introduction to information security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Introduction to Information Security PowerPoint Presentation
Download Presentation
Introduction to Information Security

Loading in 2 Seconds...

play fullscreen
1 / 109

Introduction to Information Security - PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on

Introduction to Information Security. Mark Stamp Department of Computer Science San Jose State University stamp@cs.sjsu.edu. The Cast of Characters. Alice and Bob are the good guys. Trudy is the bad guy. Trudy is our generic “intruder”. Alice’s Online Bank.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Introduction to Information Security' - jontae


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introduction to information security
Introduction toInformation Security

Mark StampDepartment of Computer ScienceSan Jose State Universitystamp@cs.sjsu.edu

Intro to Information Security 1

the cast of characters
The Cast of Characters
  • Alice and Bob are the good guys
  • Trudy is the bad guy
  • Trudy is our generic “intruder”

Intro to Information Security 2

alice s online bank
Alice’s Online Bank
  • Alice opens Alice’s Online Bank (AOB)
  • What are Alice’s security concerns?
  • If Bob is a customer of AOB, what are his security concerns?
  • How are Alice and Bob concerns similar? How are they different?
  • How does Trudy view the situation?

Intro to Information Security 3

slide4
CIA
  • Confidentiality, Integrity and Availability
  • AOB must prevent Trudy from learning Bob’s account balance
  • Confidentiality: prevent unauthorized reading of information

Intro to Information Security 4

slide5
CIA
  • Trudy must not be able to change Bob’s account balance
  • Bob must not be able to improperly change his own account balance
  • Integrity: prevent unauthorized writing of information

Intro to Information Security 5

slide6
CIA
  • AOB’s information must be available when needed
  • Alice must be able to make transaction
    • If not, she’ll take her business elsewhere
  • Availability: Data is available in a timely manner when needed
  • Availability is a “new” security concern
    • In response to denial of service (DoS)

Intro to Information Security 6

beyond cia
Beyond CIA
  • How does Bob’s computer know that “Bob” is really Bob and not Trudy?
  • Bob’s password must be verified
    • This requires some clever cryptography
  • What are security concerns of pwds?
  • Are there alternatives to passwords?

Intro to Information Security 7

beyond cia1
Beyond CIA
  • When Bob logs into AOB, how does AOB know that “Bob” is really Bob?
  • As before, Bob’s password is verified
  • Unlike standalone computer case, network security issues arise
  • What are network security concerns?
  • Protocols are critically important
  • Crypto also important in protocols

Intro to Information Security 8

beyond cia2
Beyond CIA
  • Once Bob is authenticated by AOB, then AOB must restrict actions of Bob
    • Bob can’t view Charlie’s account info
    • Bob can’t install new software, etc.
  • Enforcing these restrictions is known as authorization
  • Access control includes both authentication and authorization

Intro to Information Security 9

beyond cia3
Beyond CIA
  • Cryptography, protocols and access control are implemented in software
  • What are security issues of software?
    • Most software is complex and buggy
    • Software flaws lead to security flaws
    • How to reduce flaws in software development?

Intro to Information Security 10

beyond cia4
Beyond CIA
  • Some software is intentionally evil
    • Malware: computer viruses, worms, etc.
  • What can Alice and Bob do to protect themselves from malware?
  • What can Trudy do to make malware more “effective”?

Intro to Information Security 11

beyond cia5
Beyond CIA
  • Operating systems enforce security
    • For example, authorization
  • OS: large and complex software
    • Win XP has 40,000,000 lines of code!
    • Subject to bugs and flaws like any other software
    • Many security issues specific to OSs
    • Can you trust an OS?

