20771: Computer Security Lecture 6: Privacy, CSP - PowerPoint PPT Presentation

1 / 35
About This Presentation
Title:

20771: Computer Security Lecture 6: Privacy, CSP

Description:

Know IPAAA(A) and be ready to analyze and synthesize using it. ... Algid Specifies algorithm for generating or deriving keys, or creating hashes. ... – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 36
Provided by: robertth
Category:

less

Transcript and Presenter's Notes

Title: 20771: Computer Security Lecture 6: Privacy, CSP


1
20-771 Computer SecurityLecture 6 Privacy, CSP
Review
  • Robert Thibadeau
  • School of Computer Science
  • Carnegie Mellon University
  • Institute for eCommerce, Fall 2002

2
Todays lecture
  • Unix Access
  • Nestor 30th. XML and XML Security

3
This Week
  • Mid Term on Wednesday
  • Essay / Closed Book!
  • Know IPAAA(A) and be ready to analyze and
    synthesize using it.
  • Know Crypto Elements and be able to use them.
  • Know how a X.509v3 Cert works as a Device
  • Know TLS DH vs RSA
  • Know Unix Access Model
  • Have done your Linux Task

4
The How-Toof Computer Security
  • Integrity Is it what it represents itself to
    be?
  • Privacy Is it hidden from those without a right
    to see it?
  • Authentication Is it from who it pretends to be
    from?
  • Authorization Is it provided to who it is
    supposed to be provided to?
  • Auditability Do I have a record of how it was
    used?
  • Availability Is it there (Usually Integrity)?

It the service or the total data, program,
machine, facility, network that is secure whose
intention is being protected.
5
IPAAAAfor messages
  • Integrity (message integrity it is the message
    sent or the one it was)
  • Privacy (message is secret it cant be spied)
  • Authentication (source and recipient are who they
    say they are)
  • Authorization (recipient is permitted to read
    source is permitted to send)
  • Auditability (the message can be proven to be
    passed successfully)
  • Availability? (the message was not blocked in
    passage)

6
IPAAAAfor Login Access
  • Integrity
  • (login integrity it is the login it pretends
    to be change in transit or trojan horse login)
  • Privacy
  • (login is secret it cant be spied)
  • Authentication
  • (source is who he says he is?)
  • Authorization
  • (login accomplishes access permissioning
    perfectly?)
  • Auditability
  • (do I have a record?)
  • Availability?
  • (does it reliably take the login and reliably
    give you access?)

7
Other things to Secure?
8
Crypto Toolkit
PUBLIC KEY ONE KEY OPENS OTHER KEY CLOSES ONE KEY
PUBLIC ONE KEY PRIVATE Also called asymmetric
and trap door
PUBLIC KEY Send ONLY TO YOU (public key closes)
PUBLIC KEY - SIGNING Receive ONLY FROM ME (public
key opens)
PRIVATE KEY Very Fast Very Very Secure if Key,
128 bits, Used Once
PRIVATE KEY ONE KEY OPENS AND CLOSES Also called
symmetric
PRIVATE KEY Takes care of all problems if you
know only you and me have the key.
HASH FUNCTION MAKES ANYTHING ONE SIZE Also called
digest
HASH FUNCTION If Signed Proves INTEGRITY and
AUTHENTICITY
CHALLENGE RESPONSE
CHALLENGE RESPONSE Proves you know something
RIGHT NOW
9
X.509v3
  • Self Signed
  • Certificate Authorities
  • Device Authorities
  • Other Authorities (Program, Mail, etc.)

10
Microsoft CAPI/CSP
  • Cryptographic Application Program Interface
    (CAPI)
  • Cryptographic Service Provider (CSP)
  • Windows Logon
  • File Encryption/Decryption
  • IPSec (IP Security Protocol) virtual private
    network
  • SSL/TLS HTTPS
  • Authenticode
  • CAPI is the only thing allowed to call the CSP
  • CSP can also be replaced with crypto hardware,
    including smart cards (smart cards are CSPs.)
  • Unix/Java world RSA PKCS11 Cryptoki Protocol
    (same as CSP).

11
CSPISO 7816 PC/SC ICC Smartcard
PC or Server
Interface Device (IFD)
IFD Handler
ICC Resource Manager
ICC (Integrated Circuit Card)
Service Manager (CSP)
Interface Device (IFD)
IFD Handler
Crypto API
ICC (Integrated Circuit Card)
Windows and other Applications
12
CSP Functions
  • CPAcquireContext Takes in table of function
    pointers and string identifying CSP container
    name. Returns handle to CSP for use by all other
    CSP.DLL functions.
  • CPReleaseContext Releases context referred to by
    hProv handle. (Disconnects from CSP.)
  • CPGenRandom Fills buffer with cbLen random bytes.
  • CPGenKey Takes algorithm identifier for algorithm
    that will use this key. Generates and returns
    handle to a new key.
  • CPDeriveKey Generates cryptographic session key
    using a hash of base data. Returns key handle,
    given handle to base data and an algorithm ID.
  • CPDestroyKey Destroys key referenced by hKey
    handle.

