security 2/total

host in terms of network

catchall for network-connected devices

probability of an attacker getting the answer in the split X_0 and X_1 password thing

(1/2)^n

multilevel security MLS

unclassified

confidential

secret

top secret

goal: information flow between lecels

Bell-LaPadula BLP

focus on confidentiality

no read up, no write down

prevent secret information from leaking downward

Biba model

focus on integrity

no read down, no write up

prevent untrusted/dirty data from contaminating trusted data

purpose of the network

transfer data between hosts

where do hosts live

at the edge

what is the core of a network

interconnected mesh of routers

purpose of the network core

route data through network from host to host

security protocols

communication rules followed in security applications

authentication protocol conclusions

• repeating a non-mutual auth protocol doesn’t need to be secure for mutual auth

• protocols and attacks on protocols can be subtle

• obvious changes to protocols can cause unexpected security issues

conclusions about mutual authentication protocol

• having two sides in a protocol do the same thing can leave you open to an attack

• “insignificant” changes to a protocol can result in big changes in security

why are session keys needed for authentication

• encrypt data within each session

• limit data encrypted with any one particular key

• limit dmg if one session key is compromised

what CIA do session keys provide to messages

confidentiality or integrity (or both)

session key public key auth protocol

alice sends identification and R

bob sends {R,K}_(alice)

alice sends {R+1,K}_(bob)

session key signing auth protocol

alice sends identification and R

bob sends [R,K]_(bob)

alice sends [R+1,K]_(alice)

difference between public key and signing when using session keys for auth protocol

signing provides mutual authentication

what benefit do you get from encrypting first then signing?

mutual authentication and secure session key

perfect forward secrecy

using a session key K_S that you can forget easily for protection, if trudy gets a session key then it’s fine

what does perfect forward secrecy prevent

trudy from using the symmetric key (in the case she somehow gets access) to decrypt all the messages

advantage of timestamps over nonce

less messages

advantage of nonce over timestamp

time isn’t a security critical parameter

what is a salt and how is it used

random string of bits that’s hashed with a password and is stored along with the password for verification

why is salt useful when hashing passwords

makes forward search attack more difficult

in high security environment is it better to use weak methods to prevent covert channels or do nothing

it’s better to use them since it’s not a burden to implement and it makes trudy’s job more difficult

is it better to use weak inference control or do nothing

it’s better to use it because it’s not hard to implement and again still makes trudy’s job harder

is it better to use a weak cryptosystem or do nothing at all

DO NOT USE THE WEAK CIPHER, encryption implies the data is important so it will be filtered out for further investigation

capabilities (c-lists) in lampson’s access control matrix

rows attached to/based on subject, what files/resources can this user/process use

access control lists (ACLs) in lampson’s access control matrix

columns attached to/based on object, who can read/write to this file

differences between authentication problem and identification problem

• authentication is 1-to-1 comparison, identification is 1-to-many

• auth has cooperative subjects, id maybe have uncooperative subjects

which is easier, authentication or identification?

authentication because it’s 1-to-1 rather than 1-to-many, so there is less chance of error

which layer of protocol stack does packet filter operate

network

which layer of protocol stack does stateful packet filter operate

transport

which layer of protocol stack does application proxy operate

application

what is the point of stating identity in authentication protocol

so the busy server can know which key to use/who it’s communicating with

authentication asks

are you who you say you are

authorization asks

are you allowed to do that?

human-to-machine authentication is based on one of 3

• something you know

• something you have

• something you are

why do we keep using passwords despite being weak

cheap, easy to manage and reset

which remembers, stateful or stateless?

stateful

attack on stateful

DNS attack because it keeps sending to the server to make it use up more memory, DoS

attack on stateless

ARP cache poisoning, trudy can be the man in the middle

confused deputy

alice has lower privileges than the compiler

she can send a command that confuses the compiler to use its own privileges to overwrite/delete the file

