This talk is intended for Graduate or Under graduate students as an attempt to motivate them into this exciting field of computer security
This talk is by no means complete although constantly evolves to be comprehensive
1. Security Science
And
Engineering
Sashank Dara
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 1
2. This talk is intended for Graduate or Under graduate
students as an attempt to motivate them into this
exciting field of computer security
This talk is by no means complete although constantly
evolves to be comprehensive
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 2
3. Science
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 3
5. Flaws can be Disastrous
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 5
6. Boundaries to breach
Bumble bee aerodynamically cannot fly, what does this mean ?
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 6
7. Symbols and Interpretation
Engineering application,
Scientific Theory,
Product
Framework,
Mathematical Model
Scope for
A Flaw either in theory or
breaching
in application that resulted
theoretical or
In disaster
practical
boundaries
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 7
8. Foundations
• Authentication
• Authorization
• Confidentiality
• Integrity
• Non Repudiation
• Availability ( Non Denial of service)
Note : Any a security application, appliance or
research would be about achieving combination of
above properties or their variants
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 8
9. Authentication
Less formally , this involves confirming the identity of a person
or software program. “you are who you say you are”
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 9
10. Factors and Identity
• Ownership Factors, something the user has, say ID Card,
Security token, Phone etc.
• Knowledge Factors, something the user knows, say
password, passphrase, PIN, challenge response
• Inherence Factors, something the user is or does, say
finger print, DNA sequence, retinal scan, voice, facial
recognition
• Two factor authentication is an approach to
authentication which requires the presentation of "two or
more" of the three authentication "factors"
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 10
11. Applications
• Single sign-on, a user logs in once and gains access to all
systems without being prompted to log in again at each of
them
• Open-Id, Users may create accounts with their preferred
OpenID identity providers, and then use those accounts as the
basis for signing on to any website which accepts OpenID
authentication.
• Kerberos, is a computer network authentication protocol
which works on the basis of "tickets" to allow nodes prove their
identity to one another in a secure manner.
• BrowserID is a decentralized identity system that makes it
possible for users to prove ownership of email addresses in a
secure manner, without requiring per-site passwords
• Two-Factor authentication
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 11
12. Caveats
• Security experts argue that it is impossible to prove the identity of a
computer user with absolute certainty. Any given test can be
spoofed one way or another, with varying degrees of difficulty. –
Wikipedia
• Strong Passwords are difficult to remember
• Finger printing has been successfully spoofed using glue and thumb
impressions
• Facial recognition can be beaten using photographs !
• Voice can be easily mimicked !
• ID Cards, Phones, Security Tokens can be subjected to theft !
• U S Government defines strong authentication as layered
authentication approach relying on two or more authenticators to
establish the identity of an originator or receiver of information.
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 12
13. Authorization
Function of specifying access rights to resources,
More formally, "ʺto authorize"ʺ is to define access policy.
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 13
14. Authorization
• For example, human resources staff are normally
authorized to access employee records, and this
policy is usually formalized as access control rules in
a computer system.
• During operation, the system uses the access
control rules to decide whether access requests
from (authenticated) consumers shall be approved
(granted) or disapproved (rejected)
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 14
15. Access Control
Access Control includes Authentication, Authorization, Audit
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 15
16. Two Steps
• Policy definition phase where access is authorized
o This step is more of Authorization phase
• Policy enforcement phase where access requests
are approved or disapproved
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 16
17. Access Control Lists
• In short a list of permissions attached to an object or
a collection of objects
• File system ACLs, is a data structure (usually a table)
containing entries that specify individual user or
group rights to specific system objects such as
programs, processes, or files.
• Network ACLs, is a list of rules specifying the services
that can be accessed by inbound and outbound
traffic.
o Firewalls predominantly are based on ACL’s
o Famous five tuple ( Source IP , Destination IP, Source port , Dest Port ,
action)
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 17
18. Security Models
• Discretionary based access control
o Users (owners) have the ability to make policy decisions and/or assign
security attributes.
o Example is Unix file mode info represented by rwx bits
• Mandatory based access control
o Decision making authorities have the ability to make policy decisions and/
or assign security attributes
o Users do not have ability to make policy decisions
o Example is SELinux framework
• Role based access control
o Combination of DAC and MAC, typically used in enterprises
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 18
19. Security Models
• Context based access control
o Deep packet and stateful inspection of firewalls
• Capability based Security
o a capability is a token, ticket, or key that gives the possessor permission to
access an entity or object in a computer system
o In contrast there are no ACLs !