Intro to Information Security 12

my book
My Book
  • The text consists of four major parts
    • Cryptography
    • Access control
    • Protocols
    • Software

Intro to Information Security 13

cryptography
Cryptography
  • “Secret codes”
  • The book covers
    • Classic cryptography
    • Symmetric ciphers
    • Public key cryptography
    • Hash functions
    • Advanced cryptanalysis

Intro to Information Security 14

access control
Access Control
  • Authentication
    • Passwords
    • Biometrics and other
  • Authorization
    • Access Control Lists (ACLs) and Capabilities
    • Multilevel security (MLS), security modeling, covert channel, inference control
    • Firewalls and Intrusion Detection Systems

Intro to Information Security 15

protocols
Protocols
  • Simple authentication protocols
    • “Butterfly effect” --- small change can have drastic effect on security
    • Cryptography used in protocols
  • Real-world security protocols
    • SSL, IPSec, Kerberos
    • GSM security

Intro to Information Security 16

software
Software
  • Software security-critical flaws
    • Buffer overflow
    • Other common flaws
  • Malware
    • Specific viruses and worms
    • Prevention and detection
    • The future of malware

Intro to Information Security 17

software1
Software
  • Software reverse engineering (SRE)
    • How hackers “dissect” software
  • Digital rights management
    • Shows difficulty of security in software
    • Also raises OS security issues
  • Limits of testing
    • Open source vs closed source

Intro to Information Security 18

software2
Software
  • Operating systems
    • Basic OS security issues
    • “Trusted” OS requirements
    • NGSCB: Microsoft’s trusted OS for PC
  • Software is a big security topic
    • Lots of material to cover
    • Lots of security problems to consider

Intro to Information Security 19

think like trudy
Think Like Trudy
  • In the past, no respectable sources talked about “hacking” in detail
  • It was argued that such info would help hackers
  • Very recently, this has changed
    • Books on network hacking, how to write evil software, how to hack software, etc.

Intro to Information Security 20

think like trudy1
Think Like Trudy
  • Good guys must think like bad guys!
  • A police detective
    • Must study and understand criminals
  • In information security
    • We want to understand Trudy’s motives
    • We must know Trudy’s methods
    • We’ll often pretend to be Trudy

Intro to Information Security 21

think like trudy2
Think Like Trudy
  • Is all of this security information a good idea?
  • “It’s about time somebody wrote a book to teach the good guys what the bad guys already know.” --- Bruce Schneier

Intro to Information Security 22

think like trudy3
Think Like Trudy
  • We must try to think like Trudy
  • We must study Trudy’s methods
  • We can admire Trudy’s cleverness
  • Often, we can’t help but laugh at Alice and Bob’s stupidity
  • But, we cannot act like Trudy

Intro to Information Security 23

security books
Security Books

Intro to Information Security 24

security books1
Security Books
  • Security Engineering: A Guide to Building Dependable Distributed Systems, Anderson, John Wiley & Sons, Inc., 2001
  • Plusses
    • Highly readable/entertaining
    • Case studies
    • Emphasis on human factors
  • Minuses
    • Glosses over technical issue
    • Not a textbook

Intro to Information Security 25

security books2
Security Books
  • Network Security: Private Communication in a Public World, second edition, Kaufman, Perlman, and Speciner, Prentice Hall, 2002
  • Plusses
    • Solid on protocols
    • Brief but good on crypto
  • Minuses
    • No software, access control
    • Too much RFC detail

Intro to Information Security 26

security books3
Security Books
  • Security in Computing, third edition, Pfleeger and Pfleeger, Prentice Hall, 2003
  • Plusses
    • Good on OS topics
    • OK on software topics
  • Minuses
    • Dated
    • Boring

Intro to Information Security 27

security books4
Security Books
  • Applied Cryptography: Protocols, Algorithms and Source Code in C, Second Edition, Schneier, John Wiley & Sons, Inc., 1995 (2nd edition)
  • Plusses
    • Encyclopedic
    • Widely used
  • Minuses
    • Crypto only
    • Sloppy in places

Intro to Information Security 28

security books5
Security Books
  • Computer Security, Gollmann, John Wiley & Sons, Inc., 1999
  • Plusses
    • Chapter 8: How things go wrong
    • Good on security modeling
  • Minuses
    • Mostly theoretical
    • No software/limited topics

Intro to Information Security 29

security books6
Security Books
  • Computer Security: Art and Science, Bishop, Addison Wesley, 2003
  • Plusses
    • Security modeling
    • Theory
  • Minuses
    • Theory, theory, and more theory
    • As much fun to read as a calculus textbook

