SlideShare a Scribd company logo

Security R U Totally Secure !

Download as PPT, PDF
trendy updates
trendy updates

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization. As noted by the Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3, security provides "a form of protection where a separation is created between the assets and the threat." These separations are generically called "controls," and sometimes include changes to the asset or the threat

Education
1 of 29
1
SECURITY In This Chapter:   The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing Security Defenses Firewalling to Protect Systems and Networks Computer-Security Classifications An Example: Windows XP 15:Security 2
SECURITY SECURITY ISSUES:   External protection of a system. A classified site goes to extraordinary lengths to keep things physically tight. Among the issues to be considered: Unauthorized access Mechanism assuring only authorized individuals see classified materials. Malicious modification or destruction Accidental introduction of inconsistency. Authentication How do we know the user is who she says she is. Can have passwords on domains.   15:Security 3 Protection of passwords is difficult. Issues include: • It's very easy to guess passwords since people use simple and easily remembered words. • Need exists to change passwords continually. • Limiting number of tries before locking up.
SECURITY 15:Security 4Security Issues Trojan Horse: A piece of code that misuses its environment. The program seems innocent enough, however when executed, unexpected behavior occurs. Trap Doors: Inserting a method of breaching security in a system. For instance, some secret set of inputs to a program might provide special privileges. Threat monitoring: Look for unusual activity. Once access is gained, how do you identify someone acting in an unusual fashion? Audit Log: Record time, user, and type of access on all objects. Trace problems back to source. Worms Use spawning mechanism; standalone programs. Internet Worm: In the Internet worm, Robert Morse exploited UNIX networking features (remote access) as well as bugs in finger and sendmail programs. Grappling hook program uploaded main worm program. Viruses Fragment of code embedded in a legitimate program. Mainly effects personal PC systems. These are often downloaded via e-mail or as active components in web pages. Firewall A mechanism that allows only certain traffic between trusted and un- trusted systems. Often applied to a way to keep unwanted internet traffic away from a system.
SECURITY ATTACK METHODS:   Attacks on a distributed system include:    Passive wiretapping. ( unauthorized interception/reading of messages )  Active wiretapping:   Modification Changing a portion of the message.   Spurious messages Introducing bogus messages with valid addresses and consistency criteria.   Site impersonation Claiming to be some other logical node.   Replay of previous transmission - repeating previous valid messages. (for example, authorization of cash withdrawal.)   15:Security 5Typical Security Attacks
SECURITY ATTACK METHODS:   15:Security 6 Typical Security Attacks
SECURITY ATTACK METHODS:  Trojan Horse  Code segment that misuses its environment  Exploits mechanisms for allowing programs written by users to be executed by other users  Spyware, pop-up browser windows, covert channels  Trap Door  Specific user identifier or password that circumvents normal security procedures  Could be included in a compiler  Logic Bomb  Program that initiates a security incident under certain circumstances  Stack and Buffer Overflow  Exploits a bug in a program (overflow either the stack or memory buffers) 15:Security 7 Typical Security Attacks
SECURITY Example of Buffer Overflow Waiting To Happen: #include <stdio.h> #define BUFFER SIZE 256 int main(int argc, char *argv[]) { char buffer[BUFFER SIZE]; int other_data; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; } } 15:Security 8 Typical Security Attacks
SECURITY Viruses  Code fragment embedded in legitimate program  Very specific to CPU architecture, operating system, applications  Usually borne via email or as a macro Visual Basic Macro to reformat hard drive Sub AutoOpen() Dim oFS Set oFS = CreateObject(’’Scripting.FileSystemObject’’) vs = Shell(’’c:command.com /k format c:’’,vbHide) End Sub 15:Security 9 Typical Security Attacks
SECURITY A Boot Sector Virus 15:Security 10 Typical Security Attacks
SECURITY System And Network Threats  Worms – use spawn mechanism; standalone program  Internet worm  Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs. (See next slide)  Grappling hook program uploaded main worm program  Port scanning  Automated attempt to connect to a range of ports on one or a range of IP addresses  Denial of Service  Overload the targeted computer preventing it from doing any useful work  Distributed denial-of-service (DDOS) come from multiple sites at once 15:Security 11 Typical Security Attacks
