Fundamental of Security

41900
Welcome to the world of security!

Some admin stuff

Subject Coordinator Dr. Richard Xu

Lecturer: Richard Xu
Tutors: TBA
Subject Outline will be on each UTS Online

Assessment
2 Quiz (25%: 12.5% each)
At a unified time, week 6, week 10 , 40 min ( I will remind
you again 2 weeks before, Please make arrangements)
Project (20%) Group-based Implementation, you can
code it any language you prefer
assessment on individuals understanding
Exam (55%) you need to get at least 45/100 in the
exam to pass the whole subject.

Textbook
Good news: There is NO textbook for this subject!
Some good reference you may find:

William Stalling,
Cryptography and Network
Security, 4th Edition

William Stalling,
Network Security
Essential, 5th Edition

Why study security?

Important skill to have:
In terms of career development:
3,757 jobs contains the word security" under Information
Communication Technology in SEEK.com @ 22/02/14
In contrast, 3,126 jobs contain the word network" under
Information Communication Technology in SEEK.com @
22/02/14
In terms of academic studies:
Prerequisite to many other subjects
A research path

A security path Security sub-major

Prerequisite for subjects:
48730: Network Security
48436: Digital Forensics
41890: Applying Network Security

SMJ10048 Network Security Sub-major

This sub-major gives students the opportunity to master both
theoretical and practical aspect of modern security technologies
and practices. It includes security fundamentals, network security,
digital forensics, mobile networking, network planning and
management.
48740 Communications Networks
31275 Mobile Networking
48750 Network Planning and Management
41900 Fundamentals of Security
48730 Network Security
48436 Digital Forensics
CBK90366 ICT choice
Total

6cp
6cp
6cp
6cp
6cp
6cp
18cp
54cp

Ok
Lets get started!

First of all: give a definition of

Information Security
According to US Code: The term information
security means protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction in
order to provide:
Confidentiality
Integrity
Availability
Lets look at these meanings in a minute

Course content

Introduction to Security (Today)

Fundamental of Cryptography
Symmetric Encryption
Cryptographic mathematics
Public-key cryptography
Information security applications
Intrusion Modelling and Detection
Security for Network applications
Memory Security
File System Security
Virus and Computer Security
Advanced Information Security Topics

History of this subject

Network
Security (old)
(48730)
Network Security (new) (48730)
Fundamental of Security (41900)

Introduction to Security (Today)

Fundamental of Cryptography
Symmetric Encryption
Cryptographic mathematics
Public-key cryptography
Information security applications
Intrusion Modelling and Detection
Security for Network applications
Memory Security
File System Security
Virus and Computer Security
Advanced Information Security Topics

Introduction to network security

Crypto Revision
SSL and SSH protocols
Windows and Linux Security
DNS, Web Servers and SQL Databases
Key Distribution and User
authentication
Access control and wireless
Vulnerabilities and pen Testing
SNMP and WMI
Electronic Mail and IP Security
SNMP and WMI
Firewalls

Rest of Todays lecture

Firstly Lets examine the Security Design
Principals and some of its techniques
Secondly, Lets look at the Security Goals
Lastly, lets look at some of the Security
organizations

Security design principals and

techniques
Imagine you are designing some security
system from scratch
What best practices would you adopt?
Lets take a look at some examples of the
techniques.

Design Principal and Techniques Principle of least privilege

Each part of the system has only the privileges that are
needed for its function. That way even if an attacker
gains access to that part, they have only limited access to
the whole system.

A non-computer example: University

environment
A Computer examples: Unix access control file
permission
Some more extreme example: SE Linux

SELinux TE Policy
Type Enforcement:
default: no access
allow <source type> <target type> : <object class>
(<permissions>);
allow a user process to execute a shell script:
allow user_t bin_t : file (read execute
getattr);

SELinux Type Enforcement

TE rule:
alllow initrc_t snort_etc_t: file read;

Subjects (processes) in the initrc_t domain

can read files labeled with the snort_etc_t
type, i.e. the SysV init process can read
the contents of the /etc/snort directory tree

Design Principal and Techniques

Code Reviews and Unit Testing
These are approaches to make
modules more secure.
Verify the functionality and
security of a specific section
of code, usually at the
function level.
In an OO environment, this is
usually at the class level
Large programming
environment

