Current Scenario in Cyber

Security
Mrs Swati Joglekar
Associate Professor
Department of Computer
Science
Fergusson College, Pune
sw.joglekar@gmail.com

Famous quote of the day

Every program has at least two
purposes: the one for which it was
written, and another for which it
wasn't.
-Alan J. Perlis

Web Sites
No applications
Static pages
Hard coded links
Browser

Web Server

Why Web Application

Vulnerabilities
Occur
The Web Application
Security
Professionals
Dont Know The
Applications
As a Network Security
Professional, I dont
know how my
companies web
applications are
supposed to work so I
deploy a protective
solutionbut dont
know if its protecting
what its supposed to.

Security Gap

Application
Developers and
QA Professionals
Dont Know
Security
As an Application
Developer, I can
build great features
and functions while
meeting deadlines,
but I dont know
how to develop my
web application
with security as a
feature.

How to Secure Web

Applications
Incorporate security into the lifecycle
Apply information security principles to
all software development efforts

Educate
Issue awareness, Training, etc

Mobile Security Overview

Mobile is everywhere:

1
2
3
4
5

5 Trends with significant implications for the

enterprise
Mobile is primary
91% of mobile users keep their device within arms reach
100% of the time

Source: China Mobile 50k survey; Morgan Stanley Research; 2011

Insights from mobile data provide new opportunities

75% of mobile shoppers take action after receiving a location
based messages

Source: JiWire Mobile Audience Insights Report Q42011

Mobile is about transacting

96% year to year increase in mobile cyber Monday sales
between 2012 and 2011
Source: IBM Coremetrics Retail Data as published in 11/24/12 IBM Press Release
Mobile must create a continuous brand
experience
90% of users use multiple screens as channels come together to
create integrated experiences
Source: Time, Inc. 2012

Mobile enables the Internet of Things

Global Machine-to-machine connections will increase from 2
billion in 2011 to 18 billion at the end of 2022
Source: GSMA, Machina Research

Uniqueness of Mobile
Mobile
devices
are shared
more
often

Personal phones
and tablets
shared with family
Enterprise tablet
shared with coworkers
Social norms of
mobile apps vs.
file systems

Mobile
devices
have
multiple
personas

Work tool
Entertainment
device
Personal
organization
Security profile
per persona?

Mobile
devices
.are
diverse
OS immaturity for
enterprise mgmt
BYOD dictates
multiple OSs
Vendor / carrier
control dictates
multiple OS
versions

Mobile
devices
are used
in more
locations

A single location
could offer public,
private, and cell
connections
Anywhere,
anytime
Increasing
reliance on
enterprise WiFi

Mobile
devices
prioritize
the user
Conflicts with user
experience not
tolerated
OS architecture
puts the user in
control
Difficult to enforce
policy, app lists

Why would anyone want to limit the iPhone?

Mobile Presents Management and Security Challenges

1 in 20 Mobile devices
stolen in 2010

70% of Mobile device

spam is fraudulent
financial services

350% by which WiFi

hotspots are set to increase by
2015, providing more
opportunities
for man-in-the middle attacks

155% by which mobile

malware increased 2011

77% growth in
Google Android
malware from Jun
2010 to Jan 2011

10 Billion Android app

downloads reached by
the end of 2011 over 90%
of the top 100 have been
hacked
Source: Evans Data Mobile Developer Survey Mobile Development Report 2012 Volume
Source: Business Insider (September 2012)

Security is the leading barrier

to mobile adoption
Drivers for Adopting Mobile

Base: Those who deployed/piloted/plan to

adopt mobile, excluding dont know (n=1117)

11

October 2012

Barriers to Adopting Mobile

Base: Those who deployed/piloted/plan to adopt

mobile, excluding dont know (n=1115)

2012 Tech Trends Report (Weighted by GMV IBM Proprietary) | IBM Market Insights | IBM Confidential

Mobile Security Challenges Faced By

Enterprises

Designing &
Instituting an
Adaptive Security

Personal vs corporate
Data leakage into and out of the enterprise
Partial wipe vs. device wipe vs legally defensible wipe
Data policies

Multiple device platforms and variants

Multiple providers
Managed devices (B2E)
Unmanaged devices (B2B,B2E, B2C)
Endpoint policies
Threat protection

Identity of user and devices

Authentication, Authorization and Federation
User policies
Secure Connectivity

Application life-cycle
Static & Dynamic analysis
Call and data flow analysis
Application policies

Policy Management: Location, Geo, Roles, Response, Time policies

Security Intelligence
Reporting

Interrelated

Achieving Data
Separation &
Providing Data
Protection
Adapting to the
BYOD/
Consumerization of
IT Trend
Providing secure
access to
enterprise
applications & data
Developing Secure
Applications

Visualizing Mobile Security

WiFi

Internet
Secure
endpoi
nt
device
and
data

Mobile
apps Develop,
test and
deliver
We
safe
b
applicatio
site
ns
s

Telecom
Provider

Achieve Visibility
and Enable
Adaptive Security
Posture

Securit Corporat
e
y
Gatewa Intranet
&
y
Secure
access
to
Systems
enterprise applications
and data

Addressing Security Imperatives and Challenges?

Device Management
and Security

Network and Data

Management and Security

Application Management
and Security

How do I handle BYOD and

ensure compliance for new
devices?
Multiple device platforms and

How do I protect the

corporation from data leakage
intrusions?
and
Identity
management and

How do I secure, control and

service applications?

variants
Managed devices (B2E)
Data separation and protection
Threat protection

mobile entitlements
Policy management and
enforcement
Secure connectivity
Security intelligence and
reporting

Application lifecycle and

performance
Vulnerability and penetration
testing
Policy management: location,
geo, roles, response, time
policies

Thinking Through Mobile Management and Security

IBM Mobile
Management and
Security Strategy

At the Device

Management and safe use of smartphones and tablets in the

enterprise
Secure access to corporate data and supporting privacy
Visibility and security of enterprise mobile platform

On the Network

For the Mobile

App

Enroll

Authenticate

Develop

Register owner and services

Properly identify mobile users

Utilize secure coding practices

Configure

Encrypt

Test

Set appropriate security policies

Secure network connectivity

Identify application vulnerabilities

Monitor and Manage

Monitor and Manage

Monitor and Manage

Ensure device compliance and

mange Telecom expenses

Log network access and events

manage network performance

Correlate unauthorized activity

and Manage app performance

Reconfigure

Control

Protect

Add new policies over-the-air

Allow or deny access to apps

Defend against application attacks

De-provision

Block

Update

Remove services and wipe

Identify and stop mobile threats

Patch old or vulnerable apps

Intern
et

Corpora
te
Intranet

Getting Started with Mobile Security Solutions

What are your operational priorities?

Business Need:

Business Need:

Business Need:

Protect Data & Applications on the

Device

Protect Enterprise Systems &

Deliver Secure Access

Build, Test and Run Secure

Mobile Apps

Prevent Loss or Leakage of

Enterprise Data
Wipe
Local Data
Encryption
Protect Access to the Device
Device lock
Mitigate exposure to
vulnerabilities
Anti-malware
Push updates
Detect jailbreak
Detect noncompliance
Protect Access to Apps
App disable
User authentication
Enforce Corporate Policies

Provide secure access to

enterprise systems
VPN
Prevent unauthorized access
to enterprise systems
Identity
Certificate
management
Authentication
Authorization
Audit
Protect users from Internet
borne threats
Threat protection
Enforce Corporate Policies
Anomaly Detection
Security challenges
for access to
sensitive data

Enforce Corporate
Development Best Practices
Development tools
enforcing security
policies
Testing mobile apps for
exposure to threats
Penetration Testing
Vulnerability Testing
Provide Offline Access
Encrypted Local
Storage of
Credentials
Deliver mobile apps securely
Enterprise App Store
Prevent usage of
compromised apps
Detect and disable
compromised apps

Android Security Basics

Android Security Architecture

Security goals
Protect user data
Protect system resources (hardware, software)
Provide application isolation
Foundations of Android Security
Application Isolation and Permission Requirement
Mandatory application sandbox for all
applications
Secure inter-process communication
System-built and user-defined permissions
Application signing

Android software stack

Each component assumes that the components
below are properly secured.
All code above the Linux Kernel is restricted by
the Application Sandbox
Linux kernel is responsible sandboxing
application
mutually distrusting principals
Default access to only its own data

The app Sandboxapps can talk to other apps

only via Intents (message) , IPC, and
ContentProviders
To escape sandbox, permissions is needed

Security at the Linux kernel

A user-based permissions model
Process isolation: Each application has its
sandbox based on separation of processes: to
protect user resources from each another; each
runs in its own Linux process to secure InterProcess communication (IPC)
Ex:
Prevents user A from reading user B's files
Ensures that user A does not access user B's CPU,
memory resources
Ensures that user A does not access user B's
devices (e.g. telephony, GPS, Bluetooth)

Application Sandbox
The Android system assigns a unique user ID (UID)
to each Android application and runs it as that user
in a separate process.
When launching a new Activity, the new process
isnt going to run as the launcher but with its own
identity with the permission specified by the
developer.
The developer of that application has ensured that
it will not do anything the phones user didnt
intend. Any program can ask Activity Manager to
launch almost any other application, which runs
with that applications UID.
Ex. application A is not allowed to do something
malicious like to read application B's data or dial the
phone without permission.
All libraries, application runtime, and all applications
run within the Application Sandbox in the kernel.