Intro to Information Security 30

security books7
Security Books
  • Fundamentals of Secure Computer Systems, Tjaden, Franklin, Beedle, and Associates, 2003
  • Plusses
    • Intrusion detection systems
    • Good general approach
  • Minuses
    • Weak crypto, software, protocols
    • Good approach, not well executed

Intro to Information Security 31

security books8
Security Books
  • Cryptography and Network Security: Principles and Practice, 3rd edition, Stallings, Prentice Hall, 2002
  • Plusses
    • Some OK protocols material
  • Minuses
    • Lots of pointless facts
    • Not coherent

Intro to Information Security 32

hacker books
“Hacker” Books
  • Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Skoudis, Prentice Hall, 2001
  • Shellcoder’s Handbook: Discovering and Exploiting Security Holes, Koziol et al, Wiley, 2004
  • Hacker Disassembling Uncovered, Kaspersky, A-List, 2003
  • Reversing: Secrets of Reverse Engineering, Eilam, Wiley, 2005

Intro to Information Security 33

my book1
My Book
  • Information Security: Principles and Practice, Stamp, John Wiley & Sons, Inc., 2005
  • Plusses
    • Too many to list…
  • Minuses
    • Can’t think of any…

Intro to Information Security 34

crypto
Crypto

Intro to Information Security 35

crypto topics
Crypto Topics
  • Crypto Basics
  • Symmetric ciphers
    • Stream ciphers, Block ciphers
  • Public key crypto
    • Knapsack, RSA, DH, ECC, signatures, etc.
  • Hash functions
  • Advanced cryptanalysis

Intro to Information Security 36

crypto1
Crypto
  • Cryptology  The art and science of making and breaking “secret codes”
  • Cryptography making “secret codes”
  • Cryptanalysis breaking “secret codes”
  • Crypto all of the above (and more)

Intro to Information Security 37

how to speak crypto
How to Speak Crypto
  • A cipher or cryptosystem is used to encrypt the plaintext
  • The result of encryption is ciphertext
  • We decrypt ciphertext to recover plaintext
  • A keyis used to configure a cryptosystem
  • A symmetric key cryptosystem uses the same key to encrypt as to decrypt
  • A public key cryptosystem uses a public key to encrypt and a private key to decrypt (sign)

Intro to Information Security 38

crypto2
Crypto
  • Basis assumption
    • The system is completely known to the attacker
    • Only the key is secret
  • Also known as Kerckhoffs Principle
    • Crypto algorithms are not secret
  • Why do we make this assumption?
    • Experience has shown that secret algorithms are weak when exposed
    • Secret algorithms never remain secret
    • Better to find weaknesses beforehand

Intro to Information Security 39

crypto as black box
Crypto as Black Box

key

key

encrypt

plaintext

plaintext

decrypt

ciphertext

Intro to Information Security 40

taxonomy of cryptography
Taxonomy of Cryptography
  • Symmetric Key
    • Same key for encryption as for decryption
    • Stream ciphers
    • Block ciphers
  • Public Key
    • Two keys, one for encryption (public), and one for decryption (private)
    • Digital signatures --- nothing comparable in symmetric key crypto
  • Hash algorithms

Intro to Information Security 41

taxonomy of cryptanalysis
Taxonomy of Cryptanalysis
  • Ciphertext only
  • Known plaintext
  • Chosen plaintext
    • “Lunchtime attack”
    • Protocols might encrypt chosen text
  • Adaptively chosen plaintext
  • Related key
  • Forward search (public key crypto only)
  • Etc., etc.

