Computer Security and Cryptography

About This Presentation

Title:

Computer Security and Cryptography

Description:

Technology Hacks. Design deficiencies and other vulnerabilite ... Software hacks. Second channel attacks. RFID issues. Cell phone vulnerabilities. Grocery cards? ... – PowerPoint PPT presentation

Number of Views:448

Avg rating:3.0/5.0

Slides: 69

Provided by: zmke

Category:

more less

Transcript and Presenter's Notes

Title: Computer Security and Cryptography

1
Computer Security and Cryptography
Partha Dasgupta, Arizona State University
2
Not just hype paranoia

Internet hosts are under constant attack
Financial losses are mounting
Miscreants are getting smarter
(and so are consumers)
National Security risks were stated and then
underplayed
Data loss threatens normal users, corporations,
financial institutions, government and more
Questions
HOW? WHY? and What can we do?

3
Overview

Part 1 Security Basics
Part 2 Attacks and Countermeasures
Part 3 Cryptography
Part 4 Network Security
Part 5 System Security

4
Part 1 Security Basics

Computer and Network Security basics
Hacking
Attacks and Risks
Countermeasures
Secrets and Authentication
Paranoia

5
Computer and Network Security

Keep computers safe from program execution that
is not authorized
Keep data storage free from corruption
Keep data storage free from leaks
Keep data transmissions on the network private
and un-tampered with
Ensure the authenticity of the transactions (or
executions)
Ensure that the identification of the human,
computer, resources are established
With a high degree of confidence
Do not get stolen, misused or misrepresented

6
Hacking or Cracking

Plain old crime
Phone Phreaking
Credit cards, the old fashioned way
Technology Hacks
Design deficiencies and other vulnerabilite
ATM, Coke Machines, Credit Cards, Social
Engineering
Software hacks
Second channel attacks
RFID issues
Cell phone vulnerabilities
Grocery cards?

7
Attacks and Risks

Attacks
An attack is a method that compromises one or
more of- privacy (or confidentiality)- data
integrity- execution integrity
Attacks can originate in many ways
System based attacks
Network based attacks
Unintended Consequences
Risk a successful attack leads to compromise
Data can be stolen, changed or spoofed
Computer can be used for unauthorized purposes
Identity can be stolen
RISK can be financial

8
Attack Types

System based attacks
Virus, Trojan, rootkit
Adware, spyware, sniffers
A program has potentially infinite power
Can execute, spawn, update, communicate
Can mimic a human being
Can invade the operating system
Network based attacks
Eavesdropping
Packet modifications, packet replay
Denial of Service
Network attacks can lead to data loss and system
attacks

9
Countermeasures

System Integrity Checks
Virus detectors
Intrusion detection systems
Software signatures
Network Integrity checks
Encryption
Signatures and digital certificates
Firewalls
Packet integrity, hashes and other cryptographic
protocols
Bottom Line
We have an arsenal for much of the network
attacks
System security is still not well solved

10
What is at Risk?

Financial Infrastructure
Communication Infrastructure
Corporate Infrastructure
Confidentiality and Privacy at many levels
Economy
Personal Safety

11
The Shared Secret Fiasco

Our authentication systems (personal, financial,
computing, communications) are all based on
shared secrets
ID numbers, Account numbers, passwords, SS, DOB
When secrets are shared, they are not secrets
They will leak!
Given the ability of computers to disseminate
information, all shared secret schemes are at
extreme risk
Media reports of stolen data is rampant

The Fake ATM attack
The check attack
The extortion attack

12
How do secrets leak?

Malicious reasons
Simple mistakes
Oversight
Bad human trust management
Bad computer trust management
Nothing can go wrong
Please believe in Murphy!