SECURITY Stuxnet 15:Security 12 Stuxnet is a computer worm discovered in June 2010. It initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. Different variants of Stuxnet targeted five Iranian organizations, with the probable target widely suspected to be the uranium enrichment infrastructure in Iran. It is initially spread using infected removable drives such as USB flash drives, and then uses other exploits and techniques to infect and update other computers inside private networks that are not directly connected to the Internet. The malware has both user-mode and kernel-mode rootkit capability under Windows, and its device drivers have been digitally signed with the private keys of two certificates that were stolen from two separate companies. The driver signing helped it install kernel mode rootkit drivers successfully and therefore remain undetected for a relatively long period of time. Once installed on Windows Stuxnet infects files belonging to Siemens' control software[3 and subverts a communication library. Doing so intercepts communications between software running under Windows and the target Siemens devices. The malware can install itself on PLC devices unnoticed. Stuxnet malware periodically modifies a control frequency to and thus affects the operation of the connected centrifuge motors by changing their rotational speed. Siemens Simatic S7-300 PLC CPU with three I/O modules attached
SECURITY Password stealing – Easiest way is through social means fake deposit slips easily guessable passwords calling people on the phone and asking for passwords (or Credit Card numbers, for that matter) – Technological approaches also simple one: leave program running on a terminal that fakes the login sequence. Capture user name and password to a file and then exit with a fake error message, returning control to the real login process – Unix password files used to be openly available (encrypted password). Lends itself to brute-force cracking. Unfortunately some programs require access to the password file to run (e.g., mail)  also unfortunately Unix only uses first eight characters of password 15:Security 13 Authentication SecurID – uses a preprogrammed string of characters
SECURITY Password stealing – Easiest way is through social means fake deposit slips easily guessable passwords calling people on the phone and asking for passwords (or Credit Card numbers, for that matter) – Technological approaches also simple one: leave program running on a terminal that fakes the login sequence. Capture user name and password to a file and then exit with a fake error message, returning control to the real login process – Unix password files used to be openly available (encrypted password). Lends itself to brute-force cracking. Unfortunately some programs require access to the password file to run (e.g., mail)  also unfortunately Unix only uses first eight characters of password 15:Security 14 Authentication SecurID – uses a preprogrammed string of characters
SECURITY 15:Security 15 NSA Exploitation Edward Snowden made public documents that reveal Government agencies: •consider it essential to be able to view encrypted data •have adopted a battery of methods in their assault on this biggest threats Those methods include •control over setting of international encryption standards, •the use of supercomputers to break encryption with "brute force", •Collaboration with technology companies and internet service providers themselves •“Man in the middle” attacks on the communication channels themselves.
SECURITY DEFINITIONS:   Encryption: C = E( M, Ke ) E = Encyphering Algorithm M = Message - plain text Ke = Encryption key C = Cyphered text  Decryption: M = D( C, Kd )   D = Decyphering Algorithm Kd = Decryption key 15:Security 16 Cryptography
SECURITY DEFINITIONS:   Cryptosystems are either Conventional or Public Key  Conventional is symmetric; Ke = Kd , so the key must be kept secret. Algorithms are simple to describe, but complex in the number of operations.  Public key is asymmetric; Ke != Kd , so Ke can be made public. Kd is secret and can't easily be derived from Ke .   Security against attack is either:  Unconditionally secure - Ke can't be determined regardless of available computational power.  Computationally secure: - calculation of Kd is economically unfeasible ( it would overwhelm all available computing facilities.)   The only known unconditionally secure system in common use!  Involves a random key that has the same length as the plain text to be encrypted.  The key is used once and then discarded. The key is exclusively OR'd with the message to produce the cypher.  Given the key and the cypher, the receiver uses the same method to reproduce the message. 15:Security 17 Cryptography
SECURITY DATA ENCRYPTION STANDARD ( DES ):    The official National Institute of Standards and Technology (NIST), (formerly the National Bureau of Standards) encryption for use by Federal agencies.  The source of security is the non-linear many-to-one function applied to a block of data. This function uses transposition and substitution. The algorithm is public, but the key (56 bits) is secret.  Computational power today can crack a 56 bit code.  In common use today is Triple DES in which 3 different keys are used, making the effective key length 168 bits. 15:Security 18Data Encryption Standard
SECURITY The general principle is this: 1. Any RECEIVER A uses an algorithm to calculate an encryption key KEa and a decryption key KDa. 2. Then the receiver PUBLICIZES KEa to anyone who cares to hear. But the receiver keeps secret the decryption key KDa. 3. User B sends a message to A by first encrypting that message using the publicized key for that receiver A, KEa. 4. Since only A knows how to decrypt the message, it's secure.  15:Security 19Public Key Cryptosystems Public Key Repository KEa KEb KEc
