Академический Документы
Профессиональный Документы
Культура Документы
arsal.latif@iiu.edu.pk
Course Outline
Contents
Examine security risks Consider available counter measures Stimulate thought about uncovered risks Possibly identify areas of more work
Teaching Methodology
Facilitator
Activity
Ice breaking What do you understand by system ? What do you understand by computing system ? What do you understand by the term security ?
Activity
What are the basic assets of computing system ? How is computer security different from bank security ? Define the following in terms of computer security: exposure, vulnerability, threat, control Define 4 threats in computer security:
Computing System
Hardware, software, storage media, data, communication media, people 4 basic assets:
Hardware, software, data, people
Exposure: possible loss or harm e.g unauthorized access, modification Vulnerability: weakness in security system Threat: circumstances having potential to cause loss or harm e.g human attacks, natural disasters Control: protective measure (action, device, procedure) to reduce vulnerability
Interruption
An asset becomes lost, unavailable, unusable
2.
Interception
Unauthorized access by person/program
3.
Modification
Unauthorized access + tamper/change
4.
Fabrication
Unauthorized access + add new
Security Goals
1.
Confidentiality
Only authorized access
2.
Integrity
Only authorized access + modification
3.
Availability
Non-prevention of authorized access
Group Activity
Software Threats
Trojan horse: appears to do certain task Virus: similar to TH, spreads rapidly Trap door: secret entry point Logic bomb: inbuilt program Salami attack: little ++
Computer criminals
Security Attacks
Security Mechanisms
Encryption Digital signature Access control
Assignment
Security Services
Ensure security of data/systems/data transfer Make use of security mechanisms Divided into 5 categories
Five categories:
Authentication: service authenticates sender/receiver;
ensure no interference
Assignment contd.
Explain terms:
Cryptography Cryptanalysis Cipher text Encryption algorithm Secret key Brute force attack
decrypt: restore plaintext from ciphertext encipher/decipher encode/decode cryptography: study of various schemes
for encryption
Cryptography
3 independent dimensions Transforming plaintext to ciphertext
Substitution: each element mapped into another Transposition: elements are rearranged
Number of keys
Symmetric/single-key/secret-key/conventional encryption Asymmetric/two-key/public-key encryption
Processing of plaintext
Stream cipher: individual input elements continuously Block cipher: block of elements
Plaintext: a b c d e f g Ciphertext: D E F G H I J Activity: our security is fool proof and up to date k=7
Activity
P
No. R No. 76 48 16 82 44 03 58 11 60 05 48 88
Sum
Mod 26 C T A H R S P I T X M A B
Transposition (permutation)
Re-arrangement of letters E.g. columnar transposition
c1 c2 c3 c4 c5 c6 c7 c8 c1 c5 c2 c6 c3 c7 c4 c8
Cryptanalyst
Cryptanalysis
Some knowledge of plaintext Samples of plaintext-ciphertext pairs Exploit characteristics of encryption algorithm
Brute-force attack
Encryption algorithm is known Try all possible keys to obtain intelligible plaintext
Cryptanalytic Attacks
Known Plaintext
Plaintext ; ciphertext Compute encryption/decryption algorithm + key
Chosen Plaintext
Uses plaintext to generate ciphertext Compute encryption/decryption algorithm + key
Assumption : LANGUAGE SHOULD BE KNOWN
Security of Encryption
Cost of breaking cipher exceeds value of information 2. Time required to break cipher exceeds lifetime of information
1.
Stream Cipher
one symbol of plaintext one symbol of ciphertext e.g. vernam cipher (diagram) Advantages:
Disadvantages:
Attempt to break by analyzing individual symbols Susceptibility to insertions and modifications
Block Cipher
Group of plaintext as one block e.g. columnar transposition (diagram) Advantages:
Difficult to analyze (one cipher block depends on several plaintext letters/symbols) Immunity to insertions (difficult to insert symbols into blocks block size changes)
Disadvantages:
Slow encryption High error (effects entire block)
Relationship b/w P+K & C should be complex Cryptanalyst should not be able to predict what changing one character of P will do to C Substitution e.g. vernam cipher
Diffusion
Relationship b/w P & C should be complex Changes in plaintext should effect many parts of ciphertext & vice versa Transposition (permutation) Cryptanalyst needs large amount of ciphertext to be able to predict
Feistel Cipher
Proposed by Feistel Based on SPN (subsititutionpermutation network) proposed by Claude Shannon Block cipher using product cipher (2 or more ciphers)
Activity
P = 101100001011010111 F = vernam cipher k (round i) = 000110111 k (round ii) = 100101110 k (round iii)= 001101010
DES Structure
Initial Permutation Divide into (32 bits each) Expansion permutation (output 48 bits) k = 64 bits (drop every 8th bit); 56 bits Divide into (left shift) Permuted choice 2 (k) = 48 bits Xor right half and k
S-box (8 boxes 6 bits each) Output 4 bits = 32 bits e.g. 011001, the row is 01 (row 1) and the column is 1100 (column 12). The value in row 1, column 12 is 12, so the output is 1100. Permutation End of round function F Xor left half and output from F Permutation (interchange left and right) End of 16 round. inverse initial permutation
Assignment
3DES
3DES with 3 keys 3Des with 2 keys
EDE function
C = E (K1, D (K2, E (K1,P))) Adv 56 x 3 key length (overcomes brute-force ; algorithm has been scrutinized) Disadv slow for software ; 64-bit block
Symmetric + block product cipher Not feistel structure Block=128 ;key=128/192/256 ;round=10/12/14
AES contd.