13
Keeping Secrets?

Simple answer, not possible.
Encryption is good, but data has to be
unencrypted somewhere
Disappearing Ink?
Use paper based documents, not scanned.
Public Key Encryption has much promise (PKI
systems)
Shared secrets need to be eliminated as much as
possible
Separate out of band communications
Phone, postal mail, person-to-person

14
Authentication

Shared secrets are used for authentication
Username/passwords
Multi-factor authentication
What you know
What you have
What you are, what you can do.
Most of the authentication methods are quite
broken
Designed when networking was not around
PKI systems are better, but not deployed
Too many false solutions (dangerous, gives a
feeling of security)

15
Passwords

The password is known to the host and the client
Under some password schemes the host does not
know the password (e.g. Unix)
Passwords can leak from host or from client
Same password is used for multiple sites
Password managers are not too effective
Good passwords are not as good as you think
Invented for a completely different purpose,
using passwords on the web, even with SSL
encryption, is a bad idea

16
False Solutions

Biometrics
A digital bit string, or password that cannot be
changed
Plenty of attacks possible, including framing
RFID identification
Plenty of attacks possible
Multi-Factor authentication
Better, but still not good
Smart cards (the not-so-smart ones)
Again, based on shared secrets, have attacks and
limitations

17
Paranoia?

A large number of computers (consumer, business)
are compromised or used for fraud
Viral infections, zombies
Many web servers are for fraudulent reasons
Spam is an indicator
Unprecedented lying, cheating
Adware, popups, spyware
All attempting to mislead, steer, and victimize
Identity theft, financial theft, cheating
Probably at an all time high
Security Awareness is often coupled with paranoia
It is necessary to be paranoid!

18
What is the point of an attack?

Get your shared secrets for financial gain
Espionage
Disruption

PersonalCorporateFinancialSystem Identification
19
Computer Security

Software needs to be verifiably untampered and
trusted
Networks need to be free from tampering/sniffing
Data has to be secure from stealing and tampering
End user protection
A coalescing of software, hardware and
cryptography along with human intervention and
multi-band communication.

20
Part 2 Attacks and Countermeasures

Vulnerabilities
System Attacks
Virus, Trojan, Worm
Buffer overflow
Rootkit
Zombies
Web based attacks
Network Attacks
Eavesdropping
Man-in-the-middle
Denial of service
Authentication attacks
Pharming, RATS
Social Engineering Attacks

21
The Attackers

Script kiddies
Hackers
Would-be hackers
Crackers
Industrial espionage
Elite Blackhat
A whitehat attacks too, but for the purpose of
securing systems

22
Vulnerabilities

Vulnerabilities are weak spots
Hard to spot, hard to predict
Can exist in any complex system
Human vulnerabilities
Greed, friendship, attraction, guilt.. much more
System Infrastructure Vulnerabilities
process has holes, laws have loopholes
Software Vulnerabilities
Bad code, bad design, unforeseen problems
Hardware Vulnerabilities
Failures, faulty design

23
Vulnerability Origins

Too many to reason about
Bad design
Use of shared secrets
Humans do not comprehend large systems
Permutation is not what we do best
A set of ways to do things some thinking on the
part of a miscreant..
The Windows Vista Audio Attack

24
Examples

Coke machine hack
http//youtube.com/watch?vTBgHH8ZmB_s
ATM hack
The video disappeared
security via obscurity
SQL Injection
http//youtube.com/watch?vMJNJjh4jORY
WiFi range extender?
http//youtube.com/watch?vLY8Wi7XRXCA

25
More Problems

Lack of transparency to humans
Windows registry
Feature Creep
Lack of adequate Idiot Proofing
Counterintuitive?
Ease of use is paramount
Now we know, but its too late.
Lack of end-user understanding of vulnerable
operations and situations

26
Malware

Malware is just one problem, but a major
problem
How does it work?
How does it get there?
What can it do?
The OS is supposed to prevent such external
attacks
Does not work
Not in our lifetimes, will these problems get
fixed

27
Virus-Trojans-Worms

Malware software that causes harm
All software is capable of causing harm
Can perform any computations on a computer
Can reproduce
BUT How did it get to the host machine
Easy Methods
Social engineering
Trojans
Harder methods
Vulnerability exploits
Buffer overflows

28
The Ultimate Trojan

Reflections on Trusting Trust -- Ken Thompson,
Turing Award Lecture 1984
How to break into Unix?
Write custom login program
Write custom compiler
Write even more custom compiler
Now the goose is cooked
A trojan that lives forever and can never be
disabled?