Permissions and Encryption

Permissions
In Android, each application runs as its own
user. Unless the developer explicitly exposes
files to other applications, files created by
one application cannot be read or altered by
another application.
Password Protection
Android can require a user-supplied
password prior to providing access to a
device. In addition to preventing
unauthorized use of the device, this
password protects the cryptographic key for
full file system encryption.

Encryption
Encryption
Android 3.0+ provides full filesystem
encryption, so all user data can be
encrypted in the kernel
For a lost or stolen device, full filesystem
encryption on Android devices uses the
device password to protect the encryption
key, so modifying the bootloader or
operating system is not sufficient to access
user data without the users device
password.

Cornerstones of Android security

Prevention
Minimization
Detection
Reaction

Prevent

5 million new lines of code

Uses almost 100 open source libraries
Android is open source can't rely on obscurity
Teamed up with security experts from
o Google Security Team
o iSEC Partners
o n.runs
Concentrated on high risk areas
o Remote attacks
o Media codecs
o New/custom security features
Low-effort/high-benefit features
o ProPolice stack overflow protection
o Heap protection in dlmalloc

Permissions
Whitelist model
1.Allow minimal access by
default
2.Allow for user accepted
access to resources
Ask users less questions
Make questions more
understandable
194 permissions
o More granularity
o Less understandability

More Privilege Separation

Media codecs are very complex very insecure
Won't find all the issues media libraries
Banish OpenCore media library to a lesser privileged
process
o mediaserver
Immediately paid off
o Charlie Miller reported a vulnerability in our MP3 parsing
o oCERT-2009-002

Detect
A lesser-impact security issue is still a security
issue
Internal detection processes
o Developer education
o Code audits
o Fuzzing
o Honeypot
Everyone wants security allow everyone to
detect issues
o Users
o Developers
o Security Researchers

External Reports

Patrick McDaniel, William Enck, Machigar Ongtang

o

Applied formal methods to access SMS and Dialer

Charlie Miller, John Hering

o

Outdated WebKit library with PCRE issue

XDA Developers
o

Safe mode lock screen bypass

Charlie Miller, Collin Mulliner

o

MP3, SMS fuzzing results

Panasonic, Chris Palmer

o

Permission regression bugs

If you find a security issue, please email security@android.com

User Reporting

A User Report
MemoryUp: mobile RAM optimizer
o faster, more stable, more responsive, less waiting time
o not quite

React
Autoupdaters are the best security tool since Diffie-Hellman
Every modern operating system should be responsible for:
o Automatically updating itself
o Providing a central update system for third-party
applications
Android's Over-The-Air update system (OTA)
o User interaction is optional
o No additional computer or cable is required
o Very high update rate

Shared UID Regression

Shared UID feature
o Malware does not hurt computers, malware authors do
o Two applications are signed can share UIDs
o More interactivity
Panasonic reported that shared UID was broken
o If the user installs malware, then the attacker could share
UIDs with an existing installed app, like the browser
o Breaks Application Sandbox

Security Philosophy
Finite time and resources
Humans have difficulty understanding risk
Safer to assume that
o Most developers do not understand security
o Most users do not understand security
Security philosophy cornerstones
o Need to prevent security breaches from occurring
o Need to minimize the impact of a security breach
o Need to detect vulnerabilities and security breaches
o Need to react to vulnerabilities and security breaches
swiftly

Section I: The Basics

Why Biometric Authentication?
Frauds in industry
Identification vs. Authentication

What is Biometrics?
The automated use behavioral and physiological
characteristics to determine or veiry an identity.
Rapid!
Know

Be

Have

Frauds in industry happens in

the following situations:

Safety deposit boxes and vaults

Bank transaction like ATM withdrawals
Access to computers and emails
Credit Card purchase
Purchase of house, car, clothes or jewellery
Getting official documents like birth certificates or
passports
Obtaining court papers
Drivers licence
Getting into confidential workplace
writing Checks

Why Biometric Application?

To prevent stealing of possessions
that mark the authorised person's
identity e.g. security badges,
licenses, or properties
To prevent fraudulent acts like faking
ID badges or licenses.
To ensure safety and security, thus
decrease crime rates

Identification vs.
Authentication

Identification

Authentication

It determines the
identity of the person.

It determines whether
the person is indeed
who he claims to be.
Identity claim from the
user
One-to-one mapping.
The cost of computation
is independent of the
number of records of
users.

No identity claim
Many-to-one mapping.
Cost of computation
number of record of
users.

Captured biometric
signatures come from a
set of known biometric
feature stored in the
system.

Captured biometric
signatures may be
unknown to the system.

Section II: Biometric

Technologies
Several Biometric Technologies
Desired Properties of Biometrics
Comparisons

Types of Biometrics

Fingerprint
Face Recognition
Session III
Hand Geometry
Iris Scan
Voice Scan
Session II
Signature
Retina Scan
Infrared Face and Body Parts
Keystroke Dynamics
Gait
Odour
Ear
DNA

Biometrics
2D Biometrics (CCD,IR, Laser, Scanner)

1D Biometrics

Fingerprint

Fingerprint Extraction and Matc

Hand Geometry

Captured using a CCD camera, or LED

Orthographic Scanning
Recognition Systems Crossover = 0.1%

IrisCode

Face
Principal Component Analysis

Desired Properties

Universality
Uniqueness
Permanence
Collectability
Performance
Users Accpetability
Robustness against Circumvention

Compariso
n
Biometric Type

Accuracy

Ease of Use

User Acceptance

Fingerprint

High

Medium

Low

Hand Geometry

Medium

High

Medium

Voice

Medium

High

High

Retina

High

Low

Low

Iris

Medium

Medium

Medium

Signature

Medium

Medium

High

Face

Low

High

High

Section III: A Multi-model

Biometrics
Multi-modal Biometrics
Pattern Recognition Concept
A Prototype

Multimodal Biometrics

Pattern Recognition
Concept
Sensors

Biometrics

Extractors
Image- and
signal- pro.
algo.

Classifiers

Data Rep. Feature

1D (wav),
Vectors

Negotiator
Threshold

Scores

Voice, signature
acoustics, face, 2D (bmp,
fingerprint, iris, tiff, png)
hand geometry, etc

Enrolment

Training
Submission

Decision:
Match,
Non-match
Inconclusiv

An Example:
A Multi-model
System
Sensors Extractors Classifiers Negotiator
Accept/
Reject

ID
Face
Face
Face
Extractor Feature MLP
2D (bmp)

AND

Voice
Voice
Voice
Extractor Feature MLP
1D (wav)

Objective: to build a hybrid and expandable biometric app. prototype

Potential: be a middleware and a research tool

Abstraction
Negotiation

Logical AND

Diff. Combination Strategies.

e.g. Boosting, Bayesian

Learning-based
Classifiers

NN, SVM,

Extractors

Voice MLP
Voice Ex

Face MLP
Face Ex

Different Kernels (static or dynamic)

Basic Operators

Cl-q

Ex-q

{LPC, FFT, Wavelets, {Fitlers, Histogram Equalisation,

Clustering, Convolution, Moments}
data processing}

Signal Processing, Image Procesing

Data Representation
Biometrics

1D
Voice,
signature acoustics

2D
Face, Fingerprint,
Iris, Hand Geometry, etc.

