1 / 35

20-771: Computer Security Lecture 6: Privacy, CSP & Review

20-771: Computer Security Lecture 6: Privacy, CSP & Review. Robert Thibadeau School of Computer Science Carnegie Mellon University Institute for eCommerce, Fall 2002. Today’s lecture. Unix Access Nestor 30 th . XML and XML Security. This Week. Mid Term on Wednesday Essay / Closed Book!

sileas
Download Presentation

20-771: Computer Security Lecture 6: Privacy, CSP & Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 20-771: Computer SecurityLecture 6: Privacy, CSP & Review Robert Thibadeau School of Computer Science Carnegie Mellon University Institute for eCommerce, Fall 2002

  2. Today’s lecture • Unix Access • Nestor 30th. XML and XML Security

  3. This Week Mid Term on Wednesday Essay / Closed Book! Know IPAAA(A) and be ready to analyze and synthesize using it. Know Crypto Elements and be able to use them. Know how a X.509v3 Cert works as a Device Know TLS – DH vs RSA Know Unix Access Model Have done your Linux Task

  4. The How-Toof Computer Security • Integrity – Is it what it represents itself to be? • Privacy – Is it hidden from those without a right to see it? • Authentication – Is it from who it pretends to be from? • Authorization – Is it provided to who it is supposed to be provided to? • Auditability – Do I have a record of how it was used? • Availability – Is it there (Usually Integrity…)? It: the service or the total data, program, machine, facility, network that is secure – whose intention is being protected.

  5. IPAAAAfor messages • Integrity (message integrity : it is the message sent or the one it was) • Privacy (message is secret : it can’t be spied) • Authentication (source and recipient are who they say they are) • Authorization (recipient is permitted to read : source is permitted to send) • Auditability (the message can be proven to be passed successfully) • Availability? (the message was not blocked in passage)

  6. IPAAAAfor Login Access • Integrity • (login integrity : it is the login it pretends to be – change in transit or trojan horse login) • Privacy • (login is secret : it can’t be spied) • Authentication • (source is who he says he is?) • Authorization • (login accomplishes access permissioning perfectly?) • Auditability • (do I have a record?) • Availability? • (does it reliably take the login and reliably give you access?)

  7. Other things to Secure?

  8. Crypto Toolkit PUBLIC KEY ONE KEY OPENS OTHER KEY CLOSES ONE KEY PUBLIC ONE KEY PRIVATE Also called “asymmetric” and “trap door” PUBLIC KEY Send ONLY TO YOU (public key closes) PUBLIC KEY - SIGNING Receive ONLY FROM ME (public key opens) PRIVATE KEY Very Fast – Very Very Secure if Key, 128 bits, Used Once PRIVATE KEY ONE KEY OPENS AND CLOSES Also called “symmetric” PRIVATE KEY Takes care of all problems if you know only you and me have the key. HASH FUNCTION MAKES ANYTHING ONE SIZE Also called “digest” HASH FUNCTION If Signed Proves: INTEGRITY and AUTHENTICITY CHALLENGE RESPONSE CHALLENGE RESPONSE Proves you know something RIGHT NOW

  9. X.509v3 Self Signed Certificate Authorities Device Authorities Other Authorities (Program, Mail, etc.)

  10. Microsoft CAPI/CSP • Cryptographic Application Program Interface (CAPI) • Cryptographic Service Provider (CSP) • Windows Logon • File Encryption/Decryption • IPSec (IP Security Protocol) – virtual private network • SSL/TLS – HTTPS • Authenticode • CAPI is the only thing allowed to call the CSP • CSP can also be replaced with crypto hardware, including smart cards (smart cards are CSPs.) • Unix/Java world: RSA PKCS#11 Cryptoki Protocol (same as CSP).

  11. CSPISO 7816 + PC/SC ICC Smartcard PC or Server Interface Device (IFD) IFD Handler ICC Resource Manager ICC (Integrated Circuit Card) Service Manager (CSP) Interface Device (IFD) IFD Handler Crypto API ICC (Integrated Circuit Card) Windows and other Applications

  12. CSP Functions • CPAcquireContext Takes in table of function pointers and string identifying CSP container name. Returns handle to CSP for use by all other CSP.DLL functions. • CPReleaseContext Releases context referred to by hProv handle. (Disconnects from CSP.) • CPGenRandom Fills buffer with cbLen random bytes. • CPGenKey Takes algorithm identifier for algorithm that will use this key. Generates and returns handle to a new key. • CPDeriveKey Generates cryptographic session key using a hash of base data. Returns key handle, given handle to base data and an algorithm ID. • CPDestroyKey Destroys key referenced by hKey handle.