128-bit block = 16 bytes Square matrix 4 x 4 (State array) Key 128-bit = 16 bytes Expanded key 44 words (1 word = 4 bytes) 4 words = 128-bit key for each round
AES contd.
ShiftRows
matrix 4 x 4 (1 row no shift; 2 row 1 byte shift)
MixColumns
Each column operated individually ; each byte replaced
AddRoundKey (XOR 4words with state array) Round 10 no MixColumns Read Appendix 5B (page 165)
Public-key Cryptography
Conditions for public-key proposed by Diffie & Hellman Should be computationally:
Easy to generate pair Easy to generate C using public key/private key Easy to generate P using private key/public key Difficult to produce private key using public key Difficult to produce P using public key + C
Components of PKC
Plaintext Encryption algorithm Public and private keys Ciphertext Decryption algorithm
Steps in PKC
Each user generates a pair of keys one for encryption and one for decryption Place one key in public register/folder i.e. public key The other pair remains private All user public keys are accessible from the public register/folder Encrypt message with PU, decrypt with PR C = E (Pub,P) ; P = D (PRb,C) C = E (Pra,P) ; P = D (PUa,C)
RSA algorithm
Rivest, Shamir, Adleman in MIT (1977) Most widely use PKE Block cipher PU = {e,n} PR = {d,n} C = Pe mod n P = Cd mod n
Ingredients of RSA
p, q (2 prime numbers, private) n = p.q (public, calculated) e (chosen, public) d = (1 mod (p-1)(q-1)) / e (calculated, private)
Hash Function
h = H(P) h = hash value (fixed length) P = variable length message Properties :
Applied to variable size block of data Produces fixed length output Easy to compute h for harware/software implementation
SHA 1 (digest = 160 bits; message < 264; block size = 512 bits ; rounds = 80)
Digital Signature
Authentication provides verification of sender and receiver + protects data from any 3rd party Trust is required in communicating b/w 2 parties Scenario 1 : EFT takes place and receiver increases amount Scenario 2 : e-mail instructs stock broker for transaction & disowns message Digital signature a step beyond mere authentication
Properties :
Must verify author, date, time Must authenticate contents at time of signature Must be verifiable by 3rd party
Requirements :
Must use some information unique to sender Must be easy to generate Computationally infeasible to forge Must be practical to retain a copy in storage
2 parties (sender / receiver) Signature = encrypt message with sender private key OR apply hash algorithm to message + encrypt using private key Confidentiality = encrypt message + signature with receiver public key, or secret key In case of dispute, 3rd party must view message e.g. sender claims key was stolen control = include timestamp, report lost key
Every signed message goes to arbiter (A) A tests message for origin + content A dates message + forwards Sender cant disown message, trusted arbitration mechanism Scenario 1 : X & Y use symmetric encryp. Scenario 2 : X & Y use double symmet. Scenario 3 : X double encrypts with PR & PU then PU again for A A forwards with PR + time stamp Assignment DSS & DSA
E-mail security
2 broad approaches PGP S/MIME (multipurpose internet mail
extension)
Free available software Based on algorithm such as RSA, 3DES, SHA 1 Not developed or controlled by any govt. organization
Confidentiality
Message + session key (3DES) Session key -> RSA with PU
Compression
ZIP algortihm
E-mail compatibility
Radix-64 conversion binary stream to stream of printable ASCII
Segmentation
Message broken into smaller chunks
Role of People in IS
Chain is only as strong as its weakest link Systems, application, products, etc are developed for people Goal of marketing plan ? Get employees committed to + be aware of their roles and security program Trained and diligent employees become strongest link in security infrastructure Machine enforces rule it doesnt understand people react, adapt, absorb, respond to changing conditions
Review organization chart Right person in right position might be able to overcome weaknesses of a poor structure Security department buried within one branch of an organization Contents IS program risk assessment, policy, roles, disaster recovery plan Is the IS program crisis management ??
Big debate security placement ?? Physical / technical security can be outsourced ?? CSO / CRO member of senior management ISS director / S director law enforcement agency + certification Training & awareness of employees e.g. email ; false alarms Job rotation
Security Certifications
CISSP certified information systems security professional (ISC)2 international information systems security certification consortium SSCP systems security certified practitioner SANS Institute systems administration, networking, and security Institute GIAC global information assurance certification CISA certified information systems auditor CSSLP certified secure software lifecycle professional
Security Assessment
Security program a business process or a technology ?!? Best security technology will not yield a secure environment without sound security processes
Client references Sample deliverables Qualifications of consulting team Methodology & tools
Meeting standards :
ISO 17799 information security best practices
Access control Asset classification & control Personnel security Physical & environmental security
Inherent risks
Exist in business without considering any controls E.g. regulatory concerns E.g. cotton mills Executives are a good source for information on risks
Business Strategy
long-term, short-term strategy determines what is important to a company How will IT support the long-term & short-term strategies E.g. consolidated business units ; integration issues in security assessment E.g. remote access from homes, hotels, etc.