3D
Face

An Extractor Example: Wave

Processing Class
fWaveProcessing
cWaveProcessing

cWaveOperator
1 1
Operators

cWaveStack cPeripherique cFFT

Audio

cFFilter cWavelet cLPC

cDataProcessing

Output data

Input data

Operants
1 1
cWaveObject

LSIIT, CNRS-ULP, Groupe de Recherche en Intelligence Artificielle

System Architecture in
Details

Visage

Normalisation Apprentissage et
+ Codage
Reconnaissance

Dtection des yeux

Moment

-50

-50
0

Vert
Bleu
Hue
Saturation
Intensit

10

20

30

40

50
0

50

50

100

100

In te nsity

10

20

30

40
Grey Scale

150

150

200

200

250

250
Intensity

A verage In tensity of each row s

Filtre deTrouver Trouver Inondation +

base Y
X
Convolution

Extraction

Rseau des
neurones

w1

Accepter,
Rejeter

Base des donnes

Identit

Voix
Frquence

Transformation de londelette
Effacer les
silences

Dcision

Normalisation Apprentissage et
+ Codage
Reconnaissance

w2

C0 C1 C2 C3 C4 C5 C6 C7
C9 C10 C11 C12
C13 C14

Temps

C15

Rseau des
neurones

Pour plus de renseignements : Pr J. Korczak, Mr N. Poh <jjk, poh>@dpt-info.u-strasbg.fr

Biometric Applications

Identification or Authentication (Scalability)?

Semi-automatic or automatic?
Subjects cooperative or not?
Storage requirement constraints?
User acceptability?

Biometrics-enabled
Authentication Applications
1. Cell phones, Laptops, Work Stations,
PDA & Handheld device set.
2. Door, Car, Garage Access

3. ATM Access, Smart card

Image Source : http://www.voice-security.com/Apps.html

Biometrics-enabled
Identification Applications
1. Forensic : Criminal Tracking
e.g. Fingerprints, DNA Matching
2. Car park Surveillance
3. Frequent Customers Tracking

Application by
Technologies
Biometrics

Vendo
rs

Market
Share

Applications

Fingerprint

90

34%

Hand
Geometry

26%

Law enforcement; civil

government; enterprise
security; medical and
financial
Time andtransactions
attendance

Face
Recognition

12

15%

Voice
Authenticat
ion
Iris
Recognition

32

11%

systems, physical
access
Transaction
authentication; picture
ID duplication
prevention;
surveillance
Security, V-commerce

9%

Banking, access control

Commercial Products
The Head
The Eye
The Face
Eye-Dentify
Visionics
IriScan
Miros
Sensar
Viisage
Iridian
The Hand
The Fingerprint
Hand Geometry
Identix
Advanced
BioMouse
Biometrics
The FingerChip
Recognition
Veridicom
Systems
Other Information
Bertillonage
International Biometric Group
Palmistry

The Voice
iNTELLiTRAK
QVoice
VoicePrint
Nuance
Behavioral
BioPassword
CyberSign
PenOp

Introduction
Wireless stations, or nodes, communicate over a wireless
medium
Networks operating under infrastructure mode e.g., 802.11,
802.16, Cellular networks
Networks operating with limited or no infrastructural
support e.g., ad hoc networks in AODV mode

Security threats are imminent due to the open nature of

communication
Two main issues: authentication and privacy
Other serious issues: denial-of-service

A categorization is required to understand the issues in

each situation.

Introduction Wireless
Technologies
Different technologies have been
developed for different scenarios and
requirements
WiFi is technology for Wireless LANs and
short range mobile access networks
WiMAX is technology for last mile
broadband connectivity
Wireless USB is technology for Internet
connectivity on the go
Other technologies like Infrared (TV
remotes etc), Bluetooth (soon to be
obsolete) etc are short range
Extreme bandwidth but short range
technologies are Gigabit wireless etc

Introduction

Fixed Infrastructure
Base stations that are typically not resource
constrained.
Examples: sensor networks, and cellular
networks.
Mobility of nodes but not of base stations.

Introduction

Ad hoc wireless networks

No infrastructural support.

Image from
www.microsoft.com

Nodes also double up as routers.

Mobility of nodes.
Examples laptops/cellphones operating in ad hoc
mode.

Introduction
Mixed mode
In between the two modes.
Some nodes exhibit ad hoc capability.

Introduction
To formalize study and solutions, need
good models for these networks.
Formal model to characterize the properties
and solutions
Models that are close to reality
Still allow for solution design and analysis.

Introduction
Solution properties
Light-weight
Have to use battery power wisely.
Other resources, such as storage, are also
limited.

Local control
Many cases, only neighbours are known.
Any additional information gathering is
expensive.

Introduction
Difficulty of modeling wireless networks
as opposed to wired networks:
Transmission
Interference
Resource constraints
Mobility
Physical carrier sensing

Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for
each Layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems

Models of Wireless Networks

u
R

u'
v

Unit disk graph model

Given a transmission radius R, nodes u,v
are connected if d(u,v) R

Models of W ireless
Networks
R

u
R

u'

Unit disk graph model

Given a transmission radius R, nodes u,v
are connected if d(u,v) R.
Too simple model transmission range
could be of arbitrary shape.

Models of Wireless Networks

u
v'

v
w

Packet Radio Network (PRN)

Can handle arbitrary shapes
Widely used
Nodes u, v can communicate directly if they
are within each other's transmission range, rt.

What is the problem?

u
v'

v
w

Model for interference too simplistic

What is the problem?

u
v'

rt
v

rt

rt

v
w

ri

n2

w can still interfere at u

PRN model fails to address certain interference
problems in practice

Models of Wireless Networks

Transmission Range, Interference

Range
Separate values for transmission
range, interference range.
Interference range constant
times bigger than transmission
range.
Used in e.g., [Adler and
Scheideler '98], [Kuhn et. al., '04]

ri

u'

u r
t
v
w

Models of Wireless Networks

Transmission Range, Interference
Range
Separate values for transmission
range, interference range.
Interference range constant
times bigger than transmission
range.
Used in e.g., [Adler and
Scheideler '98], [Kuhn et. al., '04]
What is the problem?
Extension of unit disk model to
handle interference

ri

u'

u r
t
v
w

Model Based on Cost

Function
Edge (u,v) Er
if and only if
c(u,v) r

b
a

Gr = (V, Er), set of nodes V, Euclidean

distance d(u, v)
c is a cost function on nodes
symmetric: c(u,v) = c(v,u)
[0,1), depends on the environment
c(u,v) [(1 )d(u, v), (1 + ) d(u, v)]

Transmission and Interference Range

u
ri(P)
v'

v
rt(P)
w

c(v,w)
rt(P)
c(v, v')
ri(P)

Transmission range rt(P), Interference

range, ri(P)
If c(v,w) ri(P), node v can cause interference at node w.
If c(v,w) rt(P) then v is guaranteed to receive the message from
w provided no other node v' with c(v, v') ri(P) also transmits at
the same time.

Carrier Sensing
Virtual carrier sensing using RTS/CTS.
Physical Carrier Sensing
Provided by Clear Channel Assessment
(CCA) circuit.
Monitor the medium as a function of
Received Signal Strength Indicator (RSSI)
Energy Detection (ED) bit set to 1 if RSSI
exceeds a certain threshold
Has a register to set the threshold in dB

Physical Carrier Sensing

rsi(T,P)
v'

rst(T,P)

c(w,v) rst(T,
P)

v''

c(w, v') rsi(T,

P)

w
v

c(w, v'') rsi(T,

range,
rst(T, P)
P)

Carrier sense transmission (CST)

Carrier sense interference (CSI) range, rsi(T, P)
Beyond the CSI range, sensing is not possible.

Both the ranges grow monotonically in T and P.

Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions at
each layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems

Various Layers of Interest Physical

Layer
Physical Layer
802.11 standard supports several data
rates between 11 Mbps and 54 Mbps
802.16 support multiple data rates from
2Mbps to 300 Mbps
Several modulation schemes in use and
support different conditions and data rates
AM, FM, PSK, BPSK, QPSK, FDM, OFDM, OFDMA,
...

