420 likes | 423 Views
EE515/IS523 Think Like an Adversary Lecture 2 Security Engineering. Yongdae Kim. Recap. http://security101.kr E-mail policy Include [ee515] or [is523] in the subject of your e-mail Student Survey http://bit.ly/SiK9M3. Design Hierarchy. What are we trying to do? How? With what?. Policy.
E N D
EE515/IS523 Think Like an AdversaryLecture 2Security Engineering Yongdae Kim
Recap • http://security101.kr • E-mail policy • Include [ee515] or [is523] in the subject of your e-mail • Student Survey • http://bit.ly/SiK9M3
Design Hierarchy • What are we trying to do? • How? • With what? Policy Protocols Hardware, crypto, ...
Terminologies • Secrecy is a technical term – mechanisms limiting the number of principals who can access information • Privacy means control of your own secrets • Confidentiality is an obligation to protect someone else’s secrets • Thus your medical privacy is protected by your doctors’ obligation of confidentiality
Terminologies • Anonymity is about restricting access to metadata. It has various flavors, from not being able to identify subjects to not being able to link their actions • An object’s integrity lies in its not having been altered since the last authorized modification • Authenticity has two common meanings – • an object has integrity plus freshness • you’re speaking to the right principal
Threat Model • What property do we want to ensure against what adversary? • Who is the adversary? • What is his goal? • What are his resources? • e.g. Computational, Physical, Monetary… • What is his motive? • What attacks are out of scope?
Terminologies • Attack: attempt to breach system security (DDoS) • Threat: a scenario that can harm a system (System unavailable) • Vulnerability: the “hole” that allows an attack to succeed (TCP) • Security goal: “claimed” objective; failure implies insecurity
Goals: Confidentiality • Confidentiality of information means that it is accessible only by authorized entities • Contents, Existence, Availability, Origin, Destination, Ownership, Timing, etc… of: • Memory, processing, files, packets, devices, fields, programs, instructions, strings...
Goals: Integrity • Integrity means that information can only be modified by authorized entities • e.g. Contents, Existence, Availability, Origin, Destination, Ownership, Timing, etc… of: • Memory, processing, files, packets, devices, fields, programs, instructions, strings...
Goals: Availability • Availability means that authorized entities can access a system or service. • A failure of availability is often called Denial of Service: • Packet dropping • Account freezing • Jamming • Queue filling
Goals: Accountability • Every action can be traced to “the responsible party.” • Example attacks: • Microsoft cert • Guest account • Stepping stones
Goals: Dependability • A system can be relied on to correctly deliver service • Dependability failures: • Therac-25: a radiation therapy machine • whose patients were given massive overdoses (100 times) of radiation • bad software design and development practices: impossible to test it in a clean automated way • Ariane 5: expendable launch system • the rocket self-destructing 37 seconds after launch because of a malfunction in the control software • A data conversion from 64-bit floating point value to 16-bit signed integer value
Interacting Goals • Failures of one kind can lead to failures of another, e.g.: • Integrity failure can cause Confidentiality failure • Availability failure can cause integrity, confidentiality failure • Etc…
In a Nutshell • Security by Obscurity is not secure! • Conservative modeling for adversary • State-sponsored, Hacktivists, Hacker+Criminals, Researchers ;-) • Care for the weakest link. • Plan for unknown attacks. • Check for environmental changes • All stages are important • Attacker modeling, design, implementation, deployment, operation • Check News! • Cyber Warfare?
Security & Risk • We only have finite resources for security… • If we only have $20K, which should we buy? Product A Prevents Attacks: U,W,Y,Z Cost $10K Product B Prevents Attacks: V,X Cost $20K
Risk • The risk due to a set of attacks is the expected (or average) cost per unit of time. • One measure of risk is Annualized Loss Expectancy, or ALE: ALE of attack A Σ ( pA × LA ) attack A Annualized attack incidence Cost per attack
Risk Reduction • A defense mechanism may reduce the risk of a set of attacks by reducing LA or pA. This is the gross risk reduction (GRR): • The mechanism also has a cost. The net risk reduction (NRR) is GRR – cost. Σ (pA × LA – p’A×L’A) attack A
"the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.” - Bruce Schneier
Who are the attackers? • No more script-kiddies • State-sponsored attackers • Attacker = a nation! • Hacktivists • Use of computers and computer networks as a means of protest to promote political ends • Hacker + Organized Criminal Group • Money! • Researchers
State-Sponsored Attackers • 2012. 6: Google starts warning users who may be targets of government-sponsored hackers • 2010 ~: Stuxnet, Duqu, Flame, Gauss, … • Mikko (2011. 6): A Pandora’s Box We Will Regret Opening • 2010~: Cyber Espionage from China • Exxon, Shell, BP, Marathon Oil, ConocoPhillips, Baker Hughes • Canada/France Commerce Department, EU parliament • RSA Security Inc. SecurID • Lockheed Martin, Northrop Grumman, Mitsubushi