  13. CSP • CPEncrypt/CPDecrypt Takes data, key handle, and optional hash handle. Encrypts or decrypts data in buffer. • CPCreateHash Takes algorithm ID and optional key handle. Returns handle to hash object. • CPHashData Hashes data buffer using hash object hHash. • CPHashSessionKey Similar to CPHashData, but hashes key referenced by hKey instead of a raw data buffer. • CPSignHash Takes signing key pair (dwKeySpec) and hash object (hHash), returns signed hash in a data buffer. • CPDestroyHash Destroys hash object referenced by hHash. • CPVerifySignatureTakes public key, hash object, and signature data buffer. Verifies signature and returns Boolean response (valid signature or not).

  14. CSP • CPGetUserKey Gets a handle to a permanent user key, given key specification (dwKeySpec). • CPExportKey Securely exports key (hKey) in a blob encrypted with the public exchange key (kPubKey) • CPImportKey Takes key blob and handle to exchange public key of destination user. Returns handle to imported key.

  15. CSP Parameters • (p)hProv Handle to Cryptographic Service Provider. Required in all CSP.DLL functions. • (p)hKey Handle to a cryptographic key. Can be generated, derived or imported. Can be destroyed, exported, or have its parameters modified. Used to encrypt, decrypt, and create hashes. • (p)hHash Handle to hash object. Used in encrypt, decrypt, and signature/verification functions. • hBaseData Data used to derive session key in CPDeriveKey. • hPubKey Public exchange key for key blob import and export, and signature verification. • Algid Specifies algorithm for generating or deriving keys, or creating hashes. For session keys: RC2, RC4, or DES. For key pairs, EXCHANGE or SIGNATURE (key pair type).  • dwBlobType Specifies type of key blob to create when exporting a key. SIMPLE, PUBLICKEY, PRIVATEKEY, or OPAQUEKEY. • dwKeySpec Specifies EXCHANGE or SIGNATURE, the type of key pair to be used. Used to sign hash and to get a permanent user key pair. • pbSignature/(p)cbSigLen Signature data buffer and length, used for signing and verification of hashes. • szDescription Description of data to be signed or verified. Use not recommended. • phUserKey Handle to a permanent user key. • szContainer String identifying CSP container name to acquire (used for acquiring CSP context). • pVTable Table of pointers (VtableProvStruct) to callback functions (used for acquiring CSP context). • cbBufLen/cbLen/pbBuffer/pbData/(p)cbDataLen Buffers and lengths for various different purposes  • dwFlags Flags to customize operation of most CSP functions. Purpose differs for each function. • dwParam Specifies parameter to get or change. Usually sets or uses values in a data buffer.

  16. Windows, Unix, etc etc… Assume the Host can be Trusted Trojans Don't Exist?

  17. Break!

  18. InformationPrivacy • Law • Technology No matter how much you want to, you can’t get technology out of privacy or the law out of privacy

  19. Reasons • There is no technically perfect solution possible : Thomas Jefferson’s notion of public and private. • Therefore the Law becomes Indispensible • Technology – actually the computer – will always surprise you : The Turing Principle • Therefore Technology cannot be frozen to a form • Technology – you need locks on the doors and policing of the laws • This requires Technology

  20. The Cookies Privacy Violation Technology will Surprise You DoubleClick A Web Page has many Objects on it Each Object can put a cookie on your machine

  21. Reasons • There is no technically perfect solution possible : Thomas Jefferson’s notion of public and private. • Therefore the Law becomes Indispensible • Technology – actually the computer – will always surprise you : The Turing Principle • Therefore Technology cannot be frozen to a form • Technology – you need locks on the doors and policing of the laws • This requires Technology

  22. Core Privacy Technology :Digital Contracts • Technologists agreeing that there is no option but to have digital contracts • Digital contracts can become the practice from which law evolves • So the “Liability Regime” and the “Contract Regime” actually go hand in hand from a technology perspective. P3P (www.w3.org/p3p) Semantics for the contract – what information, for what intended use, what will be done with it, what are my remedies,

  23. PI Container (PIC) PI Contract Intended Use Policies Conditions Permissions PI Credentials Identity Credentials Signature ISTPA.org Framework

  24. Legal, Regulatory, and Policy Context Data Subject Data Requestor Security Foundation Agent Agent Interaction Interaction Negotiation Negotiation Control Control Usage PIContainer(PIC) PI, Preferences & PIC Repository PIC Repository Assurance Services Validation Certification Audit Enforcement ISTPA.org Framework

  25. Privacy Server Protocol at CMUhttp://yuan.ecom.cmu.edu/psp • bilateral and negotiated agreements between client and server using HTTP or HTTPS. • agreements that have scope in time (a start and expiration), • agreements that have scope over digital and non-digital interactions (including mail and phone contacts), • agreements that cannot be repudiated • agreements that can be indexed by the server using server-onlyPrivacy Universal Identifiers (PUIDs). 