Physical Layer WiFi

Stands for Wireless Fidelity Range of
Technologies
Technology that uses IEEE 802.11 protocol standards
802.11b operates at 2.4 Ghz using DSSS
Has three non-overlapping channels with 11mbps max

802.11g operates at 2.4 Ghz resp, with 20 Mhz,

OFDM
Achieves 54 Mbps and inter-operable to 802.11b

802.11a operates at 5GHz using OFDM

About 4-8 (depending on country) non-overlapping
channels
Bandwidth achieved is 54 Mbps

Various Layers of Interest

MAC Layer
MAC Layer
Medium access control is an important
requirement.
Collision detection (CSMA/CD) not possible
unlike wired networks.
Hence using Collision avoidance (CSMA/CA)

Functions of MAC
Scanning, Authentication, Association, WEP,
RTS/CTS, Power Save options, Fragmentation

Various Layers of Interest

MAC Layer
DATA

DATA

802.11 MAC
Use Physical Carrier Sensing to sense for a
free medium.
Explicit ACKs to indicate reception of packet.
Results in the problem of hidden node.
Use Virtual Carrier Sensing using RTS/CTS.

Various Layers of Interest

MAC Layer
A
B
DATA

C
D
DATA

Virtual Carrier Sensing cannot solve

the exposed node problem.
A and D cannot succeed simultaneously.

Other MAC Techniques

Cell phone networks
Node to base station and vice-versa.
Fixed frequency for communication pair (FDD).
Separate frequencies for each pair.
Different technologies Analog/CDMA/GSM
support different number of simultaneous
communications per band.

802.16 has a Receive/Grant model which

is basically TDD (Time-Division Duplexing)
More efficient than FDD.

MAC Layer
More recent solutions address issues
such as, especially with respect to ad
hoc networks
self-stabilization
Dynamism
Efficiency
Fairness

Various Layers Network

Layer
Route packets in the
network.

Routing in infrastructure based networks is

similar to IP routing
All the base stations have a wired IP interface
which is used by the routers/switches to
forward data
Issues like handoffs are handled through
techniques like Mobile IP or Cellular Handoffs
or Soft-handoffs as done in Mobile WiMAX
Now, for network without infrastructure the
problem is difficult as the routes are transient

Various Layers Network

Layer
Ad hoc networks
No easy solutions but different proposals
exist.
Two kinds: proactive and reactive
Proactive: Maintain lot of state, proactive
updates.
Example: DSDV, DSR

Reactive: Minimal state, react to changes.

Example: AODV

Other Important Layers

Transport layer
This is important layer especially since the
wireless medium suffers from high bit-error
rate and collisions.
To offset this wireless technologies rely less on
TCPs reliability mechanism
This is mostly handled at physical layer
through techniques like FEC and other error
correcting codes

Application Layer
Notion of an application layer protocol
Email/Web/Games/SMS/MMS

Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for
each Layer
Security Issues and Threats at each Layer
Security Solutions
Open Problems

Threats in Present Solutions

MAC Layer
A
z

Denial of Service
Can hog the medium by sending noise
continuously.
Can be done without draining the power of the
adversary.
Depends on physical carrier sensing threshold.

Threats in Present Solutions

MAC Layer
00:1A:A0:FD:FF:2E
00:0C:76:7F:DF:49
00:13:D3:07:2F:A8
00:2F:B8:77:EA:B5

802.11 standard uses Access Control

Lists for admission control.
If MAC address not in the list, then the
node is denied access.
But easy to spoof MAC addresses.

Threats in Present Solutions Network

Layer
Ad hoc networks
Network layer
Denial-of-service attacks
Broadcast nature of communication
Packet dropping
Route discovery failure in ad hoc network
Packet rerouting

Threats in Present Solutions Network

Layer
Source
Source

A
z

Destination

Nodes Disrupting Routes

Denial-of-service
Easy to mount in wireless network protocols.
One strategically adversary can generally
disable a dense part of the network.

Threats in Present Solutions Network

Layer
RREQ(a)
RREQ(b)
RREQ(c)
.

A
z

Can simply engage in conversation and drain battery

power of other nodes power exhaustion attack
Send lot of RREQ messages but never use the routes.

Threats in Present Solutions Network

Layer

s
t

Broadcast nature of communication

Each message can be received by all nodes
in the transmission range
Packet sniffing is a lot easier than in wired
networks.
Poses a data privacy issue

Threats in Present Solutions Network

Layer

RREQ
RREQ

Route discovery in ad hoc networks

AODV discovers route by RREQ/RREP.
Few adversarial nodes can fail route discovery.
Difficult to detect route discovery failures.
Also vulnerable to RREP replays.

Threats in Present Solutions Network

Layer
Packet dropping
Wired networks can monitor packet drops
reasonably
Such mechanisms are resource intensive
for wireless networks
AODV has timeouts but no theoretical
solutions
Difficult to distinguish packet drops, say
RREQs, from non-existence of route itself

Nodes some times behave selfishly to

preserve resources

Threats in Present Solutions Network

Layer

s
t

Packet rerouting also known as data plane attacks.

Attacker reveals paths but does not forward data
along these paths.
Control plane measures do not suffice.
Difficult to trace in wired networks also [Gouda,
2007].

Threats in Present Solutions Network

Layer

Application Layer
Easy to infect mobile devices.
Rerouting content through the base
station poses privacy issues.
Bluetooth networks and ad hoc networks do
not have a base station facility.

Contrast with wired networks with

firewalls, filters, sandboxes.

Outline
Introduction
Models of Wireless Networks
Various Layers and Current Solutions for
each Layer
Security Issues and Threats at each
Layer
Security Solutions
Open Problems

Security Solutions
Requirements

Need solutions that do not add any perceivable burden

Cryptography can help
Public key solutions
Public key operations about 1000 times slow compared to
symmetric key operations.
Cost of SHA-1 = 2 microseconds
Cost of RSA signature verification = order of millisec

Symmetric key solutions for privacy and authentication

Issue: How to distribute and manage keys?

Security Solutions for 802.11

Networks
Previous WEP (Wired Equivalent
Privacy) based on RC4 is prone to
attacks
Privacy is not guaranteed as the key
streams could be easily recovered
Weaknesses in RC4 are well documented

Authentication is weak as well due to

weak encryption technique
Challenge-response using pre-shared keys is
prone to attacks if encryption is weak

Previous WEP Solution using RC4

802.11 Hdr

Encapsulate
802.11 Hdr

IV

Data

Decapsulate
Data

ICV

RC4 is a Vernam Cipher meaning primary operations are XOR with pseudorandom bytes
Per-packet encryption key is 24-bit IV concatenated to a pre-shared key
Integrity Check Vector (ICV) is CRC-32 over plain-text (used as Message
Authentication Code)
Data and ICV are encrypted using per-packet encryption key
Problem

RC4 is weak (as the IV is reused) and can allow an attacker to get the key stream
used
The ICV can enable one to check the validity of the key stream recovered

WEP Authentication Model

AP

Wireless
Node
Shared secret distributed out of band
Challenge (Nonce)
Response (Nonce RC4 encrypted under shared
key)
Decrypted nonce OK?

WEP Authentication Based on RC4

Authentication key is distributed out-of-band
Access Point generates a randomly generated challenge
Station encrypts challenge using pre-shared secret

Problem: Challenge-responses of valid users can be recorded and key

stream can be recovered due to RC4 working
Attacker can use the keys to encrypt any future challenges

Security Solution for 802.11 Networks:

802.11i Model

Solution Requirements
Mutual authentication
Scalable key management for large
networks
Central authorization and accounting
Support for extended authentication like
smart cards
Key Management Issues
Need to dynamically manage keys to avoid
manual reconfiguration difficulties especially
for large networks

Broadcast Security
K1, K2, K3,
K4, K5

K1, K2, K4
K1, K3, K4

K2, K5, K3
K1, K5, K4

K1, K2, K3

K2, K5, K4

K1, K3, K5

K1, K2, K5
Message

MACK1(M) MACK2(M) MACK3(M)

MACK4(M) MACK5(M)

Maintain a set O(log N)

Each satellite node gets a subset of log n keys of S.
Privacy: use XOR of keys to communicate with the user
Authentication: sender adds MAC using all its keys
Each node verifies signatures that can be generated using its
subset of keys

Broadcast Security
K1, K2, K3
K4, K5, K6,
K7, K8

K1, K2, K4
K1, K3, K4

K2, K5, K3
K1, K5, K4

K1, K2, K3

K2, K5, K4
K1, K3, K5

K1, K2, K5

Collusion is an issue
A larger pool of keys can be selected
For N users O(log N) keys can give good results
Scales well as the sender only needs to give a new subset of keys to a new user

Security Solutions
Privacy in a Peer-to-peer situation
Public-key cryptography can be of use but expensive
Key distribution is a major hurdle given that communicating
parties are not known in advance
Anyone can communicate with any one

Trivial Solution: one unique key per pair of users work

Expensive
Not scalable if new user gets added
Revocation is little more tricky

Scalable approach : key pre-distribution

Email Security

SMU

CSE 5349/49

Threats
Threats to the security of e-mail itself
Loss of confidentiality
E-mails are sent in clear over open networks
E-mails stored on potentially insecure clients
and mail servers

Loss of integrity
No integrity protection on e-mails; body can
be altered in transit or on mail server

Lack of data origin authentication

Lack of non-repudiation
Lack of notification of receipt
SMU

CSE 5349/7349

Threats Enabled by E-mail

SMU

Disclosure of sensitive information

Exposure of systems to malicious code
Denial-of-Service (DoS)
Unauthorized accesses etc.