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

#include <stdio.h>
#include <string.h>
void print( const char * );
int main()
{
print( "Mitt Romney" );
print( "Newt Gingrich" );
print( "Rick Santorum" );
print( "Ron Paul" );
return 0;
}
void print( const char *name )
{
int indent = 100 / (strlen(name) - 8) / 2;
for( int i = 0; i < indent; i++ )
printf( " " );
printf( "%s\n", name );
}

Taking from:
http://www.gimpel.com/html/newbugs/

Design Principal and Techniques Defence in depth

Multiple layers of security controls (defence) are
placed throughout an information technology (IT)
system.
To provide redundancy in the event a security
control fails or a vulnerability is exploited that can
cover aspects of personnel, procedural, technical and
physical for the duration of the system's life cycle.

Defense in Depth
To defend a system against any particular attack using
several independent methods:
Anti virus software
Authentication and password
security
Biometrics
Demilitarized zones (DMZ)
Firewalls (hardware or software)
Hashing passwords
Intrusion detection systems (IDS)

Logging and auditing

Packet filters
Timed access control
Internet Security Awareness Training
Virtual private network (VPN)
Sandboxing
Intrusion Protection System

Design Principal and Techniques Default secure settings

Design to "fail secure" rather than fail insecure
Ideally, a secure system should require a
deliberate, conscious, knowledgeable and free
decision on the part of legitimate authorities in
order to make it insecure.
For example, windows server 2008

For example: Packet Filtering Firewall

Configurations
Packet filtering firewalls are usually set up by a
configuration file. The script allows and restricts
access. There are two types of firewall script design.

Exclusive : An exclusive firewall allows all traffic

through except for the traffic matching the rule-set.
Inclusive : only allows traffic matching the rules
through and blocks everything else.

Firewall Configuration Inclusive Type

Design Principal and Techniques Audit trails

Tracking system activity, so that when a security
breach occurs, the mechanism and extent of the
breach can be determined. Storing audit trails
remotely, where they can only be appended to,
can keep intruders from covering their tracks.
Honeypot of IDS system

Design Principal and Techniques

Full disclosure
To ensure that when bugs are found the
"window of vulnerability" is kept as short as
possible.
This is why encryptions algorithm are generally
known to public

Next
We will discuss security goals.
Some of them are more applicable to network
rather than general information security..

Goals of Network Security

Major Goals
Confidentiality
Integrity
Availability
Other Goals
Entity Authentication
Message Origin Authentication
Timeliness
Non-Repudiation
Authorisation
Access Control

Goals of Information Security

(1) Confidentiality
A and B do not want their messages read by other people.
This is the network security goal of confidentiality.
The general technique used to ensure confidentiality is
encryption of messages.

An example of a breach of confidentiality : Someone reads

the plaintext packets being exchanged between A and B
by running a program such as Wireshark.
If the packets are securely encrypted even though they are
captured they cannot be read.

Goals of Information Security

(2) Integrity
A and B do not want their messages changed by other
people. This is the network security goal of integrity.
The general techniques used to ensure integrity are hashes
and Message Authentication Codes (MAC).

The term Message Authentication is also used as a

synonym for integrity.

Goals of Information Security

(3) Availability
Availability refers to the ability for a service to be available.

A wants to be able to connect to B (ignoring considerations

of entity authentication etc.). A situation where B is
deliberately sent a large number of false requests or other
unnecessary traffic, making it difficult for a
legitimate request for a connection is a Denial of Service
(DOS) attack. When a lot computers are involved in
sending the unnecessary traffic to B, it is a Distributed
Denial of Service (DDOS).

Goals of Network Security

(4) Entity Authentication
A wants to be sure that the entity saying it is B really is B
and not an imposter. Similarly, B wants to be sure that the
entity that says its A really is A.
The general techniques used to ensure entity
authentication are passwords, authentication protocols,
key exchange protocols and third party certificates.
Entity Authentication is also relevant in the context of
users identifying themselves to use resources on a network
or to log on to a particular host. Entity authentication is
also called identification.