29
Nothing can be trusted

From login programs to compilers to bootstraps
maybe extending to microcode
The moral is obvious. You can't trust code that
you did not totally create yourself.
No amount of source-level verification or
scrutiny will protect you from using untrusted
code..
A well installed microcode bug will be almost
impossible to detect.
KEN THOMPSON
Since 1984, we know Software cannot be trusted.
Yet we do!

30
Trusted Software

We have to trust software
No choice
We have to acquire software from reliable
sources
Insider attacks happen
We have to check the software regularly
Virus detectors are not the answer
All software have vulnerabilities
Operating systems, applications, servers,
compilers and so on
Vulnerabilities can be exploited by attackers
Buffer overflow is the major attack, there are
many more

31
Buffer Overflow

Reading input data causes overwriting of some
data already on the system
Stack smashing
Heap smashing
Data changing
Calling existing routines with different
parameters
Can be installed form network communications or
from a data file
Result Easy to install viruses without
intervention from the user.

32
Details of Buffer Overflow

foo()Int a3 read n i 0 do n times
read(ai) i

a0
a1
a2
Return address
33
What is vulnerable to Buffer Overflow?

Network connections
Structured files
User inputs
Scripts
All software contain vulnerabilities (just have
not been discovered yet)

34
After a Buffer Overflow

Goal is too install a virus
Buffer overflow allows
an attacker to introduce malicious code into a
processOR
An attacked to call an existing routine in the
application process, with doctored arguments
It is a powerful technique to start the
compromise a computer process

35
Rootkits, the Grand Finale

Buffer overflows, open the door, the real deal is
the rootkit.
Operating system patch
Hides all evidence of the compromise
Impossible to detect from within the system
Need external detectors
Can be designed to be very difficult, if not
impossible to clean up
Reinstall is the only sure way to stop a rootkit

36
What can rootkits do?

Run any software as root or administrator
Update itself as well as implant newer attacks
later
Very Stealthy
Install keyboard sniffers
Access any data stored on the computer
If the data is encrypted, the rootkit can find
where the key is located

37
Zombies

A virus
A process that listens to commands from home
Can download another programs
Can start attacks on other systems
Can do spamming without being easily detected
Advantage Upgradeable, reprogrammable!

38
Sniffers

Record keystrokes typed by a user
Can see all data entered by a user, including
secret data
Passwords, credit card numbers, personal
information
Can see data that is encrypted (as it can access
it before encryption, or after decryption)
Would you use a computer that does not belong you?

39
Web Attacks

A variance of the buffer overflow and virus
attack
Use web software to attack a browser
Utilize vulnerabilities in a browser
Java script vulnerabilities
Active X vulnerabilities
Install browser helper objects
Can be hidden in web popups
Often used to install
Adware
Spyware
Web-beacons
Single pixel images, that detect a user reading a
web page (or email, or any HTML content)

40
Cross Site Scripting

Fun with Javascript and browsers and servers
Type 0
Run a script on the users machine when visiting a
malicious site. The local script has higher
privileges
Type 1
Inject a client side script into a server. A
crafted URL followed while logged into a good
site can make the good site do what the attacker
wants
Type 2
A message board contains crafter URLs that can
send cookies to the attacker
Many attacks, including the recent gmail attack
were done via XSS

41
Gmail Attack

from a blog
Haochi Chen discovered what looks like a
Gmail XSS (cross-site scripting) security
problem. Using a small piece of JavaScript you
can put on any server, the users contact names
email addresses are revealed (provided youre
logged in to your Google account). I was able to
reproduce this using Firefox, and an updated
version of the original snippet. With Haochis
code, a malicious website would be able to grab
your contact list and transmit it to their server
behind the scenes, storing this data for other
purposes like spamming, or finding out more
about you.
If youre worried about this Google
vulnerability, the best thing until its fixed is
to only visit sites you know and trust, or to
turn off your browsers JavaScript, or to log out
of Gmail.