CSE 5349/7349

What are the Options

Secure the server to client connections (easy
thing first)

POP, IMAP over ssh, SSL

https access to webmail
Very easy to configure
Protection against insecure wireless access

Secure the end-to-end email delivery

The PGPs of the world
Still need to get the other party to be PGP aware
Practical in an enterprise intra-network environment

SMU

CSE 5349/7349

Email based Attacks

Active content attack
Clean up at the server (AV, Defang)

Buffer over-flow attack

Fix the code

Shell script attack

Scan before send to the shell

Trojan Horse Attack

Use do not automatically use the macro option

Web bugs (for tracking)

Mangle the image at the mail server

SMU

CSE 5349/7349

Email SPAM
Cost to exceed $10 billion
SPAM filtering
Content based required hits
White list
Black list
Defang MIME

SMU

CSE 5349/7349

PGP

SMU

PGP=Pretty Good Privacy

First released in 1991, developed by Phil Zimmerman
Freeware: OpenPGP and variants:
OpenPGP specified in RFC 2440 and defined by IETF
OpenPGP working group.
www.ietf.org/html.charters/openpgp-charter.html
Available as plug-in for popular e-mail clients, can also
be used as stand-alone software.

CSE 5349/7349

PGP
Functionality
Encryption for confidentiality.
Signature for non-repudiation/authenticity.

Sign before encrypt, so signatures on

unencrypted data - can be detached and
stored separately.
PGP-processed data is base64 encoded

SMU

CSE 5349/7349

PGP Algorithms
Broad range of algorithms supported:
Symmetric encryption:
DES, 3DES, AES and others.

Public key encryption of session keys:

RSA or ElGamal.

Hashing:
SHA-1, MD-5 and others.

Signature:
RSA, DSS, ECDSA and others.
SMU

CSE 5349/7349

Introduction
This presentation is designed to give you a brief
overview of the top 10 most critical Internet
Security threats.
These arent the only threats.just the most
common at the moment.
Hopefully, well eliminate these threats and
create a new list next year.
The Top 10 and Top 20 documents are in
Appendix A of this presentation.

ITTIP Seminar

Copyright 2001 R.C.Marchany

123

Introduction
Well review the original Top 10 list first
Well review the new items in the Top 20
Well also provide a list of common ports
to filter or monitor.

ITTIP Seminar

Copyright 2001 R.C.Marchany

124

Why Are We Vulnerable?

Computer systems and programs have become
more complex in the past 25 years.
Quality control hasnt been able to keep up due
to market pressures, programming skill
deficiencies, etc.
Most of these programs/systems are based on
code that was never intended to be production
quality.They were proof of concept programs
that became the basis of production systems.

ITTIP Seminar

Copyright 2001 R.C.Marchany

125

So Many Systems, Not Enough

Time..
2.3 million hosts are connected to the Net each
month. There arent 2.3 million sysadmins.
Something has to give.
Unfortunately, its the sysadmin.
Not enough training, too many conflicting
demands on their time.
The Prime Directive: Keep the system up!
Patch the system? When I have time.

ITTIP Seminar

Copyright 2001 R.C.Marchany

126

Hacking = Rocket Science? Not!

Any good hacker can write the attack tool.
The real skill is making so easy to use that
a CEO could launch the attack.
There are lots of hacker WWW sites
where you can get these tools. These
sites try to outdo each other by designing
the best, baddest, user-friendly site.

ITTIP Seminar

Copyright 2001 R.C.Marchany

127

Why Are the Attacks Successful?

We didnt close all the doors because
were too busy doing real stuff.
If the hackers got caught, we didnt punish
them. It would be too embarrassing to admit
we got hit. Our Incident Response Plans were
inadequate.

ITTIP Seminar

Copyright 2001 R.C.Marchany

128

Why Are the Attacks

Successful?
The attack designers studied (cased) the
target code carefully.
A lot of attacks are based on Buffer
Overflows.
Example: a program expects 80 input characters
max. You give it 5000 characters. How does the
code handle it?

ITTIP Seminar

Copyright 2001 R.C.Marchany

129

Summary
Most of the successful system and network
attacks exploit a small set of vulnerabilities.
The Top 10 list briefly describes this set of
vulnerabilities and gives you references to
learning more about them.
More importantly, it gives you some suggested
fixes for the problem.
Our individual security depends on our mutual
security.

ITTIP Seminar

Copyright 2001 R.C.Marchany

130

Top 20 List Organization

Vulnerabilities that affect all systems
Unix/Linux
Windows
Mac
Mainframes

Windows Vulnerabilities
Unix Vulnerabilities

ITTIP Seminar

Copyright 2001 R.C.Marchany

131

Top 20 Summary
General Affects all Systems

G1: Default OS Installations

G2: Accounts with Weak or No Passwords
G3: Non-existent or Incomplete Backups
G4: Large Number of Open Ports
G5: Incorrect Ingress/Egress Packet Filtering
G6: Non-existent or Incomplete Logging
G7: Vulnerable CGI Programs

ITTIP Seminar

Copyright 2001 R.C.Marchany

132

Top 20 Summary
Windows
W1: Unicode Vulnerability
W2: ISAPI Extension Buffer Overflows
W3: IIS RDS Exploit
W4: Unprotected NETBIOS Shares
W5: Null Sessions
W6: Weak Hashing in SAM (LM Hash)

ITTIP Seminar

Copyright 2001 R.C.Marchany

133

Top 20 Summary
Unix
U1: RPC buffer Overflows
U2: Sendmail Vulnerabilities
U3: BIND
U4: R Commands
U5: LPD Buffer Overflow
U6: sadmind mountd Buffer Overflow
U7: Default SNMP

ITTIP Seminar

Copyright 2001 R.C.Marchany

134

We Live in the Age of Big

Data
Big Data refers to the acquisition and
analysis of massive collections of
information, collections so large that until
recently the technology needed to analyze
them did not exist.
And more:

Datafication
Massive amounts of unstructured messy data
Otherwise unnoticed patterns
Indiscriminate collection
Indefinite retention for unpredictable future uses

Datafication

Massive Messy Data

Big Data analysis requires collecting
massive amounts of
messy data .
Messy data: The data is not in a uniform format
as one would see in traditional database, it is
not annotated (semantically tagged).
A technological breakthroughs was to find
ways to manipulate and analyze such data.
Massive amounts: think of every tweet ever
tweeted. They are all in the Library of Congress.
400 million tweets a day in 2013.

Patterns We Would Not

Notice
Big Data analytics can reveal important
patterns that would otherwise go unnoticed.
Taking the antidepressant Paxil together with
the anti-cholesterol drug Pravachol could result
in diabetic blood sugar levels. Discovered by
(1) using a symptomatic footprint characteristic of
very high blood sugar levels obtained by analyzing
thirty years of reports in an FDA database, and
(2) then finding that footprint in the Bing searches
using an algorithm that detected statistically
significant correlations. People taking both drugs
also tended to enter search terms (fatigue and
headache, for example) that constitute the
symptomatic footprint.

Benefits of Big Data

Big Data analytics can reveal important
patterns that would otherwise go unnoticed.
Taking the antidepressant Paxil together with
the anti-cholesterol drug Pravachol could result
in diabetic blood sugar levels. Discovered by
(1) using a symptomatic footprint characteristic of
very high blood sugar levels obtained by analyzing
thirty years of reports in an FDA database, and
(2) then finding that footprint in the Bing searches
using an algorithm that detected statistically
significant correlations. People taking both drugs
also tended to enter search terms (fatigue and
headache, for example) that constitute the
symptomatic footprint.

