1 / 55

Security for Services and Applications

Lecture IKR Universität Stuttgart Telecommunication Software Engineering. Security for Services and Applications. June 11, 2007 Stephan Rupp. Security for services and applications. 1 : Sandbox and middleware Java sandbox, J2ME MIDP, buffer overflows 2 : Common IP security issues

maire
Download Presentation

Security for Services and Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture IKR Universität Stuttgart Telecommunication Software Engineering Security for Services and Applications June 11, 2007 Stephan Rupp

  2. Security for services and applications 1 : Sandbox and middleware Java sandbox, J2ME MIDP, buffer overflows 2 : Common IP security issues Wireless network access Issues in IP networks Technical solutions Procedures to adress security issues 3 : Identity Identity, Authentication and Authorisation Security and privacy requirements Relations of trust

  3. Provides insulating layer between application and resources Application (executable code) Middleware (Sandbox) Operating System Resources Fig. 6-1 The sandbox concept

  4. Midlet Foundation Profile MIDP CDC JVM KVM Java 2 Micro Edition Fig. 6-2 The structure of the Java 2 Micro Edition Mobile phone CLDC

  5. Fig. 6-3 States of a midlet in the container (AMS) new myWorld() pauseApp Paused Active startApp destroyApp destroyApp Destroyed AMS: Application management system

  6. Java Quellcode Download JAD? Compiler JAD File Java Bytecode Download JAR? Preverifyer JAR File Java Bytecode JAD Datei Runtime Verifyer Resources archive Interpreter (KVM) JAR File Fig. 6-4 The build process for Midlets Development System MyWorld.java MyWorld.class MyWorld.jad MyWorld.class manifest jar -m MyWorld.jad, MyWorld.class MyWorldSuite.jar Target System

  7. Pointer may be overwritten by a variable (e.g. unchecked strings) Growth of variables put on stack Growth of Stack Fig. 6-5 Buffer Overflows Process Stack N Frame pointer N-1 frame pointer Stack Frame N Stack pointer (calculated from N frame pointer plus space needed for variables)

  8. Security for services and applications 1 : Sandbox and middleware Java sandbox, J2ME MIDP, buffer overflows 2 : Common IP security issues Wireless network access Issues in IP networks Technical solutions Procedures to adress security issues 3 : Identity Identity, Authentication and Authorisation Security and privacy requirements Relations of trust

  9. Node B RNC IrDA 3G SGSN 3G GGSN UMTS BluetoothAccess Point Bluetooth Intranet Internet WLAN ApplicationServer WLANAccess Point Fig. 6-6 Wireless network access RNC Radio Network Controller SGSN Serving GPRS Support Node GGSN Gateway GPRS Support Node

  10. LocalThreats Threatswithin the network Threats on IT infrastruture Internet Fig. 6-7 Security issues with IP networks MobileNetwork WLAN Access Point GSM/UMTS Server BluetoothDevice Intranet ApplicationServer

  11. Eve Malory Fig. 6-8 Passive attacks and active attacks Passive attack Alice Bob Active attack Alice Bob

  12. Passive attacks have gone wireless: from wire tap to directional antenna Radio: – from large distances – easy to do with: • WLAN • trunk radio • Bluetooth, (IrDA) • wireless keyboards – also from electrical radiation (e.g. Computer Monitors) Wire Tap: – needs physical access – can be noticed (changes of impedance etc.)

  13. Fig. 6-9 From the desk to the pocket - security issues with personal networks ? On the move ? At home ? At work

  14. Technical solutions Basic Concepts: -> Private and public -> Perimeter based protection -> Mobile devices

  15. Availability Confidentiality Integrity Concepts for Secure Systems Redundancy Encapsulation Authorisation Checksums/Signatures Targets Methods

  16. Alice in a secure environment What is Encapsulation? Bob in an unsecure environment

  17. What is Encapsulation? Perimeter Inside = trusted Outside = not trusted • Immune system: • Virus detection • Anti-Virus • Anti-Worm • Anti-Biotics (Reset) Microbe Encapsulation = perimeter based protection (an old and fundamental concept)

  18. Town Gate: control of goods in and out control of people in and out protection against diseases protection against enemies concept of „citizens“ for living within the city Controlled Access OSI . . .

  19. public IP-address Mind back doors! public IP-address space private IP-address space External and internal environments public or foreign network = cannot be trusted Own network = can be trusted public IP-address

  20. Stadttor Firewall Protection by walls Town gate = Controlled access from exterior and within

  21. The right behaviour in public networks There is no protection: What is not intended for the public does not belong into public networks!

  22. Tunnels Access to private networks from public networks What is not intended for the public is communicated through tunnels.