13
CSP
  • CPEncrypt/CPDecrypt Takes data, key handle, and
    optional hash handle. Encrypts or decrypts data
    in buffer.
  • CPCreateHash Takes algorithm ID and optional key
    handle. Returns handle to hash object.
  • CPHashData Hashes data buffer using hash object
    hHash.
  • CPHashSessionKey Similar to CPHashData, but
    hashes key referenced by hKey instead of a raw
    data buffer.
  • CPSignHash Takes signing key pair (dwKeySpec) and
    hash object (hHash), returns signed hash in a
    data buffer.
  • CPDestroyHash Destroys hash object referenced by
    hHash.
  • CPVerifySignatureTakes public key, hash object,
    and signature data buffer. Verifies signature
    and returns Boolean response (valid signature or
    not).

14
CSP
  • CPGetUserKey Gets a handle to a permanent user
    key, given key specification (dwKeySpec).
  • CPExportKey Securely exports key (hKey) in a blob
    encrypted with the public exchange key (kPubKey)
  • CPImportKey Takes key blob and handle to exchange
    public key of destination user. Returns handle
    to imported key.

15
CSP Parameters
  • (p)hProv Handle to Cryptographic Service
    Provider. Required in all CSP.DLL functions.
  • (p)hKey Handle to a cryptographic key. Can be
    generated, derived or imported. Can be
    destroyed, exported, or have its parameters
    modified. Used to encrypt, decrypt, and create
    hashes.
  • (p)hHash Handle to hash object. Used in encrypt,
    decrypt, and signature/verification functions.
  • hBaseData Data used to derive session key in
    CPDeriveKey.
  • hPubKey Public exchange key for key blob import
    and export, and signature verification.
  • Algid Specifies algorithm for generating or
    deriving keys, or creating hashes. For session
    keys RC2, RC4, or DES. For key pairs, EXCHANGE
    or SIGNATURE (key pair type). 
  • dwBlobType Specifies type of key blob to create
    when exporting a key. SIMPLE, PUBLICKEY,
    PRIVATEKEY, or OPAQUEKEY.
  • dwKeySpec Specifies EXCHANGE or SIGNATURE, the
    type of key pair to be used. Used to sign hash
    and to get a permanent user key pair.
  • pbSignature/(p)cbSigLen Signature data buffer and
    length, used for signing and verification of
    hashes.
  • szDescription Description of data to be signed or
    verified. Use not recommended.
  • phUserKey Handle to a permanent user key.
  • szContainer String identifying CSP container name
    to acquire (used for acquiring CSP context).
  • pVTable Table of pointers (VtableProvStruct) to
    callback functions (used for acquiring CSP
    context).
  • cbBufLen/cbLen/pbBuffer/pbData/(p)cbDataLen
    Buffers and lengths for various different
    purposes 
  • dwFlags Flags to customize operation of most CSP
    functions. Purpose differs for each function.
  • dwParam Specifies parameter to get or change.
    Usually sets or uses values in a data buffer.

16
Windows, Unix, etc etc
Assume the Host can be Trusted
Trojans Don't Exist?
17
Break!
18
InformationPrivacy
  • Law
  • Technology

No matter how much you want to, you cant get
technology out of privacy or the law out of
privacy
19
Reasons
  • There is no technically perfect solution possible
    Thomas Jeffersons notion of public and
    private.
  • Therefore the Law becomes Indispensible
  • Technology actually the computer will always
    surprise you The Turing Principle
  • Therefore Technology cannot be frozen to a form
  • Technology you need locks on the doors and
    policing of the laws
  • This requires Technology

20
The Cookies Privacy Violation
  • Technology will Surprise You
  • DoubleClick
  • A Web Page has many Objects on it
  • Each Object can put a cookie on your machine

21
Reasons
  • There is no technically perfect solution possible
    Thomas Jeffersons notion of public and
    private.
  • Therefore the Law becomes Indispensible
  • Technology actually the computer will always
    surprise you The Turing Principle
  • Therefore Technology cannot be frozen to a form
  • Technology you need locks on the doors and
    policing of the laws
  • This requires Technology

22
Core Privacy Technology Digital Contracts
  • Technologists agreeing that there is no option
    but to have digital contracts
  • Digital contracts can become the practice from
    which law evolves
  • So the Liability Regime and the Contract
    Regime actually go hand in hand from a
    technology perspective.
  • P3P (www.w3.org/p3p) Semantics for the contract
    what information, for what intended use, what
    will be done with it, what are my remedies,

23
ISTPA.org Framework
24
ISTPA.org Framework
25
Privacy Server Protocol at CMUhttp//yuan.ecom.cm
u.edu/psp
  • bilateral and negotiated agreements between
    client and server using HTTP or HTTPS.
  • agreements that have scope in time (a start and
    expiration),
  • agreements that have scope over digital and
    non-digital interactions (including mail and
    phone contacts),
  • agreements that cannot be repudiated
  • agreements that can be indexed by the server
    using server-only Privacy Universal Identifiers
    (PUIDs). 