Obama and Big Data

Aiming to make the most of the fast-growing
volume of digital data, the Obama
Administration today announced a Big Data
Research and Development Initiative. By
improving our ability to extract knowledge and
insights from large and complex collections of
digital data, the initiative promises to help solve
some the Nations most pressing challenges.
Office of Science and Technology Policy, Obama
Administration Unveils Big Data Initiative:
Announces $200 Million In New R&D Investments
(Executive Office of the President, March 29, 2012),
http://www.whitehouse.gov/sites/default/files/micro
sites/ostp/big_data_press_release.pdf.

Foreign governments
Voluntary information sharing,
Reporting requirements
Government
Internal sharing

Reporting

External
sharing

Privacy and
security
requirements

Investigati
on

Institutio
n
Transparenc
y
requirement
s
Investigation

Consumers and others seeking

services

Surveillanc
e

Indiscriminate Collection
Big Data typically involves collecting diverse
types of data.
In an intelligence driven security model, the definition
of security data expands considerably. In this new
model, security data encompasses any type of
information that could contribute to a 360-degree view
of the organization and its possible business risks.
Sam Curry et al., Big Data Fuels Intelligence-Driven
Security (RSA, January 2013), 4,
http://www.emc.com/collateral/industryoverview/big-data-fuels-intelligence-driven-securityio.pdf.

Indefinite Retention,
Unpredictable Uses
The information is typically retained for a
long time
to use in unpredictable ways.
as the Pravochol/Paxil example illustrates.
The example also illustrates the rationale:
the discovery of patterns we might not
otherwise notice.

Loss of Informational
Privacy
Informational privacy is the ability to
determine for ourselves what information
about us others collect and what they do
with it.
None of the developments just outlined
can happen without a loss of control over
our data.

We Lose Control, They Gain

It
Information
aggregators

Our data
Businesses

Government

We can
determine
where you
work, how you
spend your
time, and with
whom, and
with 87%
certainty
where you'll be
next Thursday
at 5:35 p.m.

Increased
power to
control from
knowing
our location
data.

But James Rule, pre-Big

Data
Information processing practices now share a
distinctive and sociologically crucial quality: they
not only collect and record details of personal
information; they are also organized to provide
bases for action toward the people concerned.
Systematically harvested personal information, in
other words, furnishes bases for institutions to
determine what treatment to mete out to each
individual . . . Mass surveillance is the distinctive
and consequential feature of our times.
James Rule, Privacy in Peril, 2007,
completed in 2006

New Privacy Problems?

Changed privacy problems.
A particularly complex and difficult
tradeoff problem takes center stage.
Big Data presents a much wider range of
both risks and benefitsfrom detecting
drug interactions to reducing emergency
room costs to improving police response
times.

Privacy Advocates and

Courts
Privacy advocates insist that
We adopt severe restrictions on data collection,
use, and retention, and .
that courts should see the invasion of privacy
as a compensable harm.

Courts
Refuse to see a mere invasion of privacy as a
compensable harm
Do not curtailed massive data collection, and
Rarely hold businesses liable for data breaches .

And the Rest of Us: What We

Want
More control over our information, but without
giving up the advantages information processing
secures:
We are willing trade.
Humphrey Taylor, Most People Are Privacy
Pragmatists Who, While Concerned about Privacy,
Will Sometimes Trade It Off for Other Benefit, THE
HARRIS POLL (2003).

What is the current mechanism for making

privacy tradeoffs?
Government: Constitutional and statutory constraints on
government surveillance.
Dana Priest and William M. Arkin, Top Secret America: The Rise of the
New American Security State.

Private business: Notice and Choice .

Notice and Choice

The notice is the presentation of information
Typically in a privacy policy.

The choice is some action by the consumer

Typically using the site, or clicking on an I agree
button.

Claims:
1. Notice and Choice ensure free and informed
consent.
2. The pattern of free and informed consent
defines an acceptable tradeoff between privacy
and the benefits of information processing.

What We HaveContractually
Realized Notice and Choice
Advertisin
g
ecosyste
m
Business
Government
Consumer
Payment
system

Aggregator
s

The Dominant Paradigm

It is well known that these claims are false.
Even so, Notice and Choice dominates
public policy in both the US and the EU.
An unsympathetic but not entirely inapt
analogy: The old joke about the drunk and
the streetlight.
Why do policy makers and privacy
advocates continue to look under the
streetlight of Notice and Choice when it is
clear that consent is not there?

The Failure of Notice and

Choice
Notice and Choice fails to
To ensure free and informed consent.
To define an acceptable tradeoff
between privacy and the benefits of
information processing.

I focus on the problems about

informed consent.

Informed Consent
Impossible
Two features of the advertising
system make it impossible for a
Notice to contain enough
information:
Complexity, and
Long-term data retention.

Complexity
The specificity assumption: informed
consent requires knowing specific
detail about what happens with the
ones information.
The advertising system is too
complex for a Notice to provide the
required detail.

Long-Term Data Retention

Current practice is to store information for
a long time, to be used in ways we cannot
now predict.
What we cannot predict now we cannot
now write down in a privacy policy, so
it is not possible for the policy to be
informative enough.

The Wrong Tradeoff

Why would individual decisions based on
information available at the time somehow
add up an acceptable tradeoff?
Even if Notices could, per impossible,
contain all relevant information, and even if
all visitors read and understood Notices, they
would not have the information they need.
The information required to adequately
balance the benefits and risks concerns
complex society-wide consequences that
unfold over a long period of time.

Data Restrictions
Proponents of Notice and Choice insist on
restrictions on data collection and use:
The Federal Trade Commission: Companies
should
limit data collection to that which is consistent
with the context of the transaction or the
consumers relationship with the business
implement reasonable restrictions on the
retention of data and should dispose of it once
the data has outlived the legitimate purpose for
which it was collected.

How Do We Get Out of

Here?
Notice and Choice first.
Wemy co-author Robert Sloan and Ithink
what policy makers have missed is the role of
informational norms,
Norms that govern the collection, use, and
distribution of information.
What follows is a bare bones outline of the
idea, for more
Robert Sloan and Richard Warner, Unauthorized
Access: The Crisis in Online Privacy and Security,
July 2013, http://
www.crcpress.com/product/isbn/9781439830130 .

What Norms Can Do

When informational norms govern online
businesses data collection and use
practices, website visitors
give free and informed consent
to acceptable tradeoffs.
As long as the norms are consistent with
our values. Call such norms valueoptimal.

Informed Consent
A visitors consent is informed if the visitor
can make a reasonable evaluation of the
risks and benefits of disclosing information.
Suppose visitors know transactions are
governed by value-optimal norms, then:
they know that uses of the visitors
informationboth uses now and uses in the
unpredictable futurewill implement
tradeoffs between privacy and competing
goals that entirely consistent with their
values.

Tradeoffs
All informational normsvalue-optimal and
non-value-optimal alikeimplement a
tradeoff between privacy and competing
concerns.
They permit some information processing, and
thus secure some of its benefits, but they protect
privacy by allowing only certain processing.

When the norm is value-optimal, the tradeoff

it implements it is justified by visitors values.
The tradeoff is acceptable in this sense.

The Lack of Norms Problem

Rapid advances in technology have
created many situations for which we lack
relevant value-optimal informational
norms. Two cases:
(1) relevant norms exist, but they are
not value-optimal;
(2) relevant norms do not exist at all.

Now What About Privacy

Harms?
The norms approach worksif indirectly.
We can reduce the risk of harm problem by
reducing unauthorized access.
Can we reduce it to the point that we can
adequately address the remaining increased
risk of harm through existing means
insurance and recovery from identity theft?
Whether we can is a matter of norms
appropriate product-risk norms for software.
and appropriate service-risk norms for
malware.

Access Controls
From (ISC)2 Candidate Information
Bulletin:
Access control is the collection of
mechanisms that permits managers of a
system to exercise a directing or restraining
influence over the behavior, use, and
content of a system. It permits
management to specify what users can do,
which resources they can access, and what
operations they can perform on a system.
166

Access Controls
From (ISC)2 Candidate Information
Bulletin:
The candidate should fully understand
access control concepts, methodologies and
implementation within centralized and
decentralized environments across the
enterprises computer systems. Access
control techniques, detective and corrective
measures should be studied to understand
the potential risks, vulnerabilities, and
exposures.
167

Access Control Overview

Access Controls: The security features
that control how users and systems
communicate and interact with one
another.
Access: The flow of information between
subject and object
Subject: An active entity that requests
access to an object or the data in an
object
Object: A passive entity that contains
information
168

Security Principles
The three main security principles
also pertain to access control:
Availability
Integrity
Confidentiality

169

Identification, Authentication, and

Authorization
Identification, Authentication, and
Authorization are distinct functions.
Identification
Authentication
Authorization

Identity Management: A broad term to

include the use of different products to
identify, authenticate, and authorize users
through automated means.

