ITIS 3200 Introduction to Information Security and Privacy

Yongge Wang (yonwang@uncc.edu)

How does the course work?

Course site: Moodle Midterm Exams: 30% Final exam: 30% Assignment and Projects: 35% Participation: 5%

Temporary Important Dates (not fixed)

Midterm Exams (tentative): October 12, 2011 Final exam: December 14, 8:00pm 10:30pm, 2011 (check UNCC website for the final date)

Other details

Office hours: Wednesday 4:00pm6:00pm at Woodward Hall 310G Drop in any time or send an email Slides on web site, a few hours before class TA:

Textbooks

Textbooks William Stallings and Lawrie Brown. Computer Security, Principles and Practice. Pearson Prentice Hall. ISBN-13: 978-0-13-600424-0. ISBN-10: 0-13-600424-5. Recommended Reading

Optional readings: Ross Anderson. Security Engineering, a guide to building dependable distributed systems. ISBN: 0471389226

Policies

Discussion of project is allowed, collaboration costs points Please DO observe the academic integrity, cheating is immediately out

Key Security Concepts: FIPS 199

Confidentiality

Only authorized people can see protected data Prevention/detect/deter improper disclosure of information

Confidentiality (cont.)

What do we mean by secure communication?

We will often use Alice and Bob Alice is on a vacation and wants to send a command to her assistantBobor just a computer to control the nuclear power plant, how can she do that?

Confidentiality (cont.)

There are eavesdroppers that can listen on the communication channels Information needs to be forwarded through packet switches, and these switches can be reprogrammed to listen to or modify data in transit Is it hopeless for Alice?

Integrity

Prevent/detect/deter improper modification of information

Precise Accurate Unmodified Modified only in acceptable way Modified by authorized subject Consistent

Availability

Prevent/detect/deter improper denial of access to services provided by the system

Timely response Fair allocation

Computer Security Challenges

1. 2. 3.

4.
5. 6.

7.
8. 9.

10.

not simple must consider potential attacks procedures used counter-intuitive involve algorithms and secret info must decide where to deploy mechanisms battle of wits between attacker / admin not perceived on benefit until fails requires regular monitoring too often an after-thought regarded as impediment to using system

Security concepts and relationships

Achieving security

Policy Mechanism Assurance

what? how? how well?

Security Policy

Computerized Information System Policy

Organizational Policy

Risk Management

Mitigate (reduce) risk to a level acceptable to the organization

Threats, vulnerabilities, and risks

Threats

Possible attacks on the systems Weakness that may be exploited to cause loss or harm A measure of the possibility of security breaches and severity of the ensuing damage

Vulnerabilities

Risks

Threats

Passive attacks
1. 2.

Illegal interception Traffic analysis Denial of Service un-authorised modification Fabrication (Impersonation) Replay Man-in-the-middle attacks

Active attacks
1. 2.

3.
4. 5.

Illegal Interception

also called un-authorised access example: US military Tempest program measures how far away an intruder must be before eavesdropping is impossible.

The movement of electron can be measured from a surprising distance (control zone)

Eavesdropper

Traffic analysis

Military applications (spy identification) Onion routing http://www.onionrouter.net/ Anonymizer http://www.anonymizer.com/ Findnot: http://www.findnot.com P2P anonymization http://www.pdos.lcs.mit.edu/tarzan/index. html Untraceable E-mails: Mix by David Chaum

Denial of Service

also called Interruptionrecent example: DDoS information resources (hardware, software and data) are deliberately made unavailable, lost or unusable, usually through malicious destruction
S R

Un-authorized Modification

un-authorised access & tampering with a resource (data, programs, hardware devices, copy of hand-written signature, etc.)

Perpetrator

Fabrication and Impersonation

fabricate counterfeit objects (data, programs, devices, etc) impersonation/masquerading

to gain access to data, services etc S

Masquerader: from S

Replay attacks

The attacker records a valid transaction and plays it back again later Most often when a same shared key is used between two peers Defending against replay attacks is possible but painful as it requires maintenance of state

Man-in-the-middle attack
MITM attacks: Alice attackerreal site There are several reported attacks (we will come to this topic later) Mafia in the Middle attack Alice coffee Jewelry

IFF System

IFF = Identify Friend or Foe Used by the military to avoid shooting at friendly units Unless implemented correctly IFF systems may subject to man-in-the-middle attack

MITM in real life (1)

In the late 1980s, the South African Defense Force (SADF) was fighting a war in northern Namibia and southern Angola with a goal to keep Namibia under white rule and impose UNITA as a client government During this conflict, the Cubans broke the South African Air Force (SAAF) identify-friend-or-foe (IFF) system by performing a man-in-the-middle attack SADF casualties were proof that air supremacy was lost, and a factor in abandoning Nambia

MITM in real life (2)

Cubans waited until SAAF bombers cross into Angola airspace Cubans then sent MIGs directly into SA air space in Namibia SAAF anti-aircraft defenses challenge incoming MIGs using IFF MIGs relay challenge to Angolan anti-aircraft defenses devices Angolan devices bounce the IFF challenge to the SAAF bombers and then relayed back to the MIGs in real time MIGs use it to cause the SAAF anti-aircraft defenses to stand down

MITM in real life (3)

Angola anti-aircraft station 2 5 4 3

MIG 1

SAAF F15

Namibia SAAF anti-aircraft station

Identification of Risk

Actual threat Possible consequences Probable frequency Likely hood of event

Risk Analysis Terms

Asset Resource, product, data Threat Action with a negative impact Vulnerability Absence of control Safeguard Control or countermeasure

Risk Analysis

Exposure Factor

% of asset loss caused by threat

Single Loss Expectancy (SLE) Expected financial loss for single event

SLE = Asset Value x Exposure Factor represents estimated frequency in which threat will occur within one year

Annualized Rate of Occurrence (ARO)

Annualized Loss Expectancy (ALE) Annually expected financial loss

ALE = SLE x ARO

X.800: Security Architecture for OSI

X.800, Security Architecture for OSI systematic way of defining requirements for security and characterizing approaches to satisfying them defines:

security attacks - compromise security security mechanism - act to detect, prevent, recover from attack security service - counter security attacks

Security Taxonomy

Security Trends

Computer Security Losses

Security Technologies Used

Computer Security Strategy

specification/policy

what is the security scheme supposed to do? codify in policy and procedures how does it do it? prevention, detection, response, recovery does it really work? assurance, evaluation

implementation/mechanisms

correctness/assurance

Reading Assignments

Chapter 1 of the textbook and some of the recommended readings and web sites mentioned in section 1.8