Intro to Information Security 42

symmetric key crypto
Symmetric Key Crypto
  • Stream cipher --- like a one-time pad
    • Key is relatively short
    • Key is stretched into a long keystream
    • Keystream is then used like a one-time pad
  • Block cipher --- based on codebook concept
    • Block cipher key determines a codebook
    • Each key yields a different codebook
    • Employ both “confusion” and “diffusion”

Intro to Information Security 43

block cipher notation
Block Cipher Notation
  • P = plaintext block
  • C = ciphertext block
  • Encrypt P with key K to get ciphertext C
    • C = E(P, K)
  • Decrypt C with key K to get plaintext P
    • P = D(C, K)

Intro to Information Security 44

block cipher modes
Block Cipher Modes
  • Many modes of operation
    • We discuss two
  • Electronic Codebook (ECB) mode
    • Obvious thing to do
    • Encrypt each block independently
    • There is a serious weakness
  • Cipher Block Chaining (CBC) mode
    • Chain the blocks together
    • More secure than ECB, virtually no extra work

Intro to Information Security 45

ecb mode
ECB Mode
  • Notation: C=E(P,K)
  • Given plaintext P0,P1,…,Pm,…
  • Obvious way to use a block cipher is

EncryptDecrypt

C0=E(P0,K), P0=D(C0,K),

C1=E(P1,K), P1=D(C1,K),

C2=E(P2,K),… P2=D(C2,K),…

  • For a fixed key K, this is an electronic version of a codebook cipher
  • A new codebook for each key

Intro to Information Security 46

ecb weaknesses
ECB Weaknesses
  • Suppose Pi=Pj
  • Then Ci=Cj and Trudy knows Pi=Pj
  • This gives Trudy some information, even if she does not know Pi or Pj
  • Trudy might know Pi
  • A “cut and paste” attack also possible

Intro to Information Security 47

alice hates ecb mode
Alice Hates ECB Mode
  • Alice’s uncompressed image, Alice ECB encrypted (TEA)
  • Why does this happen?
  • Same plaintext block  same ciphertext!

Intro to Information Security 48

cbc mode
CBC Mode
  • Blocks are “chained” together
  • A random initialization vector, or IV, is required to initialize CBC mode
  • IV is random, but need not be secret

EncryptionDecryption

C0 = E(IVP0,K), P0 = IVD(C0,K),

C1 = E(C0P1,K), P1 = C0D(C1,K),

C2 = E(C1P2,K),… P2 = C1D(C2,K),…

Intro to Information Security 49

cbc mode1
CBC Mode
  • Identical plaintext blocks yield different ciphertext blocks
  • Cut and paste is still possible, but more complex (and will cause garbles)
  • If C1 is garbled to, say, G then

P1  C0D(G,K), P2  GD(C2,K)

  • But, P3 = C2D(C3,K), P4 = C3D(C4,K), …
  • Automatically recovers from errors!

Intro to Information Security 50

alice likes cbc mode
Alice Likes CBC Mode
  • Alice’s uncompressed image, Alice CBC encrypted (TEA)
  • Why does this happen?
  • Same plaintext yields different ciphertext!

Intro to Information Security 51

access control1
Access Control

Intro to Information Security 52

access control topics
Access Control Topics
  • Authentication
    • Something you know (passwords)
    • Something you have (smartcard)
    • Something you are (biometrics)
  • Authorization
    • ACLs/capabilities, MLS, CAPTCHA
    • Firewalls, IDS

Intro to Information Security 53

turing test
Turing Test
  • Proposed by Alan Turing in 1950
  • Human asks questions to one other human and one computer (without seeing either)
  • If human questioner cannot distinguish the human from the computer responder, the computer passes the test
  • The gold standard in artificial intelligence
  • No computer can pass this today

Intro to Information Security 54

captcha
CAPTCHA
  • CAPTCHACompletely Automated Public Turing test to tell Computers and Humans Apart
  • Automated  test is generated and scored by a computer program
  • Public  program and data are public
  • Turing test to tell…  humans can pass the test, but machines cannot pass the test
  • Like an inverse Turing test (sort of…)

Intro to Information Security 55

captcha paradox
CAPTCHA Paradox
  • “…CAPTCHA is a program that can generate and grade tests that it itself cannot pass…”
  • “…much like some professors…”
  • Paradox  computer creates and scores test that it cannot pass!
  • CAPTCHA used to restrict access to resources to humans (no computers)
  • CAPTCHA useful for access control