170

Identification
Identification
Method of establishing the subjects
(user, program, process) identity.
Use of user name or other public
information.
Know identification component
requirements.

171

Authentication
Authentication
Method of proving the identity.
Something a person is, has, or does.
Use of biometrics, passwords,
passphrase, token, or other private
information.

Strong Authentication is important

172

Authentication
Biometrics
Verifies an identity by analyzing a
unique person attribute or behavior
(e.g., what a person is).

Most expensive way to prove

identity, also has difficulties with
user acceptance.
Many different types of biometric
systems, know the most common.
173

Authentication
Most common biometric systems:
Fingerprint
Palm Scan
Hand Geometry
Iris Scan
Signature Dynamics
Keyboard Dynamics
Voice Print
Facial Scan
Hand Topography
174

Authentication
Biometric systems can be hard to
compare.
Type I Error: False rejection rate.
Type II Error: False acceptance rate.
This is an important error to avoid.

Crossover Error Rate

175

Authentication
Passwords
User name + password most common
identification, authentication scheme.
Weak security mechanism, must
implement strong password protections
Implement Clipping Levels

176

Authentication
Techniques to attack passwords
Electronic monitoring
Access the password file
Brute Force Attacks
Dictionary Attacks
Social Engineering

Know difference between a password

checker and a password cracker.
177

Authentication
Passphrase
Is a sequence of characters that is
longer than a password.
Takes the place of a password.
Can be more secure than a password
because it is more complex.

178

Authentication
One Time Passwords (aka Dynamic
Passwords)
Used for authentication purposes and
are only good once.
Can be generated in software (soft
tokens), or in a piece of hardware

179

Authentication
Two types of Token Devices (aka
Password Generator)
Synchronous
Time Based
Counter Synchronization

Asynchronous

Know the different types of devices and

how they work.

180

Authentication
Smart Cards and Memory Cards
Memory Cards: Holds but cannot process
information.
Smart Cards: Holds and can process
information.
Contact
Contactless
Hybrid
Combi

181

Authentication
Attacks on Smart Cards
Fault Generation
Microprobing
Side Channel Attacks (nonintrusive
attacks)

182

Differential Power Analysis

Electromagnetic Analysis
Timing
Software attacks

Authentication
Hashing & Encryption
Hash or encrypting a password to ensure
that passwords are not sent in clear text
(means extra security)

Windows environment, know syskey

modes.
Salts: Random values added to
encryption process for additional
complexity.

183

Authentication
Cryptographic Keys
Use of private keys or digital signatures
to prove identity

Private Key
Digital Signature
Beware digital signature vs. digitized
signature.

184

Authorization
Authorization
Determines that the proven identity has
some set of characteristics associated
with it that gives it the right to access
the requested resources.

185

Authorization
Access Criteria can be thought of as:
Roles
Groups
Location
Time
Transaction Types

186

Authorization
Authorization concepts to keep in
mind:
Authorization Creep
Default to Zero
Need to Know Principle
Access Control Lists

187

Authorization
Problems in controlling access to
assets:
Different levels of users with different
levels of access
Resources may be classified differently
Diverse identity data
Corporate environments keep changing

188

Authorization
Solutions that enterprise wide and single
sign on solutions supply:
User provisioning
Password synchronization and reset
Self service
Centralized auditing and reporting
Integrated workflow (increase in productivity)
Regulatory compliance

189

Authorization
Single Sign On Capabilities
Allow user credentials to be entered one
time and the user is then able to access all
resources in primary and secondary
network domains

SSO technologies include:

Kerberos
Sesame
Security Domains
Directory Services
Dumb Terminals
190

Access Control Models

Access Control Models:
Three Main Types
Discretionary
Mandatory
Non-Discretionary (Role Based)

191

Access Control Models

Discretionary Access Control (DAC)
A system that uses discretionary access
control allows the owner of the resource
to specify which subjects can access
which resources.
Access control is at the discretion of the
owner.

192

Access Control Models

Mandatory Access Control (MAC)
Access control is based on a security
labeling system. Users have security
clearances and resources have security
labels that contain data classifications.
This model is used in environments where
information classification and confidentiality
is very important (e.g., the military).

193

Access Control Models

Non-Discretionary (Role Based)
Access Control Models
Role Based Access Control (RBAC) uses
a centrally administered set of controls
to determine how subjects and objects
interact.
Is the best system for an organization
that has high turnover.

194

Access Control Techniques

There are a number of different access
controls and technologies available to
support the different models.
Rule Based Access Control
Constrained User Interfaces
Access Control Matrix
Content Dependent Access Control
Context Dependent Access Control

195

Access Control Techniques

Rule Based Access Control
Uses specific rules that indicate what can
and cannot happen between a subject and
an object.
Not necessarily identity based.
Traditionally, rule based access control has
been used in MAC systems as an
enforcement mechanism.

196

Access Control Techniques

Constrained User Interfaces
Restrict users access abilities by not
allowing them certain types of access, or
the ability to request certain functions or
information

Three major types

Menus and Shells
Database Views
Physically Constrained Interfaces
197

Access Control Techniques

Access Control Matrix
Is a table of subjects and objects indicating
what actions individual subjects can take
upon individual objects.

Two types
Capability Table (bound to a subject)
Access Control List (bound to an object)

198

Access Control Techniques

Content Dependent Access Control:
Access to an object is determined by the
content within the object.
Context Based Access Control: Makes
access decision based on the context of
a collection of information rather than
content within an object.

199

Access Control Administration

First an organization must choose the

access control model (DAC, MAC, RBAC).
Then the organization must select and
implement different access control
technologies.
Access Control Administration comes in
two basic forms:
Centralized
Decentralized

200

Access Control Administration

Centralized Access Control

Administration:
One entity is responsible for overseeing
access to all corporate resources.
Provides a consistent and uniform method
of controlling access rights.
Protocols: Agreed upon ways of
communication
Attribute Value Pairs: Defined fields that
accept certain values.

201

Access Control Administration

Types of Centralized Access Control

Radius
TACAS
Diameter

202

Access Control Administration

Decentralized Access Control

Administration:
Gives control of access to the people who
are closer to the resources
Has no methods for consistent control, lacks
proper consistency.

203

Access Control Methods

Access controls can be implemented
at various layers of an organization,
network, and individual systems
Three broad categories:
Administrative
Physical
Technical (aka Logical)

204

Access Control Methods

Administrative Controls
Policy and Procedure
Personnel Controls
Separation of Duties
Rotation of Duties
Mandatory Vacation

Supervisory Structure
Security Awareness Training
Testing

205

Access Control Methods

Physical Controls
Network Segregation
Perimeter Security
Computer Controls
Work Area Separation
Data Backups
Cabling
Control Zone

206

Access Control Methods

Technical (Logical) Controls
System Access
Network Architecture
Network Access
Encryption and protocols
Auditing

207

Access Control Types

Each control works at a different level of
granularity, but can also perform
several functions
Access Control Functionalities
Prevent
Detect
Correct
Deter
Recover
Compensate
208

Access Control Types

Security controls should be built on the
concept of preventative security
Preventative Administrative Controls
Includes policies, hiring practices, security
awareness

Preventative Physical Controls

Includes badges, swipe cards, guards, fences

Preventative Technical Controls

Includes passwords, encryption, antivirus
software

209

Accountability
Accountability is tracked by recording
user, system, and application
activities.
Audit information must be reviewed
Event Oriented Audit Review
Real Time and Near Real Time Review
Audit Reduction Tools
Variance Detection Tools
Attack Signature Tools
210

Accountability
Other accountability concepts
Keystroke Monitoring
Can review and record keystroke entries by a
user during an active session.
A hacker can also do this
May have privacy implications for an
organization

Scrubbing: Removing specific

incriminating data within audit logs

211

Access Control Practices

Know the access control tasks that need
to be accomplished regularly to ensure
satisfactory security. Best practices
include:
Deny access to anonymous accounts
Enforce strict access criteria
Suspend inactive accounts
Replace default passwords
Enforce password rotation
Audit and review
Protect audit logs
212

Access Control Practices

Unauthorized Disclosure of
Information
Object Reuse
Data Hiding

Emanation Security
Tempest
White Noise
Control Zone
213

Access Control Monitoring

Intrusion Detection
Three Common Components
Sensors
Analyzers
Administrator Interfaces

Common Types

214

Intrusion Detection
Intrusion Prevention
Honeypots
Network Sniffers

Access Control Monitoring

Two Main Types of Intrusion Detection
Systems
Network Based (NIDS)
Host Based (HIDS)

HIDS and NIDS can be:

Signature Based
Statistical Anomaly Based
Protocol Anomaly Based
Traffic Anomaly Based

Rule Based

215

Access Control Monitoring

Intrusion Prevention Systems
The next big thing
Is a preventative and proactive
technology, IDS is a detective
technology.
Two types: Network Based (NIPS) and
Host Based (HIPS)

216

Access Control Monitoring

Honeypots
An attractive offering that hopes to lure
attackers away from critical systems

Network sniffers
A general term for programs or devices
that are able to examine traffic on a LAN
segment.