42
Password Attacks

Find password by brute force, or by guessing, or
by dictionary attacks
Hardy ever used any more, even simple passwords
are hard to crack!
So many easier ways, why bother!
Phishing is hard? Phishing is easy?
Sniffing too

43
Network Eavesdropping

Ethernet and broadcast networks
promiscuous mode
Get every packet
Password sniffing
MAC sniffing
WEP cracking
Network eavesdropping can lead to loss of privacy
is data is being sent un-encrypted
Not a common attack

44
Man in the Middle

Insert a malicious relay between sender and
receiver of a network connection
Change data packets, or replay them
Need to sniff and then inject
Or need to establish to connections (redirect
traffic)
Causes confusion
Gain information, use authentication
surreptitiously
Not effective against modern cryptographic
protocols (encryption and digital signatures)

45
Denial of Service

Flood the network with fake traffic
Overwhelm servers with large numbers of queries
Distributed DoS uses Zombies
Very difficult to contain
Attacking the network stack
Use malformed packets to cause TCP-IP software to
block/crash
Does not cause any loss of privacy, or system
compromises

46
Authentication Attacks

Steal authentication information
Phishing is the most common method
Man in the middle, eavesdropping can do it too
Steal keys and other shared secrets
Physical theft
Viruses
Brute force (for bad cryptographic algorithms)

47
Pharming

Corrupt a DNS server
Man in the middle
System attack
A host translates a DNS name to a attackers IP
address
E.g. mybank.com leads to a hacker site, set up
to look like the mybank.com site
Then a standard phishing attack can be performed
on the user-name and password

48
RATS

Remote Access Trojans
New! Improved!! More efficient!!!

These new remote-access Trojans are designed
specifically to lurk in the background, waiting
until the unsuspecting user types the name of a
well-known bank into a Web browser. Then, the
program springs into action, copying every
keystroke. The data is sent back to the criminal,
who now can raid the online bank.
49
Social Engineering

Phishing, via spam or web sites
Sending pictures or other interesting things,
with compelling reasons to open it
Download interesting programs, with Trojans
Giving up personal information using baits of
various kinds
If we figure out all the tricks, more will be
invented

50
Countermeasures

Patches and security fixes
Virus Scanners
Intrusion Detectors / Firewalls
Integrity Checking and Virtual Machines
Cryptography
Digital Signatures and PKI systems
Smartcards / RFID
Awareness and Education
Out of band notifications
Simple yet effective (vs. Complex and breakable)
Proper administration, configuration

51
Patches and Fixes

Software updates
To fix buffer overflow and such attacks
Doublespeak attacker can gain complete control
over a computer.
Also fixes bugs and other vulnerabilities
Hardens software
Updates can be dangerous
Introduces more bugs and vulnerabilities
Can be fake
Target for attackers who distribute malicious
patches

52
Password Managers

Stops users from using the same user-id and
password
Creates strong passwords
Sometimes a pain to use
Password managers built into browsers not a
good idea
Have to transport data between computers, if
using multiple computers (or run from USB stick)
Master password can be sniffed

53
Virus Scanners

Everyone should have them installed
Even though they are ineffective?
Slows down performance
Uses Black Lists
Polymorphism and other techniques are used by
viruses to avoid detection
Can be disabled or tampered with
Problem with DLL, browser objects, active X,
registry hacks, cookies
Adware different from spyware and viruses
Not true
A patch that works for now

54
Firewalls

Software and hardware firewalls
Network Address Translation
Incoming filter is needed
Outgoing filter is effective but irritating
Software firewalls can be defeated
Hardware firewalls are incoming only