Intro to Information Security 56

captcha uses
CAPTCHA Uses?
  • Original motivation: automated “bots” stuffed ballot box in vote for best CS school
  • Free email services  spammers used bots sign up for 1000’s of email accounts
    • CAPTCHA employed so only humans can get accts
  • Sites that do not want to be automatically indexed by search engines
    • HTML tag only says “please do not index me”
    • CAPTCHA would force human intervention

Intro to Information Security 57

captcha rules of the game
CAPTCHA: Rules of the Game
  • Must be easy for most humans to pass
  • Must be difficult or impossible for machines to pass
    • Even with access to CAPTCHA software
  • The only unknown is some random number
  • Desirable to have different CAPTCHAs in case some person cannot pass one type
    • Blind person could not pass visual test, etc.

Intro to Information Security 58

do captchas exist
Do CAPTCHAs Exist?
  • Test: Find 2 words in the following
  • Easy for most humans
  • Difficult for computers (OCR problem)

Intro to Information Security 59

captchas
CAPTCHAs
  • Current types of CAPTCHAs
    • Visual
      • Like previous example
      • Many others
    • Audio
      • Distorted words or music
  • No text-based CAPTCHAs
    • Maybe this is not possible…

Intro to Information Security 60

captcha s and ai
CAPTCHA’s and AI
  • Computer recognition of distorted text is a challenging AI problem
    • But humans can solve this problem
  • Same is true of distorted sound
    • Humans also good at solving this
  • Hackers who break such a CAPTCHA have solved a hard AI problem
  • Putting hacker’s effort to good use!

Intro to Information Security 61

protocols1
Protocols

Intro to Information Security 62

protocol topics
Protocol Topics
  • Simple authentication protocols
    • Nonces, session keys, timestamps, etc.
    • Perfect forward secrecy, zero knowledge proofs
  • Real-world security protocols
    • SSL
    • IPSec
    • Kerberos
    • GSM

Intro to Information Security 63

authentication
Authentication
  • Authentication on a stand-alone computer is relatively simple
    • “Secure path” is the primary issue
    • Main concern is an attack on authentication software (we discuss software attacks later)
  • Authentication over a network is much more complex
    • Attacker can passively observe messages
    • Attacker can replay messages
    • Active attacks may be possible (insert, delete, change messages)

Intro to Information Security 64

symmetric key authentication
Symmetric Key Authentication
  • Alice and Bob share symmetric key KAB
  • Key KAB known only to Alice and Bob
  • Authenticate by proving knowledge of shared symmetric key
  • How to accomplish this?
    • Must not reveal key
    • Must not allow replay attack

Intro to Information Security 65

authentication with symmetric key
Authentication with Symmetric Key

“I’m Alice”

R

E(R,KAB)

Bob, KAB

Alice, KAB

  • Secure method for Bob to authenticate Alice
  • Alice does not authenticate Bob
  • Can we achieve mutual authentication?

Intro to Information Security 66

mutual authentication
Mutual Authentication
  • Since we have a secure one-way authentication protocol…
  • The obvious thing to do is to use the protocol twice
    • Once for Bob to authenticate Alice
    • Once for Alice to authenticate Bob
  • This has to work…

Intro to Information Security 67

mutual authentication1
Mutual Authentication
  • This provides mutual authentication
  • Is it secure? See the next slide…

“I’m Alice”, RA

RB, E(RA,KAB)

E(RB,KAB)

Bob, KAB

Alice, KAB

Intro to Information Security 68

mutual authentication attack
Mutual Authentication Attack

1. “I’m Alice”, RA

2. RB, E(RA,KAB)

5. E(RB,KAB)

Bob, KAB

Trudy

3. “I’m Alice”, RB

4. RC, E(RB,KAB)

Bob, KAB

Trudy

Intro to Information Security 69

mutual authentication2
Mutual Authentication
  • Our one-way authentication protocol not secure for mutual authentication
  • Protocols are subtle!
  • The “obvious” thing may not be secure
  • Also, if assumptions or environment changes, protocol may not work
    • This is a common source of security failure
    • For example, Internet protocols

Intro to Information Security 70

symmetric key mutual authentication
Symmetric Key Mutual Authentication
  • Do these “insignificant” changes help?
  • Yes!