26
More Review
27
Access
  • User and Group Access Rights is the Basis for
    Unix Security AND Windows 2000 Security!
  • Read, Write, Execute on a file/directory/device
  • The biggest TCO (total cost of ownership) in a
    computer system is administering and working with
    access control.
  • Because things just dont work until you get the
    access rights working properly
  • People think it is something wrong with the
    program when it is really just the security
    environment that is set wrong.
  • A GREAT REASON to REALLY LEARN YOUR ACCESS
    CONTROL SYSTEM!

28
Bits
  • 010 2 020 (if you know these are bits!)
  • 100 4 400
  • 4577 (100 101 111 111)
  • 4755 (100 111 101 101) very common for
    executables

29
Unix Access Protections
  • What has access protections u-rwx g-rwx o-rwx?
  • Files
  • Directories
  • Devices (/dev/)
  • Programs (must have execute bit set).
  • All these have ONE user and ONE group that owns
    them.
  • Each User is ONE user and ONE DEFAULT group but
    many group memberships.
  • Types of protections applied when
    creating/modifying
  • User rwx (u-rwx, -rwx------, or 0700)
  • Group rwx (g-rwx, ----rwx---, or 0070) other
    members of users group
  • Other rwx (o-rwx, -------rwx, or 0007)
  • A directory d (d--------- -gt set automatically
    by file system)
  • SGID (-----s--- or 2000) inherit group
    protections
  • umask 002 automatically let everybody in group
    rwx
  • Need private user group user mary, group mary
    if umask 002 not 022.
  • A user can be a member of many groups but only
    the primary defaults to write unless directory
    permission is set to overcome user permission
    (sgid bit set on directory).
  • When access is provided to a group, every member
    gets it.

30
Unix Access Control Model
Access Control List/Vector
File rw(x/s)rwxrw(x/t)
User a
YOU!
Group b
Directory drwxrw(x/s)rwx
User a
User a
Group a
Group b
Group b..
Devices Some-other-time..
umask 022
Execute Create Delete x
31
Access Control Commands
  • ls l shows ACLs on files, directories,
    devices
  • chmod orw file changes ACL on files,
    directories, devices
  • groupadd group adds a group
  • gpasswd a user group adds a user to a group
  • chgrp user group changes the DEFAULT group of a
    user.
  • touch file causes your ownership to go to file
  • umask 002 changes your creation mask

32
Special Bits do ONE thing eachdrwsrwsrwt
  • 4 Set User ID causes an executable file (a
    program) to go into the access permissions of the
    owner of the file (note, group or OTHER could
    execute it!) not the person executing it.
  • 2 Set Group ID causes a new file that is being
    created in a directory to have the group ID of
    the directory, not the person (User) that is
    creating the file.
  • 1 Sticky Bit Causes a new file that is being
    created in a directory to not be deletable by
    just anybody in that directory but by the user
    who created the file. The file is sticky
    because not-just-anybody can delete it.

33
umask
  • Applies only when you are creating (touching,
    modifying) a file (directory, device)
  • 022 is the general default only you can write a
    file but everybody else can read and execute it.
    It is a mask on the file settings given by
    environment.
  • 002 lets everybody in your group write the file.
  • 000 lets everybody write the file.
  • 277 lets only you read and execute (safety)
  • Just type umask 277 in a shell window and now
    when you make a file, it will have these
    attributes.

34
Special Unix Users
  • Root ? can do anything except when he has
    protected himself, but he can change the self
    protections
  • User -gt can do what he is allowed to do by his
    who he is, his group memberships, and the
    file/directory/device ACLs
  • Special Groups -gt wheel

35
Some Peso default user-groups/etc/group
  • GROUP passwd GID user list
  • root0maint,operator,root,sync
  • bin1bin,anon,daemon,root
  • daemon2bin,daemon,root
  • sys3bin,adm,root
  • adm4adm,daemon,root
  • lp7lp,daemon
  • wheel10root
  • mail12mail,mmdf
  • opr13halt,opr,reboot,shutdown,news
  • news13halt,opr,reboot,shutdown,news
  • uucp14uucp
Write a Comment
User Comments (0)
About PowerShow.com