Security assessment of infrastructure How will users access network (dial in, VPN) What resources to access e.g. email, shared files How much bandwidth required Tolerable downtime of remote access
Organizational Structure
Placement of security Having a CSO/CRO indicates a high level awareness of security issues Clearly defined roles of security personnel process owner ! E.g. process of employee termination
Payroll is stopped All user access is eliminated All assets returned (computer, ID badge) Common IDs & passwords are changed Each step requires inter-dept coordination Process owner ensures smooth termination
Business processes
E.g. supply-chain management in B2B relationship Business partners might have access to manufacturing & inventory information Security controls
Technology environment
The technology supporting business processes E.g. industry specific applications, LAN, WAN, NOS, firewalls, IDS, AV Final step gap analysis
Reflects the security position of company at a given time Findings, security exposures/risks, controls in place, recommendations
Todays Topics
Threats in networks Firewall Disaster recovery
Threats in Networks
Wire tapping
Packet sniffer (reprogrammable board for addresses) Inductance Multiplexing Microwave Optical fiber
Impersonation
WAN & LAN e.g. using empty workstation
Executable code
Viruses, trojan horse etc. downloaded
Denial of service
Connectivity (multiple paths, critical path, node) Flooding (degrade service to users) Routing problems (routing table modification, e.g. Arpanet) Disruption of service (tamper flow of messages)
Firewall
Qualities :
Always invoked Tamper-proof Small and simple
Firewall is a process that filters all traffic between a protected or inside network and a less trustworthy or outside network That which is not expressly forbidden is permitted That which is not expressly permitted is forbidden
Firewall contd .
3 broad categories : Screening routers
Guards
Virus scan for uploading/downloading files Digital resources with fee
Disaster Recovery
Preventing things that can be prevented Recovering from things that cannot be prevented Physical security
Guards, locks, fences, shock resistant structures, etc
Flood
Starts from ground-level Data should be marked with colors
Falling water
Plastic bags for machines Water proof storage for media
Fire
Dangerous than water plan for shut-down Sprinkler systems ?? Carbon dioxide or other gases to smother fire
Heat Back up
Complete / selective Off-site back up Cold site Hot site
Human theft
Prevent access (guards, passwords, cards, finger print, RF tags, etc) Prevent portability
Monitor exit
Media disposal
Shredders Over-writing data
degaussers
Ethics
An objectively defined standard for right or wrong Ethics is not universal may vary from society to society or from person to person within society Some ethics are universal e.g. murder, theft, etc. Ethical behavior can also be defined by religion Ethics and law are not same , e.g.
Law is described by formal documents, whereas ethics are unwritten principles / customs / moral attitudes Law is interpreted by courts, whereas ethics are interpreted by each individual Law is enforced by a governing authority, and are largely drawn from ethics of a particular society
National Information Infrastructure Protection Act (NIIPA 1996) - significant revision of U.S. computer crime law. Provides federal criminal liability for theft of trade secrets and for anyone who intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage. USA PATRIOT Act (2001) - increases the ability of law enforcement agencies to search telephone, e-mail communications, medical, financial, and other records. Eases restrictions on foreign intelligence gathering within the United States Computer Fraud and Abuse Act (1986, 1994, 1996, 2001) Fraud and related activity in connection with computers 47 (Whoever, having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information)
Law contd
U.S. Copyright Law http://www.copyright.gov/title17/ U.S. Intellectual Property Law http://managementhelp.org/legal/ntlcl_pr/ntlcl_p r.htm Federal communications commission Telecommunications Act of 1996 ; http://www.fcc.gov/telecom.html
Distributed to all Available as reference Easily understood , with translations Signed acknowledgement of employee
Thou shalt not use a computer to harm other people. Thou shalt not interfere with other people's computer work. Thou shalt not snoop around in other people's files. Thou shalt not use a computer to steal. Thou shalt not use a computer to bear false witness. Thou shalt not use or copy software for which you have not paid. Thou shalt not use other people's computer resources without authorization. Thou shalt not appropriate other people's intellectual output. Thou shalt think about the social consequences of the program you write. Thou shalt use a computer in ways that show consideration and respect.
2.
3. 4. 5. 6.
7.
Act honestly, justly, responsibly, and legally, and protecting the commonwealth. Work diligently and provide competent services and advance the security profession. Encourage the growth of research teach, mentor, and value the certification. Discourage unsafe practices, and preserve and strengthen the integrity of public infrastructures. Observe and abide by all contracts, expressed or implied, and give prudent advice. Avoid any conflict of interest, respect the trust that others put in you, and take on only those jobs you are qualified to perform. Stay current on skills, and do not become involved with activities that could injure the reputation of other security professionals.