“I’m Alice”, RA

RB, E(“Bob”,RA,KAB)

E(“Alice”,RB,KAB)

Bob, KAB

Alice, KAB

Intro to Information Security 71

socket layer

application

transport

network

link

physical

Socket layer
  • “Socket layer” lives between application and transport layers
  • SSL usually lies between HTTP and TCP

User

Socket

“layer”

OS

NIC

Intro to Information Security 72

what is ssl
What is SSL?
  • SSL is theprotocol used for most secure transactions over the Internet
  • For example, if you want to buy a book at amazon.com…
    • You want to be sure you are dealing with Amazon (authentication)
    • Your credit card information must be protected in transit (confidentiality and/or integrity)
    • As long as you have money, Amazon doesn’t care who you are (authentication need not be mutual)

Intro to Information Security 73

simple ssl like protocol
Simple SSL-like Protocol
  • Is Alice sure she’s talking to Bob?
  • Is Bob sure he’s talking to Alice?

I’d like to talk to you securely

Here’s my certificate

{KAB}Bob

protected HTTP

Bob

Alice

Intro to Information Security 74

simplified ssl protocol
Simplified SSL Protocol

Can we talk?, cipher list, RA

  • S is pre-master secret
  • K = h(S,RA,RB)
  • msgs = all previous messages
  • CLNT and SRVR are constants

Certificate, cipher, RB

{S}Bob, E(h(msgs,CLNT,K),K)

h(msgs,SRVR,K)

Data protected with key K

Alice

Bob

Intro to Information Security 75

ssl mim attack
SSL MiM Attack

RA

RA

  • Q: What prevents this MiM attack?
  • A: Bob’s certificate must be signed by a certificate authority (such as Verisign)
  • What does Web browser do if sig. not valid?
  • What does user do if signature is not valid?

certificateT, RB

certificateB, RB

{S1}Trudy,E(X1,K1)

{S2}Bob,E(X2,K2)

h(Y1,K1)

h(Y2,K2)

Trudy

E(data,K1)

E(data,K2)

Alice

Bob

Intro to Information Security 76

software3
Software

Intro to Information Security 77

software topics
Software Topics
  • Flaws
  • Malware
  • Software-based attacks
  • Software reverse engineering (SRE)
  • Digital rights management (DRM)
  • Software development
  • Operating systems/trusted OS
  • NGSCB

Intro to Information Security 78

why software
Why Software?
  • Why is software as important to security as crypto, access control and protocols?
  • Virtually all of information security is implemented in software
  • If your software is subject to attack, your security is broken
    • Regardless of strength of crypto, access control or protocols
  • Software is a poor foundation for security

Intro to Information Security 79

bad software is everywhere
Bad Software is Everywhere
  • NASA Mars Lander (cost $165 million)
    • Crashed into Mars
    • Error in converting English and metric units
  • Denver airport
    • Buggy baggage handling system
    • Delayed airport opening by 11 months
    • Cost of delay exceeded $1 million/day
  • MV-22 Osprey
    • Advanced military aircraft
    • Lives have been lost due to faulty software

Intro to Information Security 80

software issues
Software Issues

Attackers

  • Actively look for bugs and flaws
  • Like bad software…
  • …and try to make it misbehave
  • Attack systems thru bad software

“Normal” users

  • Find bugs and flaws by accident
  • Hate bad software…
  • …but must learn to live with it
  • Must make bad software work

Intro to Information Security 81

complexity
Complexity
  • “Complexity is the enemy of security”, Paul Kocher, Cryptography Research, Inc.