Hacktivists • promoting expressive politics, free speech, human rights, and information ethics • Anonymous • To protest against SOPA, DDoS against MPAA, RIAA, FBI, DoJ, Universal music • Attack Church of Scientology • Support Occupy Wall Street • LulzSec • Hacking Sony Pictures (PSP jailbreaking) • Hacking Pornography web sites • DDoSing CIA web site (3 hour shutdown)
Hacker + Organized Crime Group • No more script kiddies • Hackers seek to earn money through hacking • Traditional financial crime groups have difficulty with technology improvement • Hacker + Criminals! • HaaS = Hacking-as-a-Service
Financial Cyber Crime Statistics • 14 adults become victims of cybercrime every second, totaling more than one million victims each day1 • Cybercriminals unleash 3.5 new threats targeting businesses every second2 1 (347M) (431M) 1 Norton Cybercrime Report 2011 2 Trend Micro “Small business is big business in cybercrime”
Security Researchers • They tried to save the world by introducing new attacks on systems • Examples • Diebold AccuVote-TS Voting Machine • APCO Project 25 Two-Way Radio System • Kad Network • GSM network • Pacemakers and Implantable Cardiac Defibrillators • Automobiles, …
Security Researchers • They tried to save the world by introducing new attacks on systems • Examples • Diebold AccuVote-TS Voting Machine • APCO Project 25 Two-Way Radio System • Kad Network • GSM network • Pacemakers and Implantable Cardiac Defibrillators • Automobiles, …
Bug Bounty Program • Evans (Google): “Seeing a fairly sustained drop-off for the Chromium” • McGeehan (Facebook): The bounty program has actually outperformed the consultants they hire. • Google: Patching serious or critical bugs within 60 days • Google, Facebook, Microsoft, Mozilla, Samsung, …
Nations as a Bug Buyer • ReVuln, Vupen, Netragard: Earning money by selling bugs • “All over the world, from South Africa to South Korea, business is booming in what hackers call zero days” • “No more free bugs.” • ‘In order to best protect my country, I need to find vulnerabilities in other countries’ • Examples • Critical MS Windows bug: $150,000 • Vupen charges $100,000/year for catalog and bug is sold separately • a zero-day in iOS system sold for $500,000 • Brokers get 15%.
Basic Cryptography Yongdae Kim
Eve Yves? The main players Bob Alice
Attacks Normal Flow Destination Source Interruption: Availability Interception: Confidentiality Destination Destination Source Source Modification: Integrity Fabrication: Authenticity Destination Destination Source Source
Taxonomy of Attacks • Passive attacks • Eavesdropping • Traffic analysis • Active attacks • Masquerade • Replay • Modification of message content • Denial of service
Big picture Trusted third party (e.g. arbiter, distributor of secret information) Bob Alice Information Channel Message Message Secret Information Secret Information Eve
Terminology for Encryption • A denotes a finite set called the alphabet • M denotes a set called the message space • M consists of strings of symbols from an alphabet • An element of M is called a plaintext • C denotes a set called the ciphertext space • C consists of strings of symbols from an alphabet • An element of C is called a ciphertext • K denotes a set called the key space • An element of K is called a key • Ee is an encryption function where e K • Dd called a decryption function where d K
Encryption • Why do we use key? • Or why not use just a shared encryption function? Adversary Encryption Ee(m) = c Decryption Dd(c) = m c insecure channel m m Plaintext source destination Alice Bob
SKE with Secure channel Adversary d Secure channel Key source e Encryption Ee(m) = c Decryption Dd(c) = m c Insecure channel m m Plaintext source destination Alice Bob
PKE with insecure channel Passive Adversary e Insecure channel Key source d Encryption Ee(m) = c Decryption Dd(c) = m c Insecure channel m m Plaintext source destination Alice Bob
e e’ Ee’(m) Public key should be authentic! • Need to authenticate public keys Ee(m) e Ee(m)
Digital Signatures • Primitive in authentication and non-repudiation • Signature • Process of transforming the message and some secret information into a tag • Nomenclature • M is set of messages • S is set of signatures • SA: M ! S for A, kept private • VA is verification transformation from M to S for A, publicly known
Key Establishment, Management • Key establishment • Process to whereby a shared secret key becomes available to two or more parties • Subdivided into key agreement and key transport. • Key management • The set of processes and mechanisms which support key establishment • The maintenance of ongoing keying relationships between parties
Symmetric key Encryption • Symmetric key encryption • if for each (e,d) it is easy computationally easy to compute e knowing d and d knowing e • Usually e = d • Block cipher • breaks up the plaintext messages to be transmitted into blocks of a fixed length, and encrypts one block at a time • Stream cipher • encrypt individual characters of plaintext message one at a time, using encryption transformation which varies with time
Hash function and MAC • A hash function is a function h • compression • ease of computation • Properties • one-way: for a given y, find x’ such that h(x’) = y • collision resistance: find x and x’ such that h(x) = h(x’) • Examples: SHA-1, MD-5 • MAC (message authentication codes) • both authentication and integrity • MAC is a family of functions hk • ease of computation (if k is known !!) • compression, x is of arbitrary length, hk(x) has fixed length • computation resistance • Example: HMAC