  26. More Review

  27. Access • User and Group Access Rights is the Basis for Unix Security AND Windows 2000 Security! • Read, Write, Execute on a file/directory/device • The biggest TCO (total cost of ownership) in a computer system is administering and working with access control. • Because things just don’t work until you get the access rights working properly • People think it is something wrong with the program when it is really just the security environment that is set wrong. • A GREAT REASON to REALLY LEARN YOUR ACCESS CONTROL SYSTEM!

  28. Bits • 010 = 2 =~ 020 (if you know these are bits!) • 100 = 4 =~ 400 • 4577 (100 101 111 111) • 4755 (100 111 101 101) – very common for executables

  29. Unix Access Protections • What has access protections u-rwx g-rwx o-rwx? • Files • Directories • Devices (/dev/) • Programs (must have execute bit set). • All these have ONE user and ONE group that owns them. • Each User is ONE user and ONE DEFAULT group but many group memberships. • Types of protections applied when creating/modifying • User : rwx (u-rwx, -rwx------, or 0700) • Group : rwx (g-rwx, ----rwx---, or 0070) – other members of user’s group • Other : rwx (o-rwx, -------rwx, or 0007) • A directory : d (d--------- -> set automatically by file system) • SGID : (-----s--- or 2000) inherit group protections • umask 002 : automatically let everybody in group rwx • Need private user group : user mary, group mary if umask 002 not 022. • A user can be a member of many groups but only the primary defaults to write unless directory permission is set to overcome user permission (sgid bit set on directory). • When access is provided to a group, every member gets it.

  30. Special 7 sst User u 7 rwx Group g 7 rwx Other o 7 rwx Unix Access Control Model Access Control List/Vector File rw(x/s)rwxrw(x/t) User a YOU! Group b User a Directory drwxrw(x/s)rwx User a Group a Group b Group b.. Devices Some-other-time.. umask 022 Execute Create Delete x

  31. Access Control Commands • ls –l ; shows ACLs on files, directories, devices • chmod o+rw file ; changes ACL on files, directories, devices • groupadd group ; adds a group • gpasswd –a user group ; adds a user to a group • chgrp user group ; changes the DEFAULT group of a user. • touch file ; causes your ownership to go to file • umask 002 ; changes your creation mask

  32. Special Bits do ONE thing eachdrwsrwsrwt • 4 Set User ID : causes an executable file (a program) to go into the access permissions of the owner of the file (note, group or OTHER could execute it!) not the person executing it. • 2 Set Group ID : causes a new file that is being created in a directory to have the group ID of the directory, not the person (User) that is creating the file. • 1 Sticky Bit : Causes a new file that is being created in a directory to not be deletable by just anybody in that directory but by the user who created the file. The file is ‘sticky’ because not-just-anybody can delete it.

  33. umask • Applies only when you are creating (touching, modifying) a file (directory, device…) • 022 is the general default : only you can write a file but everybody else can read and execute it. It is a mask on the file settings given by environment. • 002 lets everybody in your group write the file. • 000 lets everybody write the file. • 277 lets only you read and execute (safety) • Just type “umask 277” in a shell window and now when you make a file, it will have these attributes.

  34. Special Unix Users • Root  can do anything except when he has protected himself, but he can change the self protections • User -> can do what he is allowed to do by his who he is, his group memberships, and the file/directory/device ACLs • Special Groups -> wheel

  35. Some Peso default user-groups/etc/group • GROUP : passwd : GID : user list • root:*:0:maint,operator,root,sync • bin:*:1:bin,anon,daemon,root • daemon:*:2:bin,daemon,root • sys:*:3:bin,adm,root • adm:*:4:adm,daemon,root • lp:*:7:lp,daemon • wheel:*:10:root • mail:*:12:mail,mmdf • opr:*:13:halt,opr,reboot,shutdown,news • news:*:13:halt,opr,reboot,shutdown,news • uucp:*:14:uucp

More Related