64 possible choices for each character

password must be 16 char, if longer its cut, if shorter it’s padded with “A” until it’s 16 long

it’s split into two parts X_0 and X_1

X_0 is the first 8 and X_1 is the last 8

compute and store Y_0 = h(X_0) and Y_1 = h(X_1)

what is the work for an exhaustive search to recover one specific password

64^8 + 64^8 / 2

rewrite it to 64 ^8 * 2 / 2

The 2's cancel out 64^8

(Rewrite 64 to power of 2 so 2^6) 2^6 * 8

= 2^48

best way to store passwords

hash of the password (especially with salt)

biometrics

something you are

ideal biometrics

universal, distinguishing, permanent, collectable

enrollment

first careful recording of the biometric into the system

recognition

later checking the user during actual use

why is enrollment quality important

bad enrollment weakens the system

fraud rate

attacker is wrongly accepted

insult rate

correct user is wrongly rejected

equal error rate

where fraud rate = insult rate

why does equal error rate matter

good way to compare different biometric systems, lower eer may be better

fingerprint biometrics

based on patterns and minutia, generally strong for authentication, widely used

hand geometry biometrics

measures hand/finger shape, fast and practical, not unique enough for strong identification but okay for authentication

iris scan biometrics

very accurate in theory, based on stable iris patterns, uses hamming distance to compare iris codes, can be attacked with a good photo unless there is a liveness check

biometrics vs passwords

• can be better than pass but aren’t foolproof

• can be spoofed

• db can be attacked

• compromised biometrics aren’t changed easily

2 factor authentication categories

any 2 group combo of what you know, have, or are

single sign-on SSO

authenticate once and that’s all the work for alice, rest of authentication online is done behind the scenes

web cookies

numerical value stored and managed by the browser, also stored by the website

use for cookies

index a database that retains info about the user

how do cookies work

cookie from the browser goes to the site, so it can access the database and remember info about alice, kind of like an SSO

if HTTP is stateless, how can a site maintain state within and across sessions

cookies

solution to the confused deputy problem

using capabilities

orange book TSEC

classify systems by security level, D (minimal) to A (verified), old certification system

whats used more ACL or c-list

ACL

general ACL facts

easy to implement, weak to confused deputy, easy to add privileges (object based)

general c-list facts

easy to add and delete users (subject based), protective against confused deputy, easier to delegate authority

forward search attack

trudy precomputes hashes of common passwords and compares the hashes

best way to get perfect forward secrecy

using diffie hellman

K_S = g^{ab} mod p

where a and b are secret numbers for alice and bob that they need to forget after

ex: alice sends E(g^a mod p, K_{AB})

common criteria

EAL 1 to EAL 7, higher EAL not necessarily more secure in practice, new certification system

common EAL

EAL 4

core classic model

rows = subjects (users/processes)

columns = objects (files/resources)

each entry says what access rights a subject has to an object

compartments enforce what

need to know basis beyond just your level, restriction layer on top of MLS

covert channels

transfer info using a path not intended for communication, bypass normal authorization rules, important in multilevel systems

problem caused by covert channels

even if normal security rules are enforced, info may still leak through unintended means

inference control

protect sensitive info in databases/statistical systems, but safe looking answers can leak sensitive info indirectly

problem caused by inference control

user might not be allowed to see secret data directly but may later infer it from allowed queries or statistics

why you hash passwords rather than encrypt the file with a symmetric cipher

if trudy can get the password file then she can get the symmetric key, hashes are one-way

granularity

level we apply our security labels

fine

too loosely, giving too much info for inference

coarse

too heavily, classifying unnecessary low level info

CAPTCHA

allows humans, blocks bots

why is CAPTCHA kerckhoffs-like

attackers know the system but each random instance is unknown

how do bots beat CAPTCHA

paying humans, or lately they figure out letters through the letter borders

classifications apply to

objects

clearances apply to

humans

application layer

HTTP, SMTP, FTP

transport layer

TCP and UDP

network layer

IP and routing

link layer

ethernet and PPP

the last layer (not application)

physical layer

encapsulation

each layer adds its own header around the data, application data is wrapped again and again as it moves down the stack, real application data stays inside

HTTP client server model

client speaks first, server responds

SMTP and spoofed email

smtp sends email from sender to recipient mail server

commands are human-readable

spoofed emails possible bc of SMTP

DNS

maps names like websites to IP

distributed and hierarchical

why are root dns servers attractive attack targets

they are critical

TCP

reliable delivery

packets arrive in order

flow control

tries to help with congestion control

connection oriented

TCP 3 way handshake

SYN

SYN-ACK

ACK

makes DoS possible through “half-open” connections