55
Intrusion Detection Systems

A set of layered network-wide service for large
computer installations
May just be a firewall
Typical configuration have
DMZ and honeypots
Bastion hosts
Signature based detection
Monitoring and logging
Attacks possible
Polymorphic attacks
Noise camouflaged attacks

56
Virtual Private Networks

An authenticated, encrypted tunnel between a
client and a host on a secure network
Not popular, but effective
Reverse attacks are possible
If the host is on an open network, the client
does not have firewall protection
Corporate users are required to use VPNs

57
File Integrity Checkers

Scan each clean file and store a signature (or
hash)
Compare files to stored hashes whenever they are
used
Easy to bypass or to store hash after file
corruption occurs
Hash storage prone to attack
Sometimes irritating to use
A virus can fake user input and fool the
integrity checker
E,g, Tripwire

58
Single Sign on Systems

Sign on to a secure server and your credential
will be forwarded to any site you need to sign on
to
Most implementations are flawed
Need too much private information (or shared
secrets) to float around
Kerberos is probably one of the best, but
difficult to administer
Microsoft Passport and Liberty Alliance have
products that are struggling (or dead)
Certificate based systems would be much better

59
Sandboxing

Running applications with limited privileges
System calls from sandboxed applications can only
acces some harmless functions and can cause no
damage
The above statement is large untrue
Sandboxed applications may be able to
Fool the user
Send network packets, or spam
Run more sandboxed applications
Denial of service

60
Virtual Machine Monitors

The ultimate sandbox
Multiple copies of the operating system runs on
the same machine (guest operating systems)
The core of the system is the Virtual Machine
Monitor
Everything is totally separate, each OS has a
different file system, different network address
Isolation can be perfect, but isolation is not
security
VMM based integrity checking has much promise

61
Cryptography

Cryptography has a treasure chest of algorithms
and protocols for handling security (or
computation and data)
(Cryptographically Secure) Random Numbers
(One way) Hash functions
Symmetric Encryption (e.g. DES, AES, IDEA)
Asymmetric Encryption (RSA, Rabin, ECC)
Cryptography, if properly implemented can provide
high degrees of data security and reliable
authentication
Without using shared secret
IF keys are kept secret
Prone to viral attacks

62
PKI Systems

PKI Public Key Infrastructure
A set of protocols that use asymmetric encryption
and hashing
Authentication Systems
Digital signatures for non-repudiable
transactions
Digital Certificates for secure authentication
PKI based authentication stops the phishing
problem and password leakage problem
Keyboard sniffers are not always effective with
PKI systems
Microsoft Cardspace seems to be the first
consumer targeted PKI based identity management
system
PKI based smartcards are the best implementation
Not yet being deployed ?

63
Smartcards

Smartcard
Stored secrets
Compute engine
Communication path
Non tamperable
Most smartcards are not very smart
Stored value cards, shared secret challenge
response cards, GSM SIM cards
PKI based smartcards provide an excellent
authentication solution
DoD CAC
Belgian ID card

secrets
processor
64
RFID cards

More common, less secure
Contactless Accessible via radio waves.
Can be read at large distances, with expensive
equipment
Prone to the tracking vulnerability
Many attacks against RFID passport discovered
Challenge-response RFID cards are better
The current crop is tainted with bad algorithms
Stops cloning, but does not stop stealing
Room for improvement

65
Out of band communications

A simple and yet powerful technique
Many scenarios possible for example
Make a web transaction that involves a credit
card payment
An automated phone call received
Confirm PIN using phone keypad
Confirm amount
Must be resilient against fake phone calls
Very hard for attacker to compromise credit card
and cellphone and phone PIN

66
Simple is Effective

Complex is breakable
All complicated solutions have vulnerabilities
and features that can be exploited
Think of a complex piece of software.
Web browser
Microsoft Office
Outlook
Many more examples
We need simple solutions
Easy to understand
Easy to detect anomalous behavior

67
Awareness and Education