SECURITY To be effective, a system must satisfy the following rules:   a) Given plaintext and ciphertext, the problem of determining the keys is computationally complex. b) It is easy to generate matched pairs of keys Ke, Kd that satisfy the property D( E( M, Ke ), Kd ) = M.   This implies some sort of trapdoor, such that Ke and Kd can be calculated from first principles, but one can't be derived from the other.   c) The encryption and decryption functions E and D are efficient and easy to use. d) Given Ke , the problem of determining Kd is computationally complex. What is computationally difficult? Problems that can't easily be calculated in a finite time. Examples include: factoring the product of two very large prime numbers; the knapsack problem. These problems are NP complete - solution times are exponential in the size of the sample. 15:Security 20Public Key Cryptosystems
SECURITY To be effective, a system must satisfy the following rules:   e) For almost all messages it must be computationally unfeasible to find ciphertext key pairs that will produce the message. (In other words, an attacker is forced to discover the true (M,Ke) pair that was used to create the ciphertext C.)   f) Decryption is the inverse of encryption.   E( D( M, Kd ), Ke ) = D( E( M, Ke ), Kd ) 15:Security 21Public Key Cryptosystems
SECURITY AN EXAMPLE:   1. Two large prime numbers p and q are selected using some efficient test for primality. These numbers are secret: 2. The product n = p * q is computed. 3. The number Kd > max( p, q ) is picked at random from the set of integers that are relatively prime to and less than L(n) = ( p - 1 ) ( q - 1). 4. The integer Ke , 0 < Ke < L(n) is computed from L(n) and Kd such that Ke * Kd = 1 (mod L(n)). 15:Security 22Public Key Cryptosystems Let p = 3, q = 11 n = 3 * 11 = 33. L(n) = ( p - 1 ) ( q - 1 ) = 20. Choose Kd > 11 and prime to 20. Choose Kd = 13. 0 < Ke < 20 Ke = 17. (since 17 * 13 = 221 = 1 ( mod 20 ) )
SECURITY AN EXAMPLE:   Separate the text to be encoded into chunks with values 0 - ( n - 1 ). 15:Security 23Public Key Cryptosystems In our example, we'll use < space = 0, A = 1, B = 2, C = 3, D = 4, E = 5 >. Then " B A D <sp> B E E " --> "21 04 00 25 05" 21 ^ 17 ( mod 33 ) = 21. 21 ^ 13 ( mod 33 ) = 21. 04 ^ 17 ( mod 33 ) = 16. 16 ^ 13 ( mod 33 ) = 04. 00 ^ 17 ( mod 33 ) = 00. 00 ^ 13 ( mod 33 ) = 00. 25 ^ 17 ( mod 33 ) = 31. 31 ^ 13 ( mod 33 ) = 25. 05 ^ 17 ( mod 33 ) = 14. 14 ^ 13 ( mod 33 ) = 05. This whole operation works because, though n and Ke are known, p and q are not public. Thus Kd is hard to guess. [Note: recently a 100 digit number was successfully factored into two prime numbers.]
SECURITY AUTHENTICATION AND DIGITAL SIGNATURES:   Sender Authentication: In a public key system, how does the receiver know who sent a message (since the receiver's encryption key is public)?   Suppose A sends message M to B:   a) A DECRYPTS M using A's Kd(A ) . b) A attaches its identification to the message. c) A ENCRYPTS the entire message using B's encryption, Ke(B) C = E ( ( A, D( M, Kd(A) ) ), Ke(B) ) d) B decrypts using its private key Kd(A) to produce the pair A, D( M, Kd(A) ). e) Since the proclaimed sender is A, B knows to use the public encryption key Ke(A).   Capture/Replay In this case, a third party could capture / replay a message. The solution is to use a rapidly changing value such as time or a sequence number as part of the message. 15:Security 24 Public Key Cryptosystems
SECURITY Man-in-the-middle Attack on Asymmetric Cryptography   15:Security 25 Public Key Cryptosystems Sender Receiver Here are the attack steps for this scenario: 1.Sender wishes to send a message to Receiver. 2.S asks R for its encryption key. 3.When R returns key, that key is intercepted by the attacker who substitutes her key. 4.Sender encrypts message using this bogus key and returns it. 5.Since the attacker is the owner of this bogus key, the attacker can read the message.
SECURITY Insertion of cryptography at one layer of the ISO network model (the transport layer) SSL – Secure Socket Layer (also called TLS) Cryptographic protocol that limits two computers to only exchange messages with each other  Very complicated, with many variations Used between web servers and browsers for secure communication (credit card numbers) The server is verified with a certificate assuring client is talking to correct server Asymmetric cryptography used to establish a secure session key (symmetric encryption) for bulk of communication during session Communication between each computer uses symmetric key cryptography 15:Security 26 Example - SSL
SECURITY Security is based on user accounts  Each user has unique security ID  Login to ID creates security access token Includes security ID for user, for user’s groups, and special privileges Every process gets copy of token System checks token to determine if access allowed or denied Uses a subject model to ensure access security. A subject tracks and manages permissions for each program that a user runs Each object in Windows XP has a security attribute defined by a security descriptor  For example, a file has a security descriptor that indicates the access permissions for all users 15:Security 27 Example – Windows 7
SECURITY U.S. Department of Defense outlines four divisions of computer security: A, B, C, and D.  D – Minimal security.  C – Provides discretionary protection through auditing. Divided into C1 and C2. C1 identifies cooperating users with the same level of protection. C2 allows user-level access control.  B – All the properties of C, however each object may have unique sensitivity labels. Divided into B1, B2, and B3.  A – Uses formal design and verification techniques to ensure security. 15:Security 28 Security Classifications
SECURITY 15:Security 29 Wrap Up