Lines of code (LOC)

system

  • A new car contains more LOC than was required to land the Apollo astronauts on the moon

Intro to Information Security 82

buffer overflow attack scenario
Buffer Overflow Attack Scenario
  • Users enter data into a Web form
  • Web form is sent to server
  • Server writes data to buffer, without checking length of input data
  • Data overflows from buffer
  • Sometimes, overflow can enable an attack
  • Web form attack could be carried out by anyone with an Internet connection

Intro to Information Security 83

buffer overflow
Buffer Overflow
  • Q: What happens when this is executed?
  • A: Depending on what resides in memory at location “buffer[20]”
    • Might overwrite user data or code
    • Might overwrite system data or code

int main(){

int buffer[10];

buffer[20] = 37;}

Intro to Information Security 84

simple buffer overflow
Simple Buffer Overflow
  • Consider boolean flag for authentication
  • Buffer overflow could overwrite flag allowing anyone to authenticate!

Boolean flag

buffer

F

O

U

R

S

C

T

F

  • In some cases, attacker need not be so lucky as to have overflow overwrite flag

Intro to Information Security 85

memory organization
Memory Organization
  • low

address

text

  • Text== code
  • Data== static variables
  • Heap== dynamic data
  • Stack== “scratch paper”
    • Dynamic local variables
    • Parameters to functions
    • Return address

data

heap

  • SP

stack

  • high

address

Intro to Information Security 86

simplified stack example
Simplified Stack Example

low 

void func(int a, int b){

char buffer[10];

}

void main(){

func(1, 2);

}

:

:

  • SP

buffer

  • SP
  • return

address

ret

a

  • SP

b

  • SP

high 

Intro to Information Security 87

smashing the stack
Smashing the Stack

low 

  • What happens if buffer overflows?

:

:

???

  • Program “returns” to wrong location
  • SP

buffer

  • SP

overflow

ret

  • ret…

NOT!

  • A crash is likely

overflow

a

  • SP

b

  • SP

high 

Intro to Information Security 88

smashing the stack1
Smashing the Stack

low 

  • Attacker has a better idea…

:

:

  • Code injection
  • Attacker can run any code on affected system!
  • SP

evil code

ret

ret

  • SP

a

  • SP

b

  • SP

high 

Intro to Information Security 89

smashing the stack2
Smashing the Stack

:

:

  • Attacker may not know
    • Address of evil code
    • Location of ret on stack
  • Solutions
    • Precede evil code with NOP “landing pad”
    • Insert lots of new ret

NOP

:

NOP

evil code

ret

ret

  • ret

:

ret

:

:

Intro to Information Security 90

stack smashing summary
Stack Smashing Summary
  • A buffer overflow must exist in the code
  • Not all buffer overflows are exploitable
    • Things must line up correctly
  • If exploitable, attacker can inject code
  • Trial and error likely required
    • Lots of help available online
    • Smashing the Stack for Fun and Profit, Aleph One
  • Also possible to overflow the heap
  • Stack smashing is “attack of the decade”

Intro to Information Security 91

stack smashing example
Stack Smashing Example
  • Program asks for a serial number that the attacker does not know
  • Attacker also does not have source code
  • Attacker does have the executable (exe)
  • Program quits on incorrect serial number

Intro to Information Security 92

example
Example
  • By trial and error, attacker discovers an apparent buffer overflow
  • Note that 0x41 is “A”
  • Looks like ret overwritten by 2 bytes!

Intro to Information Security 93

example1
Example
  • Next, disassemble bo.exe to find
  • The goal is to exploit buffer overflow to jump to address 0x401034

Intro to Information Security 94

example2
Example
  • Find that 0x401034 is “@^P4” in ASCII
  • Byte order is reversed? Why?
  • X86 processors are “little-endian”

Intro to Information Security 95

example3
Example
  • Reverse the byte order to “4^P@” and…
  • Success! We’ve bypassed serial number check by exploiting a buffer overflow
  • Overwrote the return address on the stack

Intro to Information Security 96

example4
Example
  • Attacker did not require access to the source code
  • Only tool used was a disassembler to determine address to jump to
    • Can find address by trial and error
    • Necessary if attacker does not have exe
    • For example, a remote attack

Intro to Information Security 97

example5
Example
  • Source code of the buffer overflow
  • Flaw easily found by attacker
  • Even without the source code!