Goals of Network Security

(5) Message Origin Authentication
A wants to be sure that the messages supposedly coming
to it from B, really are coming from B. Similarly B wants to
be sure that messages supposedly coming from A really are
coming from A. This is Message Origin Authentication. It is
sometimes called Data Origin Authentication.

Techniques used to verify the origin of a message include

Message Authentication Codes (MACs), digital signatures
and appending an authenticator to a message before
encryption.

Goals of Network Security

(6) Timeliness
If A and B conduct a completely secure conversation
over a network, it is conceivable that a third party may
copy the conversation and use it to masquerade as either
A or B in a future conversation. This is known as a replay
attack.
Timeliness means that a secure conversation cannot be
used as a basis for a replay attack. Some of the techniques
used to prevent a replay attack include timestamps,
nonces and random numbers.

Goals of Network Security

(7) Non-repudiation (origin)
(8) Non-repudiation (destination)
A may want to be sure that B cannot deny having sent a
particular message to A. This feature is Non-repudiation
(origin).
A wants to be sure that B really received a particular
message that A sent. This feature is Non-repudiation
(destination).

Goals of Network Security

(9) Authorisation
Authorization is official permission to carry out certain
actions. For example, a particular computer on a network
has resources that are available to a particular set of users.
Not all users of the network are authorised users of the
particular computer.
Authorisation allows users to do certain things.
Passwords are an authorisation technique. Upon entering
their username and password, authorised users are given
access to some resources on the computer. The concept is
related to but different from access control.

Goals of Network Security

(10) Access Control
Access control refers to the ability to restrict access to
resources to certain users. The concept is closely related
to authorisation but different. Access control restricts users
from doing certain things.
A good example of access control is the rights granted to
users of database systems different users are restricted in
what tables they can read and what tables they can write to.
Only the database administrator has full rights over all
tables. The restriction of the privileges of normal database
users is an example of access control.

Some more depth in Access Control

How do we control the level of access
that each agent has for each object in system?
What, and how, can an authenticated user
use a resource or object?

Unix has permission bits that allow some

control of access
rwxrwxrwx: discussed previously

Simplified version of Access Control Matrix

Not actually used in most general form
25/02/2015

Operating Systems for Network Security

(32523)

36

Example of Access Control Matrix

file1
tom RW
jerry RO

25/02/2015

file2
NONE
NONE

file3
NONE
RW

Operating Systems for Network Security

(32523)

printer
W
NONE

37

Access Control Matrix: Discussion

Full access control matrix would be huge
For UTS FEIT > 1200 users
> 1 000 000 objects
> 1GB storage required

Most entries in full matrix would be denials

of access
Other entries show clear patterns
25/02/2015

Operating Systems for Network Security

(32523)

38

Storing Access Control Matrix

When permission bits are inadequate,
elements of the matrix can be stored:
by row:Access Control Lists (ACL's)
by column:

Capability Lists

Both solutions give equivalent protection,

but have different effects
Systems often use a combined approach
25/02/2015

Operating Systems for Network Security

(32523)

39

Access Control Lists

Each object e.g. a file or a class, has an

associated list saying which agent can use it,
and how
Rights to the object

Lists can be reduced by, e.g.:

Common lists (e.g. all Bruce's C source files)
Showing privileges for groups, instead of
individuals

Each entry in list will have:

Agent or group id
Permissions granted / denied

Examples: setfacl(1), Cisco ACLs

25/02/2015

Operating Systems for Network Security

(32523)

40

Capability Lists
Each agent has tickets allowing use of
specified objects
Once acquired provides efficient access by
agent to object
Tickets may be:
Permanent or one-time
Transferable to other agents or
restricted to original owner
Revokable
25/02/2015

Operating Systems for Network Security

(32523)

41

Comparison
ACLs are object-centric; capabilities are user-oriented
ACLs and capabilities offer similar levels of protection
Capabilities give least privilege

Take up about same amount of resources

ACLs seem easier
No problems of transferring between agents
Seem to be used for static privileges rather than dynamic
e.g. one-time

Both approaches have been used in many systems

25/02/2015

Operating Systems for Network Security

(32523)

42

Summary of Terms
The terms we have looked at as Security Goals
are widely used in Network Security literature.
The differences between some of them are
often quite subtle.
You should understand each of them clearly.
They can often apply in non-computing
scenarios.
Particular scenarios often involve the
interaction of a number of security goals.