Recommended

Network security
Network securityNetwork security
Network securityHasham Nabeel
 
File security system
File security systemFile security system
File security systemÁŠHÍŸÂ ŹÂBÊÊÑ
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
OSCh19
OSCh19OSCh19
OSCh19Joe Christensen
 
Op Sy 03 Ch 61a
Op Sy 03 Ch 61aOp Sy 03 Ch 61a
Op Sy 03 Ch 61a Google
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Komal Mehfooz
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 

Recommended

Network security
Network securityNetwork security
Network securityHasham Nabeel
 
File security system
File security systemFile security system
File security systemÁŠHÍŸÂ ŹÂBÊÊÑ
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
OSCh19
OSCh19OSCh19
OSCh19Joe Christensen
 
Op Sy 03 Ch 61a
Op Sy 03 Ch 61aOp Sy 03 Ch 61a
Op Sy 03 Ch 61a Google
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Komal Mehfooz
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorialMSA Technosoft
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In DetailGreater Noida Institute Of Technology
 
Network Security
Network SecurityNetwork Security
Network SecurityRamasubbu .P
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEric Vanderburg
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Internet Security
Internet SecurityInternet Security
Internet SecurityJainamParikh3
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System AdminMD SAHABUDDIN
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question CollectionManish Luintel
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking PresentationAnimesh Behera
 
10.1.1.44.6790
10.1.1.44.679010.1.1.44.6790
10.1.1.44.6790Alok Tripathi
 
Linux Introduction
Linux IntroductionLinux Introduction
Linux IntroductionDuy Do Phan
 
File permissions
File permissionsFile permissions
File permissionsVarnnit Jain
 

More Related Content

What's hot

Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEric Vanderburg
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System AdminMD SAHABUDDIN
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question CollectionManish Luintel
 

What's hot (20)

Hacking
HackingHacking
Hacking
 
Network Security
Network SecurityNetwork Security
Network Security
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
System hacking
System hackingSystem hacking
System hacking
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Network Security
Network SecurityNetwork Security
Network Security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
10.1.1.44.6790
10.1.1.44.679010.1.1.44.6790
10.1.1.44.6790
 

Viewers also liked

Linux Introduction
Linux IntroductionLinux Introduction
Linux IntroductionDuy Do Phan
 
Linux fundamental - Chap 02 perm
Linux fundamental - Chap 02 permLinux fundamental - Chap 02 perm
Linux fundamental - Chap 02 permKenny (netman)
 
File permission in linux
File permission in linuxFile permission in linux
File permission in linuxPrakash Poudel
 
Linux-Permission
Linux-PermissionLinux-Permission
Linux-PermissionColin Su
 

Viewers also liked (7)

Linux Introduction
Linux IntroductionLinux Introduction
Linux Introduction
 
File permissions
File permissionsFile permissions
File permissions
 
Linux fundamental - Chap 02 perm
Linux fundamental - Chap 02 permLinux fundamental - Chap 02 perm
Linux fundamental - Chap 02 perm
 
File permission in linux
File permission in linuxFile permission in linux
File permission in linux
 
Linux-Permission
Linux-PermissionLinux-Permission
Linux-Permission
 
Filepermissions in linux
Filepermissions in linuxFilepermissions in linux
Filepermissions in linux
 
Basics of-linux
Basics of-linuxBasics of-linux
Basics of-linux
 

Similar to Security R U Totally Secure !

