotpasswordsendsa“ResetPassword”toabackupemailaddress
hNps://www.theverge.com/2012/8/6/3224597/mat-honan-hacked-apple-icloud-google-twiNer
Inaspanofonehour• Googleaccountdeleted• TwiNeraccountcompromised• AppleIDbrokeninto• Remotelyerasedalldataon
iPhone,iPad,andMacBook
Hacked!• DaisyChainedAccounts
18
AmazonAccount
iPhoneAccount
GoogleAccount
TwiNerAccount
Theul<mateobjec<veofthehacker
Thelast4digitsofthecreditcardiPhonethoughtthiswasprivateinforma<onAmazonthoughtthiswaspublicinforma<on
HowtoAvoidPolicyMistakes?
• Couldbeconserva<ve– eg.Nowaytorecoverpassword(brutal!!!)
• Needtothinkhard• Needtothinkoftheen<resystem
– Difficultespeciallyfordistributedsystems
• Formallyverifyifyourpolicyiscomplete– Wouldneedamathema<calrepresenta<onofthepolicy
20
ThreatAssump<ons(Whatcangowrong?)
• Threatmodelchangewith<me
22
Kerberos,inventedin1980s,usedDESwith56bitkeysforencryp<on
Kerberos,inventedin1990s,s:llusedDESwith56bitkeysforencryp<on
56bitkeyspreNysafeinthe80s.
56bitkeyscannotbeprac<callybrokeninthe90sinasingleday(withspecializedhardware)
1980s 1990s
DESwentobsolete,butnobodythoughtofchangingKerberos
ThreatAssump<ons(Whatcangowrong?)
• Isthegovernmentanadversary?
23
Hardwarebackdoors
Cannotassumeyourhardwareissafe
DoyouneedtoWorryaboutClonedHardware?
ThreatAssump<ons(whatcangowrong?)
24
• Trustedpar:esmaygetcompromised
• Example:DigiNotar(aDutchCer<fyingAuthority)compromisedin2011.– Issuedfraudulentcer<ficates
whichwereusedtoconductman-in-the-middleaNacksagainstGoogle,Yahoo,Mozilla,andmanyotherservices
– Targeted300,000gmailusers– SuspectedtobeworkofaGovernment
ThreatAssump<ons(Whatcangowrong?)
• Improperuseofcrypto
25
• Supposetheprimegenera<onforRSAwasfaulty– Sothat,primesgeneratedwerealwaysfromasmallsubset– Then,RSAcanbebroken
• PairwiseGCDofoveramillionRSAmoduliicollectedfromtheInternetshowedthat– 2in1000haveacommonprimefactor
RonwasWrong,Whitisright,2012
ThreatAssump<ons(Whatcangowrong?)
• Insiderscannotbetrusted1980shadaninsiderinser<ngbackdoorsinasecureOSusedformilitaryapplica<onstheaNackercouldgetaccesstothesystemthroughthebackdoor
26
ThreatAssump<ons(whatcanbedone?)
• BeNerunderstandingofpossibleweaknesses• Adaptwith<me• Moreencompassingthreatmodels• Physicallyunclonablefunc<ons• Developedinhouse
27
SecurityMechanisms(Whatcangowrong?)
• DuetoProgrammers– Forget– Don’tknow– Onlylookforfunc<onal
correctness
• ProgrammingLanguages– Donotinherentlydocertainchecks
28
NumberofPasswordANempts
29
WebsitestypicallyhaveNpassworda-emptsbeforeyouraccountisblockedPasswordsarenotverydifficulttocrack(seeJohntheRipper:hNp://www.openwall.com/john/)combinedwiththefactthatmanypeoplearenotverysmartatsenngpasswords(oneofthemostfamouspasswordsispassword)(hNp://www.telegraph.co.uk/technology/2017/01/16/worlds-common-passwords-revealed-using)Whathappensiftheprogrammerforgetstodothecountcheck?Disasterany<me
NumberofPasswordANemptsApple’siCloudpassword-guessingratelimitsTheiCloudhasmanyservicesandmanyAPIs.Oneserviceforgottoimplementlimi<ngtheno.ofpasswordtrials.Adversarycouldtryinfinite<mes
30hNps://github.com/hackappcom/ibrute
MissingAccessControlChecks
Ci<bankdatabreachin2011
31
Ci<’sLoginPageEntersusernameandpasswordLOGIN
Webpage2TheURLcontainstheaccountnumberoftheuser
Changetheaccountnumberinthispageandyouwillgetanotheruser’saccountdetails
hNp://www.ny<mes.com/2011/06/14/technology/14security.html
SeedingtheRandomNumberGenerator
• RandomnumbersgeneratedbyPRSG• PRSGneedstobefedanini<alvaluecalledseed.• Iftheseedareequal,therandomnumbersgeneratedarethe
same.
32
BitcoinThep• Randomnumbersusedtogeneratesecretkeysandmake
Bitcointransac<ons• IfanaNackerstealstherandomnumber,bitcoinsarestolen• Android’sJavaSecureRandomAPIforgottoseedthePRSGin
certaincases.Seedwasini<alizedto0.Randomnumberscanbethenpredicted,keyscanthenbestolen
33hNps://bitcoin.org/en/alert/2013-08-11-android