Scenario involving security goals

When a customer checks into a hotel, he is
required to present his/her passport
(entity authentication).
For an exam, student are required to sign the front
page of each answer book
(non-repudiation of origin).
After receiving an email, the sender is requesting
the recipient of his/her acknowledgement.
(non-repudiation of destination).
The sealed envelope used in ancient time.
(Integrity ).

Scenario involving security goals

When a customer checks into a hotel, he is
required to present his/her passport
(entity authentication).
For an exam, student are required to sign the front
page of each answer book
(non-repudiation of origin).
After receiving an email, the sender is requesting
the recipient of his/her acknowledgement.
(non-repudiation of destination).
The sealed envelope used in ancient time.
(Integrity ).

Scenario involving security goals

When a customer checks into a hotel, he is
required to present his/her passport
(entity authentication).
For an exam, student are required to sign the front
page of each answer book
(non-repudiation of origin).
After receiving an email, the sender is requesting
the recipient of his/her acknowledgement.
(non-repudiation of destination).
The sealed envelope used in ancient time.
(Integrity ).

Scenario involving security goals

When a customer checks into a hotel, he is
required to present his/her passport
(entity authentication).
For an exam, student are required to sign the front
page of each answer book
(non-repudiation of origin).
After receiving an email, the sender is requesting
the recipient of his/her acknowledgement.
(non-repudiation of destination).
The sealed envelope used in ancient time.
(Integrity ).

Scenario involving security goals

When a customer checks into a hotel, he is
required to present his/her passport
(entity authentication).
For an exam, student are required to sign the front
page of each answer book
(non-repudiation of origin).
After receiving an email, the sender is requesting
the recipient of his/her acknowledgement.
(non-repudiation of destination).
The sealed envelope used in ancient time.
(Integrity ).

Lastly
We will be looking at the some of the security
organizations

Security bodies: NIST - CSD

National Institute of Standards and Technology (NIST)
Computer Security Division's (CSD)
Security Technology Group (STG)
Involved in the development, maintenance, and promotion of a
number of standards and guidance that cover a wide range of
cryptographic technology.
aims to develop a comprehensive Cryptographic Toolkit that will
enable U.S. Government agencies and others to select
cryptographic security components and functionality for
protecting their data, communications, and operations.
41900 students, you may view the toolkit from this website:
http://csrc.nist.gov/groups/ST/toolkit/index.html

Security bodies: NIST - STG

http://csrc.nist.gov/groups/ST/toolkit/index.html
The above website states the security method in which NIST approves. For
examples, under Encryption algorithm, it states that:
Currently, there exist three (3) Approved* encryption algorithms: AES,
Triple DES, and Skipjack.

Security bodies: IETF

The Internet Society
Professional membership society, 100+ organizations,
20,000+ individual members, 180+ countries.
Provides leadership in addressing issues that confront
the future of the Internet
Organization home for the groups responsible for
Internet infrastructure standards

Internet Engineering Task Force (IETF)

Internet Architecture Board (IAB)

Security bodies: IETF

http://tools.ietf.org/html/rfc3365

IETF has several security protocols and standards:

IP Security (IPsec [RFC2411])
Transport Layer Security (TLS [RFC2246])
Simple Authentication and Security Layer (SASL
[RFC2222]
Generic Security Service Application Programming
Interface (GSSAPI [RFC2743])

Security bodies: ITU-T

ITU-T : International Telecommunication Union
Telecommunication Sector
A UN specialised agency. Releases some
standards relevant to network security. In
particular the X.509 PKI (Public Key
Infrastructure) standard and the X.800
Security Architecture Standard.

Some of the Australian Bodies

ASD - CSOC
The Cyber Security Operations Centre (CSOC) was established in the Australian Signals
Directorate (ASD). CSOC has two main roles:
provide government with a better understanding of sophisticated cyber threats
against Australian interests
Coordinate and assist operational responses to cyber events of national
importance across government and systems of national importance.

AISA
The Australian Information Security Association (AISA) is an Australian representative
industry body for the information security profession.