SECURITY

PROTECTION VS SECURITY

• Protection: provide controlled access to programs and data

stored in a computer system
• Security, requires an adequate protection system and
consideration of the external environment as well. A
protection system is ineffective if a program is run by an
unauthorized user.
 THE SECURITY PROBLEM
• Unscrupulous competitors in the Corporate world.
• Loss of such data can seriously impair the working of the corporation.

• System is secure if its resources are used and accessed as intended under
all circumstances
• Total security cannot be achieved. However, we must have mechanisms to
make security breaches a rare occurrence, rather than the norm.

• Security violations can be categorized as intentional(malicious)or

accidental
SOME TERMINOLOGY

• Intruder/cracker: Those attempting to breach security.

• Threat: Potential for a security violation (discovery of a
vulnerability)
• Attack: Attempt to break security.
TYPES OF VIOLATION
• Breach of confidentiality:
Unauthorized reading of data (theft of information)
Capturing secret data from a system or a data stream, such as credit-
card or identity information can result directly in money for the intruder.
• Breach of integrity:
Unauthorized modification of data.
Results in passing of liability to an innocent party or modification of the
source code of an important commercial application.
• Breach of availability:
Unauthorized destruction of data.
Gain status or bragging rights than gain financially
Eg: Website defacement
TYPES OF VIOLATION

• Theft of service:
Unauthorized use of resources.
Intruder may install a daemon on a system that acts as a file
server.
• Denial of service:
Preventing legitimate use of the system.
DOS attacks are sometimes accidental.
 STANDARD METHODS IN ATTEMPTS TO
BREACH SECURITY.
• Masquerading
One participant in a communication pretends to be someone else
Here, attackers breach authentication and obtain privileges to which they
would not normally be entitled.
• Replay a captured exchange of data.
Malicious or fraudulent repeat of a valid data transmission.
Repeat of a request to transfer money!!
Message modification
• Man-in-the-middle
Attacker sits in the data flow of a communication, masquerading as the
sender to the receiver, and vice versa.
 FOUR LEVELS OF SECURITY
• Physical
The site or sites containing the computer systems must be physically secured
against armed or surreptitious entry by intruders. Both the machine rooms and the
terminals or workstations that have access to the machines must be secured.
• Human
Authorization must be done carefully to assure that only appropriate users have
access to the system. Even authorized users, may be tricked into allowing access
via social engineering. One type of social-engineering attack is phishing. Here, a
legitimate-looking e-mail or web page misleads a user into entering confidential
information.
Dumpster diving: attempting to gather information in order to gain unauthorized
access to the computer (by looking through trash, finding phone books, or finding
notes containing passwords, for example).These security problems are
management and personnel issues, not problems pertaining to operating systems.
 FOUR LEVELS OF SECURITY
• Operating system
The system must protect itself from accidental or purposeful security
breaches. A runaway process could constitute an accidental denial-of-
service attack. A query to a service could reveal passwords. A stack
overflow could allow the launching of an unauthorized process.
• Network
Much computer data in modern systems travels over private leased lines,
shared lines like the Internet, wireless connections, or dial-up lines.
Intercepting these data could be just as harmful as breaking into a
computer, and interruption of communications could constitute a remote
denial-of-service attack, diminishing users’ use of and trust in the system.
ENDING NOTES

• Security at the first two levels must be maintained if

operating-system security is to be ensured
• A chain is only as strong as its weakest link
PROGRAM THREATS
• Trojan Horse
• Code segment that misuses its environment
• Exploits mechanisms for allowing programs written by users to be
executed by other users
• Spyware, pop-up browser windows, covert channels
• Trap Door
• Specific user identifier or password that circumvents normal
security procedures
• Could be included in a compiler
• Logic Bomb
• Program that initiates a security incident under certain
circumstances
• Stack and Buffer Overflow
• Exploits a bug in a program (overflow either the stack or memory
buffers)
SYSTEM AND NETWORK THREATS
• Worms – use spawn mechanism; standalone program
• Internet worm
• Exploited UNIX networking features (remote access) and bugs in
finger and sendmail programs
• Grappling hook program uploaded main worm program
• Port scanning
• Automated attempt to connect to a range of ports on one or a range
of IP addresses
• Denial of Service
• Overload the targeted computer preventing it from doing any useful
work
• Distributed denial-of-service (DDOS) come from multiple sites at once
CRYPTOGRAPHY AS A SECURITY TOOL

• Broadest security tool available

• Source and destination of messages
cannot be trusted without
cryptography
• Means to constrain potential senders
(sources) and / or receivers
(destinations) of messages
• Based on secrets (keys)
ENCRYPTION
• Encryption algorithm consists of
• Set of K keys
• Set of M Messages
• Set of C ciphertexts (encrypted messages)
• A function E : K → (M→C). That is, for each k  K, E(k) is a function
for generating ciphertexts from messages
• Both E and E(k) for any k should be efficiently computable functions
• A function D : K → (C → M). That is, for each k  K, D(k) is a
function for generating messages from ciphertexts
• Both D and D(k) for any k should be efficiently computable functions
• An encryption algorithm must provide this essential property: Given a
ciphertext c  C, a computer can compute m such that E(k)(m) = c
only if it possesses D(k).
• Thus, a computer holding D(k) can decrypt ciphertexts to the
plaintexts used to produce them, but a computer not holding D(k)
cannot decrypt ciphertexts
• Since ciphertexts are generally exposed (for example, sent on the
network), it is important that it be infeasible to derive D(k) from
the ciphertexts
SYMMETRIC ENCRYPTION
• Same key used to encrypt and decrypt
• E(k) can be derived from D(k), and vice versa
• DES is most commonly used symmetric block-encryption algorithm
(created by US Govt)
• Encrypts a block of data at a time
• Triple-DES considered more secure
• Advanced Encryption Standard (AES), twofish up and coming
• RC4 is most common symmetric stream cipher, but known to have
vulnerabilities
• Encrypts/decrypts a stream of bytes (i.e., wireless transmission) – e.g..,
WEP
• Key is a input to pseudo-random-bit generator
• Generates an infinite keystream
ASYMMETRIC ENCRYPTION
• Public-key encryption based on each user having two keys:
• public key – published key used to encrypt data
• private key – key known only to individual user used to
decrypt data
• Must be an encryption scheme that can be made public
without making it easy to figure out the decryption scheme
• Most common is RSA block cipher
• Efficient algorithm for testing whether or not a number
is prime
• No efficient algorithm is known for finding the prime
factors of a number
 ASYMMETRIC ENCRYPTION (CONT.)

• Formally, it is computationally infeasible to derive D(kd , N) from E(ke , N), and

so E(ke , N) need not be kept secret and can be widely disseminated
• E(ke , N) (or just ke) is the public key
• D(kd , N) (or just kd) is the private key
• N is the product of two large, randomly chosen prime numbers p and q (for
example, p and q are 512 bits each)
• Encryption algorithm is E(ke , N)(m) = mke mod N, where ke satisfies kekd mod
(p−1)(q −1) = 1
• The decryption algorithm is then D(kd , N)(c) = ckd mod N
CRYPTOGRAPHY (CONT.)

• Note symmetric cryptography based on

transformations, asymmetric based on
mathematical functions
• Asymmetric much more compute
intensive
• Typically not used for bulk data
encryption