Ch19 OS
Ch19 OSCh19 OS
Ch19 OSC.U
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Chapter 09
Chapter 09Chapter 09
Chapter 09 Google
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61 Google
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)Wail Hassan
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With GflixacademyGaurav Mishra
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 

Similar to Security R U Totally Secure ! (20)

OS_Ch19
OS_Ch19OS_Ch19
OS_Ch19
 
Ch19 OS
Ch19 OSCh19 OS
Ch19 OS
 
Communication security
Communication securityCommunication security
Communication security
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Op Sy 03 Ch 61
Op Sy 03 Ch 61Op Sy 03 Ch 61
Op Sy 03 Ch 61
 
Module 5 (system hacking)
Module 5 (system hacking)Module 5 (system hacking)
Module 5 (system hacking)
 
Data security
Data securityData security
Data security
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
 
chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptx
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
Network security
Network securityNetwork security
Network security
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 

More from trendy updates

How Different Cisco Routing Protocal Work
How Different Cisco Routing Protocal WorkHow Different Cisco Routing Protocal Work
How Different Cisco Routing Protocal Worktrendy updates
 
How to solve bootmgr is missing problem in window
How to solve bootmgr is missing problem in window How to solve bootmgr is missing problem in window
How to solve bootmgr is missing problem in window trendy updates
 
How To Earn From Affiliate Marketing
How To Earn From Affiliate Marketing How To Earn From Affiliate Marketing
How To Earn From Affiliate Marketing trendy updates
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???trendy updates
 

More from trendy updates (8)

How Different Cisco Routing Protocal Work
How Different Cisco Routing Protocal WorkHow Different Cisco Routing Protocal Work
How Different Cisco Routing Protocal Work
 
How to solve bootmgr is missing problem in window
How to solve bootmgr is missing problem in window How to solve bootmgr is missing problem in window
How to solve bootmgr is missing problem in window
 
How To Earn From Affiliate Marketing
How To Earn From Affiliate Marketing How To Earn From Affiliate Marketing
How To Earn From Affiliate Marketing
 
Frame Relay
Frame RelayFrame Relay
Frame Relay
 
How Internet Work
How Internet WorkHow Internet Work
How Internet Work
 
Network Security R U Secure???
Network Security R U Secure???Network Security R U Secure???
Network Security R U Secure???
 
Catia5v
Catia5vCatia5v
Catia5v
 
The basis of internet
The basis of internetThe basis of internet
The basis of internet
 

Recently uploaded

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 

Recently uploaded (20)

Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 

Security R U Totally Secure !

