Beruflich Dokumente
Kultur Dokumente
Mail info@kerckhoffs-institute.org to register otherwise lecturers at the other universities may not know you
Register officially with TU/e, RUN & UT otherwise your marks cannot be transferred
Regularly check www.kerckhoffs-institute.org/ otherwise you may not be up to date on the schedules
Did you take Algebra & Security as homologation? otherwise you may not be able to pass Cryptography I
Join the Kerckhoffs student association Auguste otherwise you will not be able to make friends with all your peers Join the mailing list http://mailman.science.ru.nl/mailman/listinfo/kerckh offs-students otherwise we will not be able to reach you.
12-11-1966 Kerckhoffs Institute - design template
Overview
Course organisation Definitions Design Cryptography
Security Protocols
Coursework
[And08] R. J. Anderson. Security Engineering: A guide to building dependable distributed systems. John Wiley & Sons Inc, New York, Second edition, 2008. http://www.cl.cam.ac.uk/~rja14/book.html [Sch04b] B. Schneier. Secrets and Lies: Digital Security in a Networked World. Wiley Publishing Inc, Indianapolis, Indiana, second edition, 2004. http://www.schneier.com/book-sandl.html IntroSec 3
Course Organisation
Course objectives
Learn about the most important concepts in computer security Be able to appreciate the role of security techniques in an overall security approach
IntroSec
Assessment
Written examination (50%) Social Engineering Experiment (25%) Stage I: Physical penetration testing (24%) Stage II: Digital penetration testing (1%) Paper for mini conference (25%) Team of three Peer review Mark set by students and moderator 5 best papers presented at mini conf. Prize for best presentation Exceptionally: Paper + experiment (50%)
6
IntroSec
Survey
Have you taken any of these? TU/e: Security (3ec/2IS05) RU: Security (3ec/I00086 or 6ec/IBI002) UT: Network security (5ec/265400) Something else that is relevant?
IntroSec
http://dies.cs.utwente.nl/~pieter/IntroSec
# Meeting
1
2 3 4 5 6 7 8 10 11 12 13
8
Introduction (Definitions)
Biometrics (Fingerprint, Face) Physical (Smart card, RFID, PUF) Software (Java, Java Card, PCC) Storage (Database, Disk) Network (Internet, WSN) Crime Science Pentesting (Guest Lecturer) Written Examination Paper assignment meeting Program committee meeting Mini conference
IntroSec
Definitions
countermeasures5
vulnerabilities4
leading to
threat agents7
give rise to
that exploit
risk3
to
that increase
threats6
to
assets2
[ITSEC05] Information technology security techniques evaluation criteria for IT security part 1: Introduction and general model. International Standard ISO/IEC 15408-1, ISO/IEC, Oct 2005. http://standards.iso.org/ittf/PubliclyAvailableStandards/c040612_ISO_IEC_15408-1_2005(E).zip IntroSec 10
Definitions
Availability: authorised users want the computer/system to work as they expect it to, when they expect it to Reliability: the ability of a system or component to perform its required functions under stated conditions for a specified period of time Safety: being protected against non-desirable events (not specifically malicious) Confidentiality: to stop unauthorised users from reading sensitive information Integrity: Every data item/system component is as the last authorised modifier left it Maintainability: ease with which a software product can be modified Authorisation requires authentication and audit!
11
IntroSec
Dependability
Security
[Avi04] A. Aviienis, J.-C. Laprie, B. Randell, and C. Landwehr. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. on Dependable and Secure Computing, 1(1):1133, Jan 2004. http://doi.ieeecomputersociety.org/10.1109/TDSC.2004.2
12
IntroSec
Principal Source
Do Operation
request
Reference Monitor
Object
guard resource Audit log Authentication: determine who makes request Authorisation: determine who is trusted to do which operation on an object Auditing: make it possible to determine what happened and why
[Lam04] B. W. Lampson. Computer security in the real world. IEEE Computer, 37(6):37-46, Jun 2004. http://doi.ieeecomputersociety.org/10.1109/MC.2004.17 IntroSec 13
14
IntroSec
Design
Goals
Good: As secure as the real world [Lam04] Defense in depth Be explicit about: naming, typing, freshness, assumptions, goals, limitations etc [And95a] Bad: Design security as an afterthought Security by obscurity [Ker1883] Make it complicated
[Ker1883] A. Kerckhoffs. La cryptographie militaire. J. des Sciences Militaires, IX:5-38, Jan 1883. http://www.petitcolas.net/fabien/kerckhoffs/ IntroSec 16
Tools
Assurance does it work? Risk management Protocol verification Policy what is supposed to happen? Access control Mechanisms how should it happen? Tamper resistance Biometrics Cryptography, Hashing, Random numbers But first an attack...