• There are many other models
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 19
20. Mathematical models
• Conflicts in access control list can open up security
holes !
o Often misconfiguration of firewalls resulted in disasters !
• Can we mathematically model access control list ?
o Boolean logic
o Lattice based access control models
• Can we prove they are formally correct and
complete ?
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 20
21. User level Access Control
• Identity management, describes the management of
individual identities, their authentication, authorization, roles ,
and privileges
o Password managers, LDAP, Etc.
• OAuth allows users to share their private resources (e.g.
photos, videos, contact lists) stored on one site with another
site without having to hand out their credentials, typically
supplying username and password tokens instead
o Complimentary to OpenID
• SAML, Secure Assertion Markup Language is an XML-based
open standard for exchanging authentication and
authorization data between security domains.
o Primarily to solve and standardize single sign on
o Quite popular among identity based solutions
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 21
22. Network Access Control
• Firewalls, often touted as first layer of defense in any
organization’s security design
• First generation firewalls were mere packet filters
based on five tuple
• Second generation firewalls are stateful and do
deep packet inspection
• Third generation firewalls are more “context-aware”
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 22
23. Confidentiality
Confidentiality is the concept of ensuring that data
is not made available or disclosed to unauthorized
people.
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 23
24. Integrity
Data Integrity in broadest meaning refers to the trustworthiness
of information over its entire life cycle
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 24
25. Cryptography
• Cryptography simple stated is the art of “Secret
writing”
• Traditional Cryptography has been used
successfully for authentication, confidentiality,
integrity
• Confidentiality cannot be achieved without
cryptography
o Exception a technique called chaffing and winnowing was proposed but
that is not practically strong enough
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 25
26. Cryptography
• Art of secret writing dates back to thousands of years
• cryptography was chiefly concerned with linguistic and
lexicographic patterns until twentieth century
• Now extensive use of of mathematics, including aspects of
information theory, computational complexity, statistics,
combinatorics, abstract algebra, number theory, and finite
mathematics generally
• And lately even quantum theory and chaos theory too !
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 26
27. Cryptanalysis
Myth: The Enigma was too complex to be
broken
-‐‑ ... as believed by the German Military
• Fact: The Enigma was broken almost
daily for years during WWII
This particular work by Landon Curt Noll is Licensed under CC Attribution-Share Alike 3.0 Unported License 27
28. Cryptographic Engg
• Many implementation challenges
o Key management
o Pseudo Random Number Generators
o Side channel attacks
o Tamper proof hardware
o Verification techniques
o Protocol Analysis
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 28
29. Protocols
• Secure Sockets Layer (SSL/TLS)
• IP Sec
• VPN’s
• PGP
• Many many to name a few
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 29
30. Caveats
• Myth: The larger the key, the stronger the key
• Fact: Key size is no guarantee of key strength
• An early web browser with 128-bit SSL keys
o Key was generated by the random() pseudo-random number generator
o With only 4 billion different srandom() seeds, only 4 billion different SSL keys
could ever be generated
o Only 32 bits of real protection
• There are more important issues than size:
o - Generating keys that cannot be guessed
o - Securely storing keys
o - How humans use a key
o - How unattended machines use a key
o - Lost key recovery
o - Key life-cycle management
This particular work by Landon Curt Noll is Licensed under CC Attribution-Share Alike 3.0 Unported License 30
31. Caveats
• Large Key but Weak Key Example, The US “nuclear
football”
o Nuclear launch authorization code was long but until 1976, the code was
all 0’s!!! Really !!!