  • 1. 1
  • 2. SECURITY In This Chapter:   The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing Security Defenses Firewalling to Protect Systems and Networks Computer-Security Classifications An Example: Windows XP 15:Security 2
  • 3. SECURITY SECURITY ISSUES:   External protection of a system. A classified site goes to extraordinary lengths to keep things physically tight. Among the issues to be considered: Unauthorized access Mechanism assuring only authorized individuals see classified materials. Malicious modification or destruction Accidental introduction of inconsistency. Authentication How do we know the user is who she says she is. Can have passwords on domains.   15:Security 3 Protection of passwords is difficult. Issues include: • It's very easy to guess passwords since people use simple and easily remembered words. • Need exists to change passwords continually. • Limiting number of tries before locking up.
  • 4. SECURITY 15:Security 4Security Issues Trojan Horse: A piece of code that misuses its environment. The program seems innocent enough, however when executed, unexpected behavior occurs. Trap Doors: Inserting a method of breaching security in a system. For instance, some secret set of inputs to a program might provide special privileges. Threat monitoring: Look for unusual activity. Once access is gained, how do you identify someone acting in an unusual fashion? Audit Log: Record time, user, and type of access on all objects. Trace problems back to source. Worms Use spawning mechanism; standalone programs. Internet Worm: In the Internet worm, Robert Morse exploited UNIX networking features (remote access) as well as bugs in finger and sendmail programs. Grappling hook program uploaded main worm program. Viruses Fragment of code embedded in a legitimate program. Mainly effects personal PC systems. These are often downloaded via e-mail or as active components in web pages. Firewall A mechanism that allows only certain traffic between trusted and un- trusted systems. Often applied to a way to keep unwanted internet traffic away from a system.
  • 5. SECURITY ATTACK METHODS:   Attacks on a distributed system include:    Passive wiretapping. ( unauthorized interception/reading of messages )  Active wiretapping:   Modification Changing a portion of the message.   Spurious messages Introducing bogus messages with valid addresses and consistency criteria.   Site impersonation Claiming to be some other logical node.   Replay of previous transmission - repeating previous valid messages. (for example, authorization of cash withdrawal.)   15:Security 5Typical Security Attacks
  • 7. SECURITY ATTACK METHODS:  Trojan Horse  Code segment that misuses its environment  Exploits mechanisms for allowing programs written by users to be executed by other users  Spyware, pop-up browser windows, covert channels  Trap Door  Specific user identifier or password that circumvents normal security procedures  Could be included in a compiler  Logic Bomb  Program that initiates a security incident under certain circumstances  Stack and Buffer Overflow  Exploits a bug in a program (overflow either the stack or memory buffers) 15:Security 7 Typical Security Attacks
  • 8. SECURITY Example of Buffer Overflow Waiting To Happen: #include <stdio.h> #define BUFFER SIZE 256 int main(int argc, char *argv[]) { char buffer[BUFFER SIZE]; int other_data; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; } } 15:Security 8 Typical Security Attacks
  • 9. SECURITY Viruses  Code fragment embedded in legitimate program  Very specific to CPU architecture, operating system, applications  Usually borne via email or as a macro Visual Basic Macro to reformat hard drive Sub AutoOpen() Dim oFS Set oFS = CreateObject(’’Scripting.FileSystemObject’’) vs = Shell(’’c:command.com /k format c:’’,vbHide) End Sub 15:Security 9 Typical Security Attacks
  • 10. SECURITY A Boot Sector Virus 15:Security 10 Typical Security Attacks
  • 11. SECURITY System And Network Threats  Worms – use spawn mechanism; standalone program  Internet worm  Exploited UNIX networking features (remote access) and bugs in finger and sendmail programs. (See next slide)  Grappling hook program uploaded main worm program  Port scanning  Automated attempt to connect to a range of ports on one or a range of IP addresses  Denial of Service  Overload the targeted computer preventing it from doing any useful work  Distributed denial-of-service (DDOS) come from multiple sites at once 15:Security 11 Typical Security Attacks
  • 12. SECURITY Stuxnet 15:Security 12 Stuxnet is a computer worm discovered in June 2010. It initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. Different variants of Stuxnet targeted five Iranian organizations, with the probable target widely suspected to be the uranium enrichment infrastructure in Iran. It is initially spread using infected removable drives such as USB flash drives, and then uses other exploits and techniques to infect and update other computers inside private networks that are not directly connected to the Internet. The malware has both user-mode and kernel-mode rootkit capability under Windows, and its device drivers have been digitally signed with the private keys of two certificates that were stolen from two separate companies. The driver signing helped it install kernel mode rootkit drivers successfully and therefore remain undetected for a relatively long period of time. Once installed on Windows Stuxnet infects files belonging to Siemens' control software[3 and subverts a communication library. Doing so intercepts communications between software running under Windows and the target Siemens devices. The malware can install itself on PLC devices unnoticed. Stuxnet malware periodically modifies a control frequency to and thus affects the operation of the connected centrifuge motors by changing their rotational speed. Siemens Simatic S7-300 PLC CPU with three I/O modules attached