217

Threats to Access Control

A few threats to access control
Insiders
Countermeasures include good policies and procedures,
separation of duties, job rotation

Dictionary Attacks
Countermeasures include strong password policies,
strong authentication, intrusion detection and prevention

Brute Force Attacks

Countermeasures include penetration testing, minimum
necessary information provided, monitoring, intrusion
detection, clipping levels

Spoofing at Logon
Countermeasures include a guaranteed trusted path,
security awareness to be aware of phishing scams, SSL
connection
218

Where firewalls fit in the

corporate landscape

Firewall topics

Why firewall?
What is a firewall?
What is the perfect firewall?
What types of firewall are there?
How do I defeat these firewalls?
How should I deploy firewalls?
What is good firewall architecture?
Firewall trends.

What are the risks?

Theft or disclosure of internal data

Unauthorized access to internal hosts
Interception or alteration of data
Vandalism & denial of service
Wasted employee time
Bad publicity, public embarassment, and
law suits

What needs to be secured?

Crown jewels: patent work, source
code, market analysis; information
assets
Any way into your network
Any way out of your network
Information about your network

Why do I need a firewall?

Peer pressure.
One firewall is simpler to administer
than many hosts.
Its easier to be security
conscientious with a firewall.

What is a firewall?
As many machines as it takes to:
be the sole connection between inside
and outside.
test all traffic against consistent rules.
pass traffic that meets those rules.
contain the effects of a compromised
system.

Firewall components
All of the machines in the firewall
are immune to penetration or
compromise.
retain enough information to recreate
their actions.

The Perfect firewall

Lets you do your business
Works with existing security
measures
has the security margin of error
that your company needs.

The security continuum

Easy to use

Secure

Ease of use vs. degree of security

Cheap, secure, feature packed,
easy to administer? Choose three.
Default deny or default accept

Policy for the firewall

Who gets to do what via the Internet?
What Internet usage is not allowed?
Who makes sure the policy works and is
being complied with?
When can changes be made to
policy/rules?
What will be done with the logs?
Will we cooperate with law
enforcement?

What you firewall matters

more than which firewall you
use.

Internal security policy should show

what systems need to be guarded.
How you deploy your firewall
determines what the firewall
protects.
The kind of firewall is how much
insurance youre buying.

How to defeat firewalls

Take over the firewall.
Get packets through the firewall.
Get the information without going
through the firewall.

A partial list of back doors.

personal modems
vendor modems
partner networks
home networks
loose cannon
experts

employee hacking
reusable passwords
viruses
helpful
employees
off-site backup &
hosting

Even perfect firewalls cant

fix:
Tunneled traffic.
Holes, e.g. telnet, opened in the
firewall.
WWW browser attacks / malicious
Internet servers.

Priorities in hacking through a

firewall
Collect information.
Look for weaknesses behind the
firewall.
Try to get packets through the
firewall.
Attack the firewall itself.
Subvert connections through the
firewall.

Information often leaked

through firewalls

DNS host information

network configuration
e-mail header information
intranet web pages on the Internet

Ground-floor windows

mail servers
web Servers
old buggy daemons
account theft
vulnerable web browsers

Attacking the firewall

Does this firewall pass packets when
its crashed?
Is any software running on the
firewall?

Minimal restriction, good

security
Stateful packet filter, dmz, packet
filter, intrusion detection.

Inside

The Multimedia Nightmare

Proxy

CACHE

Inside

secure multimedia & database content to

provided to multiple Internet destinations.
Web server is acting as authentication &
security for access to the Finance server.

Firewalls in multiple
locations

VPN over internal LAN

Identical proxies on both sides.

Low end, good security, for low

threat environments
Packet filter, Sacrificial Goat web server,
Application Firewall, bastion host running
logging & Store & Forward proxies

Store &
Forward

Inside

Basic Computer Security

Why Computer Security

The Internet is a dangerous place
We are constantly being scanned for weak or
vulnerable systems; new unpatched systems
will be exploited within minutes.

Fermilab is an attractive target

High network bandwidth is useful for attackers
who take over lab computers
Publicity value of compromising a .gov site
Attackers may not realize we have no
information useful to them

Why Computer Security - 2

We need to protect
Our data
Our ability to use our computers (denial of
service attacks)
Our reputation with DOE, Congress and the
general public

Major sources of danger

Running malicious code on your machine due to
system or application vulnerabilities or improper
user actions
Carrying infected machines (laptops) in from off
site

Critical Systems
Defined as critical to the mission of
the Laboratory, i.e. disruption may
have major impact on Laboratory
operations;
Most things do not fall in this category;

Special (more stringent) rules &

procedures apply;
Including periodic reviews;

Youll know if youre in this category;

Computer Security Incidents

Mandatory incident reporting;
Report all suspicious activity:
If urgent to FCC Helpdesk, x2345, 24x7;
Or to system manager (if immediately
available);
Non-urgent to computer_security@fnal.gov;

Incidents investigated by Fermi Computer

Incident Response Team (FCIRT);
Not to be discussed!

Your role as a user

Guard against malicious code in
email
Dont open attachments unless you are
sure they are safe
Dont trust who email is from
Updated and enabled virus signatures

Guard against malicious code from

web browsing

Your role - 2
Obey Strong Authentication Policy (Kerberos)
Dont run network services (login or read write ftp)
unless they demand Kerberos authentication
Treat your kerberos password as a sacred object (never
expose it over the network)

Promptly report potential computer security

incidents
X2345 or computer_security@fnal.gov
Follow FCIRT instructions during incidents (especially
about keeping infected machines off the network and
preserving the status of an infected machine for expert
investigation)

Other Computing Policy Issues

Data backup
Incidental use
Privacy
Offensive material
Licensing

Data Backup Policy - Users

Users (data owners) responsible for
determining:
What data requires protection;
How destroyed data would be recovered, if
needed;
Coordinating backup plan w/ sysadmins;
or doing their own backups;

If the backup is done for you it might be

worth occasionally checking that you can
really retrieve the data

Incidental Computer Usage

Fermilab permits some non business
use of lab computers
Guidelines are at
http://computing.fnal.gov/security/P
roperUse.htm

Activities to Avoid
Large grey area, but certain activities
are over the line;
Illegal;
Prohibited by Lab or DOE policy;
Embarrassment to the Laboratory;
Interfere w/ performance of job;
Consume excessive resources;

Privacy of Email and Files

Fermilab normally respects the privacy
of electronic files and email;
Employees and users are required to do
likewise;
Certain exemptions for system
managers and computer security
response;
All others must have Director(ate)
approval;

Privacy of Email and Files

May not use information in another
persons files seen incidental to any
activity (legitimate or not) for any
purpose w/o either explicit permission of
the owner or a reasonable belief the file
was meant to be accessed by others.
Whether or not group/world accessible;
Group files implicitly may be used by the
group for the mission of the group;

Offensive Material on
computers
Many computer security complaints
are not;
Material in a computer is like material
in a desk;
With respect to both privacy and
appropriateness;

This is a line management, not

computer security, concern (except in
egregious cases).

Software Licensing
Fermilab is strongly committed to
respecting intellectual property rights
Any use of unlicensed commercial
software is a direct violation of lab
policy

Thank you