  23. The area in between may be given up in fighting an attack without loosing the complete system. Fortified systems are using inner and outer walls OSI . . . Burg Falkenstein, Luftbild von Westen Abb. aus: H. Lück: Über den Sachsenspiegel, Halle: Verlag Janos Stekovics 1999

  24. exterior wall interior wall Protection - Use of a Lobby Public access is restricted to the lobby Attack Defense Defense Lobby

  25. Connections to exterior dependencies L7 Tunnel (encrypted message) OSI Layer 7 application . . . Layer 3 network L3 Tunnel TCP/IP L2 Tunnel Layer 2 link Layer 1 physical connection

  26. ? So what? Threats by mobile devices - passing by the protective system Mobile Devices

  27. About technical solutions Cryptography is fine, networks are lousy, users are unpredictable. Bruce Schneier Secrets and Lies

  28. Key encryption Ciphered text Sender Plain text Channel Cryptoanalysis decryption Ciphered text Receiver Plain text Fig. 6-12 Encryption

  29. private key public keys Fig. 6-11 Keys and Encyption Alice Bob

  30. Symmetric Encryption Asymmetric Encryption A A B B C D C D About Keys Fast, but distribution of keys difficult Slow, but key distribution solved

  31. Fig. 6-13 Encryption with Triple DES Using 2 keys K1 K2 K1 DES DES-1 DES M C Using 3 keys K1 K2 K3 DES DES-1 DES M C

  32. Fig. 6-14 Encryption with RC4 Plain text Initial value Random Generator Cipher text

  33. Input message Hash Function 128 Bit/ 160 Bit output Hash Functions A hash function (message digest) generates a unique fixed length output to an input message, which * does not allow to reconstruct the input message * changes if the input is modified and thus serves as a signature or identifier. Usage of input message in combination with a key allows to identify the sender and proof of integrity of the message (message authentication code). Most popular algorithms: MD5, SHA-1, RIPE-DM-160

  34. e.g. 7 application 7 application 7 application 7 application FTAM ftp,http, and and 6 presentation 6 presentation SMTP,... utility utility 5 session 5 session 4 transport 4 transport 4 transport 4 transport TCP, UDP IP, ICMP 3 (inter 3 (inter - - )network )network 3 network 3 network PPP 2 data link 2 data link 2 data link 2 data link 1 physical layer 1 physical layer 1 physical layer 1 physical layer ISO OSI model TCP/IP Protocol stacks for connections

  35. Fig. 6-15 Summary of IP related protocols

  36. Fig. 6-16 Secure Sockets (SSL) WWW WWW Application & … Utility HTTP HTTP SSL Secure Socket Layer SSL TCP TCP Transport IP IP Internetwork

  37. new IP ESP - h. IP priv . TCP data ESP - tr. ESP - h. ESP - tr. original packet encrypted Authentication Fig. 6-17 IP Sec

  38. Remoteaccess service,RAS dependencies, site-to-site,Intranet Extranetto suppliers and customers Fig. 6-18 IP-VPNs Basicconfigurations:

  39. Location based andcustomer specific data Standards ContentProvider Supplier Standards, same level of security as telephone lines Digital rights, no illegal copies ServiceProvider Network-Operator Exact accounting, service availability No attacks & viruses,correct accounting,end-to-end security anonymity Government seamless surveillance User Fig. 6-19 Different parties have different agendas conflicting interests! Network

  40. Security for services and applications 1 : Sandbox and middleware Java sandbox, J2ME MIDP, buffer overflows 2 : Common IP security issues Wireless network access Issues in IP networks Technical solutions Procedures to adress security issues 3 : Identity Identity, Authentication and Authorisation Security and privacy requirements Relations of trust

  41. identity card ? person Fig. 6-20 Identity, Authentication and Authorisation Authentication: match between person and proof of identity (e.g. check passport or identity card) Authorisation: grant access to services for an identified person (such as let pass or hand out airline ticket) customs, ticket counter, ...

  42. profile credit standing,security level,etc. environment identityproof knowledge role 1234 access toservicesgranted personalcharacteristics ID server Fig. 6-21 Identity - basic concepts credentials stored identity ? to know,to have,to be

  43. certified document Proof of Identity and proof of origin Authority (Ida) document User (Alice) proof of identity Credentials: • A secret you know (UserID/Passwort, ...) • Token (ID-Card, Smartcard, SIM, ...) • Biometrical features

  44. Certificate Ida Alice Certificates public key Autorität (Ida) Nutzer (Alice) proof of identity Certificate: Ida certifies, that this public key belongs to Alice

  45. Document Signature of the document *) Ida Alice Certificate Proof of origin and identity for documents Bob does not know Alice Alice Bob trusts the Certificate if Ida and may check, that: • the document originates from Alice • the document has not been tampered with (has not been manipulated) *) Signature: a checksum of the document (hash value), which is signed with the private key of Alice

  46. Request: secure connection Certificate Ida Bank Session Key (encrypted) Encrypted Connections (SSL-Tunnels) User Bank The user takes the public key from the certificate provided by the bank to encrypt a symmetric session key, which is transmitted to the bank. Data (i.e. HTML documents) are encrypted with the symmetric session key.

  47. Certificates according to the X.509 standard need hierarchical trust relations. Certificates according to PGP (bzw. GnuPG) support networks of trust. Networks of Trust

  48. Software Signature Ida Alice Certificate ? What about signed trojan horses? A Sandbox for Applications Only trusted applications get access to the system and its resources. Software/Code = document. Application (executable Code) Sandbox Operating System Resources (Network, File System, ...) Trust based on certificates: • Software originates from a trusted source • Software has not been tampered with

  49. profiles fornew services usercredentials IDprovider serviceprovider mobile network Fig 6-22 Identity - roles and environment

  50. Fig. 6-23 Identity - Liberty Alliance Framework

More Related