Someannouncement

AremindingofformingGroupsquickly. TherewillbealecturenextMonday.

First flaw found in AES

Researchers identify first flaws in AES
http://www.kuleuven.be/english/newsletter/newsflash/encryption_standard.html

Finding the key of AES is four times easier than previously believed AES-128 is more like AES-126 the effort to recover a key is still huge: the number of steps to find the key for AES-128 is an 8 x 1037

Entity Authentication
Suppose some website wants you to believe they are really who they say they are, and they want you to encrypt data using their public key. How do they prove it? Digital certificate from CA

DatainanX.509Certificate(1)
VersionNo :Rangesbetween0and2 SerialNumber :Uniqueidentifyingnumber forthecertificate SignatureAlgorithm :Algorithmusedin signature. IssuerName :X.500nameofissuingCA ValidityPeriod :Theearliestandlatesttime thatthecertificateisvalidfor. SubjectName :Thenameoftheownerof thepublickeyinthecertificate.

DatainanX.509Certificate(2)
SubjectPublicKey :Thepublickeyofthe ownerofthecertificate,thealgorithmused andanyparameters. IssuerUniqueIdentifier :Optionalfieldwhich canbeusedtoidentifytheissuingCA SubjectUniqueIdentifier :Optionalfield whichcanbeusedtoidentifytheownerof thecertificate Extensions :InformationforX.509ver 3 Signature :DigitalSignatureoftheCA

How can A let B know, the certificate really has As public key?

UsingaCertificate
Characteristicsofcertificatesgenerated byCA:
AnyBwithaccesstoCAspublickeycan verifyAspublickeythatwascertified. NopartyotherthantheCAcanmodifythe certificatewithoutthisbeingdetected.

ApplicationsUsingX.509PublicKey Certificates
SomeoftheprotocolsthatuseX.509certificatesare: S/MIME(secureMIMEMultipurpose Internet Mail Extensions usedforsecureemail) IPSecurity(IPSecusedforsecureconnectionsat theIPlayer) SSL/TLS(SecureSocketsLayer/TransportLayer Security usedforsecureWebtransactions)this isthemostpubliclyvisibleuseofX.509 certificates SET(SecureElectronicTransactions alsoused forsecureWebtransactions)

CertificateRevocation
EachCertificatehasavalidityperiod. Ifnoproblemwiththecertificate(andthe ownerofthecertificatehaspaidthe requisitefeetotheCA)thenthecertificate canberenewed. CAsmustprovidealistofrevoked certificates.Theydonotprovidelistsof expiredcertificates.

ReasonsforCertificateRevocation
Canoccurbecauseofanumberofreasons: Theownerofthecertificatehashadtheirprivate keycompromised. TheCAisnolongerwillingtocertifytheownerof thecertificate. TheCAsprivatekey(whichverifiestheCAs digitalsignature)hasbeencompromised.

RealCertificateAuthorities
TherearealotofCAs.anduserstendtobuythe productsandservicesofCAsbasedintheirowncountry. WithrespecttothesubmarketforSSLcertificatesfor websites,themarketismoreunified.ThemainCAsand thepercentageoftheirmarketshareare:
Thawte Verisign Geotrust Comodo GoDaddy ThawtehasrecentlytakenoverVerisignand Geotrust.Togetherthesethreefirmshaveabout 57%ofthemarket.ComodoandGoDaddyhave 8%and6%respectively

Source:wikipedia CertificateAuthorities

ComparingKerberosandX.509
Kerberosisidealforuseinsidealargenetwork. Kerberosisnotsuitableasanauthentication systemfortheentireinternetasconfiguration involvessettingupadatabaseofusers. X.509Certificateisidealforauthenticationand keyexchangeovertheentireinternet butdue tosheernumbersahierarchyofCAsisrequired.

Intruders and Intrusion Detection (Part 1)

Intruders
Three classes of intruders. One set of definitions (which we will use in this course) comes from Anderson (1980) : Masquerader Misfeasor Clandestine user
http://csrc.nist.gov/publications/history/ande80.pdf Computer Security Threat Monitoring and surveillance

Intruders
Masquerader : an individual who is not authorised to use the computer and who penetrates a systems access controls to exploit a legitimate users account. (usually an outsider) Misfeasor : a legitimate user who accesses data, programs or resources they are not authorised to use. (generally an insider) Clandestine User : An individual who seizes supervisory control of a system. (can be an outsider or an insider) No clear-cut!

Intrusion Techniques
System maintains a file that associates a password with each authorised user. In all modern systems, the default behaviour is to have the password file protected. Password file can be protected with: One-way encryption Access Control The idea is that you dont want many people able to read the password file!

Password File Protection

One way encryption. The system stores a hash of the password in the file. Even knowing the hash, it is very difficult to work out the password. Access Control. Only certain users of the system can access the password file.
Most modern systems use both methods to protect password files.

The Stages of a Network Intrusion

1. One way or another login to the system as a user (either normal user or the root user). 2. If you are not logged in as root, get access to Shell program which is suid (has root privileges). 3. Replace systems files with a hacker version, that will let Cracker have free access in the future without his cpu time or disk storage space being noticed by auditing programs. 4. Initiate a coordinated attacks. 5. lpr -r

Intrusion Techniques (1)

Techniques for guessing passwords: Try default passwords. Try all short words, 1 to 3 characters long. Try all the words in an electronic dictionary(60,000). Collect information about the users hobbies, family names, birthday, etc. Try users phone number, social security number, street address, etc. Try all license plate numbers (MUP103).

Prevention: Enforce good password selection a mixture of upper and lower case letters plus numbers plus some punctuation/special characters. (Ij4Gf4Se%f#)

Intrusion Techniques (2)

Use a Trojan Horse Exploit a weakness in software Tap the line between a remote user and the host system Exploit a weakness in a server on the system.