  • 13. SECURITY Password stealing – Easiest way is through social means fake deposit slips easily guessable passwords calling people on the phone and asking for passwords (or Credit Card numbers, for that matter) – Technological approaches also simple one: leave program running on a terminal that fakes the login sequence. Capture user name and password to a file and then exit with a fake error message, returning control to the real login process – Unix password files used to be openly available (encrypted password). Lends itself to brute-force cracking. Unfortunately some programs require access to the password file to run (e.g., mail)  also unfortunately Unix only uses first eight characters of password 15:Security 13 Authentication SecurID – uses a preprogrammed string of characters
  • 14. SECURITY Password stealing – Easiest way is through social means fake deposit slips easily guessable passwords calling people on the phone and asking for passwords (or Credit Card numbers, for that matter) – Technological approaches also simple one: leave program running on a terminal that fakes the login sequence. Capture user name and password to a file and then exit with a fake error message, returning control to the real login process – Unix password files used to be openly available (encrypted password). Lends itself to brute-force cracking. Unfortunately some programs require access to the password file to run (e.g., mail)  also unfortunately Unix only uses first eight characters of password 15:Security 14 Authentication SecurID – uses a preprogrammed string of characters
  • 15. SECURITY 15:Security 15 NSA Exploitation Edward Snowden made public documents that reveal Government agencies: •consider it essential to be able to view encrypted data •have adopted a battery of methods in their assault on this biggest threats Those methods include •control over setting of international encryption standards, •the use of supercomputers to break encryption with "brute force", •Collaboration with technology companies and internet service providers themselves •“Man in the middle” attacks on the communication channels themselves.
  • 16. SECURITY DEFINITIONS:   Encryption: C = E( M, Ke ) E = Encyphering Algorithm M = Message - plain text Ke = Encryption key C = Cyphered text  Decryption: M = D( C, Kd )   D = Decyphering Algorithm Kd = Decryption key 15:Security 16 Cryptography
  • 17. SECURITY DEFINITIONS:   Cryptosystems are either Conventional or Public Key  Conventional is symmetric; Ke = Kd , so the key must be kept secret. Algorithms are simple to describe, but complex in the number of operations.  Public key is asymmetric; Ke != Kd , so Ke can be made public. Kd is secret and can't easily be derived from Ke .   Security against attack is either:  Unconditionally secure - Ke can't be determined regardless of available computational power.  Computationally secure: - calculation of Kd is economically unfeasible ( it would overwhelm all available computing facilities.)   The only known unconditionally secure system in common use!  Involves a random key that has the same length as the plain text to be encrypted.  The key is used once and then discarded. The key is exclusively OR'd with the message to produce the cypher.  Given the key and the cypher, the receiver uses the same method to reproduce the message. 15:Security 17 Cryptography
  • 18. SECURITY DATA ENCRYPTION STANDARD ( DES ):    The official National Institute of Standards and Technology (NIST), (formerly the National Bureau of Standards) encryption for use by Federal agencies.  The source of security is the non-linear many-to-one function applied to a block of data. This function uses transposition and substitution. The algorithm is public, but the key (56 bits) is secret.  Computational power today can crack a 56 bit code.  In common use today is Triple DES in which 3 different keys are used, making the effective key length 168 bits. 15:Security 18Data Encryption Standard
  • 19. SECURITY The general principle is this: 1. Any RECEIVER A uses an algorithm to calculate an encryption key KEa and a decryption key KDa. 2. Then the receiver PUBLICIZES KEa to anyone who cares to hear. But the receiver keeps secret the decryption key KDa. 3. User B sends a message to A by first encrypting that message using the publicized key for that receiver A, KEa. 4. Since only A knows how to decrypt the message, it's secure.  15:Security 19Public Key Cryptosystems Public Key Repository KEa KEb KEc