• Larger keys do not necessarily mean better
o Key size cannot overcome a predictable method of generating it
o A huge compromised key is much worse than a smaller well-managed
key
o The cost of discovering the key must be higher than the value of the data
being protected
This particular work by Landon Curt Noll is Licensed under CC Attribution-Share Alike 3.0 Unported License 31
32. Applications
• Entire Web Commerce infrastructure SETS,HTTPS
• Virtual Private Networking
• IPSEC
• Cryptography in wireless applications (mobile
phone, WLANs, analysis of standards, etc.)
• Cryptography for pervasive computing (RFID, sensor
networks, smart devices, etc.)
• FPGA design security
• Hardware IP protection and anti-counterfeiting
• Reconfigurable hardware for cryptography
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 32
33. Applications
• Smart card processors, systems and applications
• Security in commercial consumer applications (pay-
TV, automotive, domotics, etc.)
• Secure storage devices (memories, disks, etc.
• Technologies and hardware for content protection
• Trusted computing platforms
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 33
34. Non Repudiation
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 34
35. Non Repudiation
• A service that provides proof of the integrity and
origin of data.
• An authentication that with high assurance can be
asserted to be genuine.
• Entire Public Key Infrastructure is built for this
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 35
36. Availability
( Non Denial of Service)
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 36
37. Denial of Service
• A DoS attack can be perpetrated in a number of
ways. The five basic types of attack are:
o Consumption of computational resources, such as
bandwidth, disk space, or processor time.
o Disruption of configuration information, such as routing
information.
o Disruption of state information, such as unsolicited resetting
of TCP sessions.
o Disruption of physical network components.
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 37
38. Denial of Service
• A DoS attack may include execution of malware
intended to:
o Max out the processor's usage, preventing any work from
occurring.
o Trigger errors in the microcode of the machine.
o Trigger errors in the sequencing of instructions, so as to
force the computer into an unstable state or lock-up.
o Exploit errors in the operating system, causing resource
starvation and/or thrashing, i.e. to use up all available
facilities so no real work can be accomplished.
o Crash the operating system itself.
• Few DOS Attacks
o Smurf attack , Ping flood , Ping of death, SYN Flood
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 38
39. Intrusion Prevention
systems
• Are network security appliances that monitor network and/or
system activities for malicious activity
• First generation were Intrusion Detection Systems
• Classification
o Network based
o Host based
o Wireless IPS
o Network Behavior Analysis
• IPS checks for malware, worm outbreaks, DDOS attacks
• An IPS can also correct Cyclic Redundancy Check (CRC)
errors, un fragment packet streams, prevent TCP sequencing
issues, and clean up unwanted transport and network layer
options.
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 39
40. Intrusion Prevention
systems
• Detection Methods
o Signature Methods
o Statistical anomaly detection
o Stateful protocol Analysis Detection
• Other Recent Trends
o IP Reputation
o Global Correlation
• Popular IPS (Open Source)
o Snort
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 40
41. Security Principles
• Security is an afterthought , internet was built to share
physics documents among researchers but not social
networking, commerce and everything
• Security by obscurity is disastrous,
o Kerckhoff’s principle A cryptosystem should be secure even if everything
about the system, except the key, is public knowledge.
• Security is as strong as its weakest link and often its the
people.
• There is no silver bullet
• Security is a process rather than a product.
• Defense in depth
• Risk Assessment , Threat modeling , compliance can
mitigate
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 41
42. Conclusions
• Few things not yet covered
o Cloud security
o Threat modeling
o Popular Attacks
o Secure Development Life cycle
o Social Engineering
o Security Management
o Many Others ..
• This talk is a work in progress, so it would be
continually evolving do come back to check for
latest revisions of the file
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 42
43. Contact
• I can be reached at
o Krishna.sashank@iiitb.org
o http://www.linkedin.com/in/sashankdara
• Note : Parts of the work is taken from Landon Curt
Noll as mentioned in the foot notes where ever
relevant.
o He can be reached at http://isthe.com/chongo/
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 43
44. This work is made available under Creative
Commons Attribution-Share Alike 3.0
Images courtesy : Google Images
This work by Sashank Dara is licensed under CC Attribution-ShareAlike 3.0 Unported 44