Benefits of Intrusion Detection Systems (IDS)

The intruder can be identified and rejected from the system. An effective intrusion detection can prevent intrusions. Intrusion detection enables the collection of information about intrusion techniques that can be used to strengthen the intrusion prevention facility.

Network Intrusion through a server

1. Scan

the network to: locate which IP addresses are in use, what operating system is in use, what TCP or UDP ports are open (being listened to by Servers).

2. Run Exploit scripts against open ports in an attempt to gain access. 3. Once access has been gained, go through the stages of network intrusion as stated in previous slide.

Profiles of Behavior of Intruders and Authorized Users

Intrusion detection systems work on the premise that the behaviour of an intruder differs from that of a legitimate user in ways that can be quantified. The distinction between the two however, is not always clear-cut. The graph at the left shows that there is often an overlap in the behaviour of intruders and legitimate users.

IDS project

Intrusion Detection
There are two broad approaches to intrusion detection:

Statistical anomaly detection Rule based detection Lets look at each of these separately

Statistical Anomaly Detection

This involves the collection of data relating to legitimate users over a period of time. Then statistical tests are applied to observed behaviour to determine with a high level of confidence whether that behaviour is not legitimate user behaviour. Threshold Detection : This approach involves the setting of various thresholds, independent of the user, for the frequency of occurrence of various events. Profile Based: A profile of the activity of each user is developed and used to detect changes in the behaviour of individual accounts.

Statistical Anomaly Detection (1) Threshold Detection

Threshold analysis : Counts the number of occurrences of a particular event. If it goes over a certain count, then an intrusion is deemed to have occurred. It is a fairly crude measure. Both the threshold count level and the time in which it occurs need to be determined. The danger with this approach is that there will be too many false positives and false negatives. Which one is more severe?

Statistical Anomaly Detection (2) Profile based anomaly detection

This approach looks at the past behavior of users and then looks for significant deviations. A profile is built from these records. Significant deviations from the profile are flagged as intrusions.

Metrics used in the Profile

Counters a count of certain events over a certain time period. Examples include :
Number of logins Number of times a command is executed Number of failed login attempts

Gauge
Number of logical connections assigned to a user app. Number of outgoing connections assigned to a user app. Or process.

Interval Timer
Length of time between 2 related events such as successive logins

Resource Utilisation
Number of pages printed during a session Time used by a program

Analysis of Metric Deviations

A number of tests may be applied to deviations in the metrics to see if the deviation is unusual:

Mean and Standard Deviation Multivariate Markov Process Time Series Operational

Rule Based Intrusion Detection

Looks at events happening in a system and applies a set of rules to them. It then makes a decision as to whether the behavior is suspicious. Two types of rule based Intrusion Detection
Rule Based Anomaly Detection Rule Based Penetration Identification

Rule Based Anomaly Detection

Similarities to statistical anomaly detection Uses historical records to determine normal behaviour Rules represent past behaviour of various entities in the system users, programs, terminals, privileges, etc. To be effective, a large number of rules, (104 106) is required. How to combine rules?

Rule Based Penetration identification

This takes an approach based on expert system technology. Rules are generated by experts (system administrators) Rules are heuristic i.e. have been found to be effective by trial and error.

Some example heuristic rules

Users should not read files in other users personal directories. Users must not write other users files. Users who log in after hours often access the same files they used earlier. Users do not generally open disk files directly but rely on higher level operating system utilities. Users should not be logged in more than once to the same system. Users do not make copies of system programs.

Distributed Intrusion Detection

Most research into IDS has looked at systems on one host. Some recent research into intrusion detection systems has looked at distributed IDS.

Distributed Intrusion Detection Issues

In a mixed environment e.g. Windows, Unix, Cisco IOS and other host operating systems, iPhone iOS?, different operating systems may have different formats for their logs and IDS records. If one or more nodes is a collection point, then the data transferred to collection points needs to have its confidentiality and integrity assured. Unclear whether a centralized or decentralized (i.e.. one collection point or many) architecture is best. Each has advantages and disadvantages.

Intrusion Detection Exchange Format

The IETF Intrusion Detection Working Group is currently researching Intrusion detection systems. The aim is create data formats and exchange procedures for exchanging information of interest to Intrusion Detection Systems, Intrusion Response Systems and management systems.

Honeypots
A honeypot is a system deliberately set up to attract intruders. Honeypots are designed to: Divert an attacker from attacking critical systems Collect information about the attackers activity Encourage attackers to stay on the system long enough to for administrators to respond. Can also be used for research into hacking techniques.

Password Protection
On many systems a user ID and Password is necessary to access the system. The password authenticates the user ID. The ID provides security by :

Restricting users of the system to those who have IDs Determining what privileges a user with a certain ID has. Individual users can use discretionary access control to grant permission to selected other users to read, write and execute files.

UNIX Password Scheme

The purpose of the salt

Duplicate passwords dont look the same in the password file. Effective password length is increased by 2 characters without the user having to learn 2 new characters.

Vulnerability of Password
Two dimensions increase the security of passwords. These are the length of the password and the range of characters used. The graphic on the next slide shows the interrelationship between the two.

Password Strength

Password Research
There has been some research on the passwords people choose. For example, the table below shows the distribution of the length of passwords at a very large network with 7,000 accounts (Purdue University 1992)

Password Generation
There are a number of approaches to password generation Computer-generated passwords these work but have a poor record of acceptance by users. Reactive password checking the system periodically tries to crack the passwords of users on the system. All cracked passwords are cancelled and the user notified. Proactive password checker this scheme allows the user to create their own password, but checks it for strength. Sophisticated proactive password checkers may use a Markov Model or Bloom Filter.

Markov Model Password Checker