  • 20. SECURITY To be effective, a system must satisfy the following rules:   a) Given plaintext and ciphertext, the problem of determining the keys is computationally complex. b) It is easy to generate matched pairs of keys Ke, Kd that satisfy the property D( E( M, Ke ), Kd ) = M.   This implies some sort of trapdoor, such that Ke and Kd can be calculated from first principles, but one can't be derived from the other.   c) The encryption and decryption functions E and D are efficient and easy to use. d) Given Ke , the problem of determining Kd is computationally complex. What is computationally difficult? Problems that can't easily be calculated in a finite time. Examples include: factoring the product of two very large prime numbers; the knapsack problem. These problems are NP complete - solution times are exponential in the size of the sample. 15:Security 20Public Key Cryptosystems
  • 21. SECURITY To be effective, a system must satisfy the following rules:   e) For almost all messages it must be computationally unfeasible to find ciphertext key pairs that will produce the message. (In other words, an attacker is forced to discover the true (M,Ke) pair that was used to create the ciphertext C.)   f) Decryption is the inverse of encryption.   E( D( M, Kd ), Ke ) = D( E( M, Ke ), Kd ) 15:Security 21Public Key Cryptosystems
  • 22. SECURITY AN EXAMPLE:   1. Two large prime numbers p and q are selected using some efficient test for primality. These numbers are secret: 2. The product n = p * q is computed. 3. The number Kd > max( p, q ) is picked at random from the set of integers that are relatively prime to and less than L(n) = ( p - 1 ) ( q - 1). 4. The integer Ke , 0 < Ke < L(n) is computed from L(n) and Kd such that Ke * Kd = 1 (mod L(n)). 15:Security 22Public Key Cryptosystems Let p = 3, q = 11 n = 3 * 11 = 33. L(n) = ( p - 1 ) ( q - 1 ) = 20. Choose Kd > 11 and prime to 20. Choose Kd = 13. 0 < Ke < 20 Ke = 17. (since 17 * 13 = 221 = 1 ( mod 20 ) )
  • 23. SECURITY AN EXAMPLE:   Separate the text to be encoded into chunks with values 0 - ( n - 1 ). 15:Security 23Public Key Cryptosystems In our example, we'll use < space = 0, A = 1, B = 2, C = 3, D = 4, E = 5 >. Then " B A D <sp> B E E " --> "21 04 00 25 05" 21 ^ 17 ( mod 33 ) = 21. 21 ^ 13 ( mod 33 ) = 21. 04 ^ 17 ( mod 33 ) = 16. 16 ^ 13 ( mod 33 ) = 04. 00 ^ 17 ( mod 33 ) = 00. 00 ^ 13 ( mod 33 ) = 00. 25 ^ 17 ( mod 33 ) = 31. 31 ^ 13 ( mod 33 ) = 25. 05 ^ 17 ( mod 33 ) = 14. 14 ^ 13 ( mod 33 ) = 05. This whole operation works because, though n and Ke are known, p and q are not public. Thus Kd is hard to guess. [Note: recently a 100 digit number was successfully factored into two prime numbers.]
  • 24. SECURITY AUTHENTICATION AND DIGITAL SIGNATURES:   Sender Authentication: In a public key system, how does the receiver know who sent a message (since the receiver's encryption key is public)?   Suppose A sends message M to B:   a) A DECRYPTS M using A's Kd(A ) . b) A attaches its identification to the message. c) A ENCRYPTS the entire message using B's encryption, Ke(B) C = E ( ( A, D( M, Kd(A) ) ), Ke(B) ) d) B decrypts using its private key Kd(A) to produce the pair A, D( M, Kd(A) ). e) Since the proclaimed sender is A, B knows to use the public encryption key Ke(A).   Capture/Replay In this case, a third party could capture / replay a message. The solution is to use a rapidly changing value such as time or a sequence number as part of the message. 15:Security 24 Public Key Cryptosystems
  • 25. SECURITY Man-in-the-middle Attack on Asymmetric Cryptography   15:Security 25 Public Key Cryptosystems Sender Receiver Here are the attack steps for this scenario: 1.Sender wishes to send a message to Receiver. 2.S asks R for its encryption key. 3.When R returns key, that key is intercepted by the attacker who substitutes her key. 4.Sender encrypts message using this bogus key and returns it. 5.Since the attacker is the owner of this bogus key, the attacker can read the message.
  • 26. SECURITY Insertion of cryptography at one layer of the ISO network model (the transport layer) SSL – Secure Socket Layer (also called TLS) Cryptographic protocol that limits two computers to only exchange messages with each other  Very complicated, with many variations Used between web servers and browsers for secure communication (credit card numbers) The server is verified with a certificate assuring client is talking to correct server Asymmetric cryptography used to establish a secure session key (symmetric encryption) for bulk of communication during session Communication between each computer uses symmetric key cryptography 15:Security 26 Example - SSL
  • 27. SECURITY Security is based on user accounts  Each user has unique security ID  Login to ID creates security access token Includes security ID for user, for user’s groups, and special privileges Every process gets copy of token System checks token to determine if access allowed or denied Uses a subject model to ensure access security. A subject tracks and manages permissions for each program that a user runs Each object in Windows XP has a security attribute defined by a security descriptor  For example, a file has a security descriptor that indicates the access permissions for all users 15:Security 27 Example – Windows 7
  • 28. SECURITY U.S. Department of Defense outlines four divisions of computer security: A, B, C, and D.  D – Minimal security.  C – Provides discretionary protection through auditing. Divided into C1 and C2. C1 identifies cooperating users with the same level of protection. C2 allows user-level access control.  B – All the properties of C, however each object may have unique sensitivity labels. Divided into B1, B2, and B3.  A – Uses formal design and verification techniques to ensure security. 15:Security 28 Security Classifications