17
IntroSec
Attacks
Definition: a successful exploitation of a vulnerability Examples: Attacker shuts you out by trying to log in as you Cold boot attack (watch the movie)
[Hal08] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold boot attacks on encryption keys. In 17th USENIX Security Symp., pp 45-60, San Jose, California, Jul 2008. USENIX Association. http://citp.princeton.edu/memory/
18
IntroSec
Cryptography
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Chapter 1 of Handbook of applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/
Algorithms + keys
Cipher (aka cryptosystem) Public algorithm + Secret keys
attack encrypt
sdwr$350 decrypt
gfd6#Q attack
20
IntroSec
Symmetric ciphers
Public algorithm + one secret key Standard algorithms: DES, AES Example: one time pad
01011001 01010101 ----------------XOR Message Secret key
00001100
01010101 ----------------01011001
21
IntroSec
Cipher text
Secret key XOR Decrypted message
Asymmetric ciphers
Public algorithm+private key+public key Standard algoritms: RSA, El Gamal Example: El Gamal Multiplicative group Zn*={1...n-1} Prime n, generator g All calculations Private key: x Zn* modulo n x Public key: h=g Salt: yRZn* Enc(m,h): (c,d) = (mhy, gy) Dec((c,d),x): c/dx Exercise: prove that this works...
22
IntroSec
Random numbers
Pseudo random in SW True random in HW Standard statistical tests NIST web site For example Linear Congruential Method r0 = s rn+1=(a rn+c) mod m Cyclic Deterministic
23
IntroSec
Hash functions
Map arbitrary bit string to fixed size output Easy to calculate for given input Practically impossible to invert Extremely unlikely that two inputs give the same hash For example Knuths variant on Division Hash(n) = n(n+h) mod m Try it out
24
IntroSec
Visual Cryptography
[Nao97] M. Naor and B. Pinkas. Visual authentication and identification. In Burton S. Kaliski Jr., editor, 17th Int. Conf. on Advances in Cryptology (CRYPTO), volume LNCS 1294, pages 322336, Santa Barbara, California, Aug 1997. Springer. http://www.springerlink.com/content/ghv31wm0pexkd3kq/ IntroSec 25
Security Protocols
[And95a] R. J. Anderson and R. Needham. Programming satan's computer. In J. van Leeuwen, editor, Computer Science Today, volume LNCS 1000, pages 426-440. Springer, 1995. http://dx.doi.org/10.1007/BFb0015258
Definitions
Sequence of communications by two or more parties to achieve security objective(s) Not like this:
A B:
B A: A B:
A
Enter password: $R%&^8!
Hi, Im Alice
Prove It! Heres the proof
27
IntroSec
Eve cannot: Solve hard problems Guess pseudo-random values (eg. nonces) Get another identity (identity theft) Time computations
What to do: Make everything explicit
28
IntroSec
Design is hard
Security protocols are three line programs that people still manage to get wrong (Roger Needham)
[Low96] G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key protocol using FDR. In 2nd Int. Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume LNCS 1055, pages 147-166, Passau, Germany, Mar 1996. Springer. http://dx.doi.org/10.1007/3-540-61042-1_43 IntroSec 29
Hi, Im Alice
B A:
A B:
Enc(Nb,PKa)
Nb
Prove It!
Heres the proof
Whats the problem with this? The nonce Nb leaks, so it cannot be used to secure the session
30
IntroSec
Hi, Im Alice
B A:
A B:
Enc(Nb,PKa)
Enc(Nb,PKb)
Prove It!
Heres the proof
Hi, Im Alice
B A:
A B:
Enc({B,Nb},PKa)
Enc(Nb,PKb)
Prove It!
Heres the proof
Hi, Im Alice
BEA:
Enc({B,Nb},PKa)
32
IntroSec
Conclusions
Consider the system as a whole Know your enemy Be explicit Use standard tools
33
IntroSec
Coursework
[Lev88] R. Levin and D. D. Redell. An evaluation of the ninth SOSP submissions or how (and how not) to write a good systems paper. SIGGRAPH Comput. Graph., 22(5):264-266, Oct 1988. http://doi.acm.org/10.1145/378267.378283 [Sch09a] S. E. Schechter. Common pitfalls in writing about security and privacy human subjects experiments, and how to avoid them. technical report, Microsoft Research, 2009. http://cups.cs.cmu.edu/soups/2010/howtosoups.pdf [Pey93b] S. L. Peyton Jones, R. J. M. Hughes, and J. Launchbury. How to give a good research talk. ACM SIGPLAN Notices, 28(11):9-12, Nov 1993. http://doi.acm.org/10.1145/165564.903972
Penetration test
Stage I and III : gain possession of a marked notebook on the UT campus by using social engineering. Stage II : capture a number of flags on a remote server by using standard penetration testing tools. Paper : solve a problem and validate the solution.
35
IntroSec
Paper topics
1. Ranking Attack Scenarios 2. Ethics in Physical Penetration Testing 3. The Personal Chief Security Officer 4. Efficient Implementation of Searchable Encryption 5. Data-based Access Control
36
IntroSec
37
IntroSec