Intro to Information Security 98

malicious software
Malicious Software
  • Malware is not new!
  • Fred Cohen’s initial virus work in 1980’s
    • Used viruses to break MLS systems
  • Types of malware (lots of overlap)
    • Virus passive propagation
    • Worm active propagation
    • Trojan horse  unexpected functionality
    • Trapdoor/backdoor  unauthorized access
    • Rabbit  exhaust system resources

Intro to Information Security 99

sql slammer
SQL Slammer
  • Infected 250,000 systemsin 10 minutes!
  • Code Red took 15 hours to do what Slammer did in 10 minutes
  • At its peak, Slammer infections doubled every 8.5 seconds
  • Slammer spread too fast
  • “Burned out” available bandwidth

Intro to Information Security 100

sql slammer1
SQL Slammer
  • Why was Slammer so successful?
    • Worm fit in one 376 byte UDP packet
    • Firewalls often let small packet thru, assuming it could do no harm by itself
    • Then firewall monitors the connection
    • Expectation was that much more data would be required for an attack
    • Slammer defied assumptions of “experts”

Intro to Information Security 101

polymorphic malware
Polymorphic Malware
  • Polymorphic worm (usually) encrypted
  • New key is used each time worm propagates
    • The encryption is weak (repeated XOR)
    • Worm body has no fixed signature
    • Worm must include code to decrypt itself
    • Signature detection searches for decrypt code
  • Detectable by signature-based method
    • Though more challenging than non-polymorphic…

Intro to Information Security 102

metamorphic malware
Metamorphic Malware
  • A metamorphic worm mutates before infecting a new system
  • Such a worm can avoid signature-based detection systems
  • The mutated worm must do the same thing as the original
  • And it must be “different enough” to avoid detection
  • Detection is currently unsolved problem

Intro to Information Security 103

metamorphic worm
Metamorphic Worm
  • To replicate, the worm is disassembled
  • Worm is stripped to a base form
  • Random variations inserted into code
    • Rearrange jumps
    • Insert dead code
    • Many other possibilities
  • Assemble the resulting code
  • Result is a worm with same functionality as original, but very different signature

Intro to Information Security 104

warhol worm
Warhol Worm
  • “In the future everybody will be world-famous for 15 minutes”  Andy Warhol
  • A Warhol Worm is designed to infect the entire Internet in 15 minutes
  • Slammer infected 250,000 systems in 10 minutes
    • “Burned out” bandwidth
    • Slammer could not have infected all of Internet in 15 minutes  too bandwidth intensive
  • Can a worm do “better” than Slammer?

Intro to Information Security 105

warhol worm1
Warhol Worm
  • One approach to a Warhol worm…
  • Seed worm with an initial hit list containing a set of vulnerable IP addresses
    • Depends on the particular exploit
    • Tools exist for finding vulnerable systems
  • Each successful initial infection would attack selected part of IP address space
  • No worm this sophisticated has yet been seen in the wild (as of 2004)
    • Slammer generated random IP addresses
  • Could infect entire Internet in 15 minutes!

Intro to Information Security 106

flash worm
Flash Worm
  • Possible to do “better” than Warhol worm?
  • Can entire Internet be attacked in < 15 min?
  • Searching for vulnerable IP addresses is slow part of any worm attack
  • Searching might be bandwidth limited
    • Like Slammer
  • A “flash worm” is designed to infect entire Internet almost instantly

Intro to Information Security 107

flash worm1
Flash Worm
  • Predetermine all vulnerable IP addresses
    • Depends on the particular exploit
  • Embed all known vulnerable addresses in worm
  • Result is a huge worm (perhaps 400KB)
  • Whenever the worm replicates, it splits
  • Virtually no wasted time or bandwidth!

Original worm

1st generation

2nd generation

Intro to Information Security 108

flash worm2
Flash Worm
  • Estimated that an ideal flash worm could infect the entire Internet in 15 seconds!
  • Much faster than humans could respond
  • How to defend against this?

Intro to Information Security 109