Chapter 4 Logistic Security Approaches Logistic approaches are

Chapter 4 Logistic Security Approaches

§ Logistic approaches are based on management techniques to provide the security measurements § Typical approaches: l l l l password, Key management protocols, access control, convert channel, composing security, privileges and roles, security kernel

4. 1 Passwords § Is the only explicit protection used to authenticate identity for access to a computer system § most common techniques are: l l l user generated password computer generated password tunable password

4. 1. 1 User Generated Password § Created by user for his own use § selected passwords are normally pleasant or enjoyable images of their mind § require no writing down of passwords more safe § but is quite easy to guess § can be cracked by electronic search because high percentage are words in Dictionary

Example from Internet Attack 1988 with passwords start with ‘a’

Obvious Personal Attributes § Spouse’s name, children’s name, pet name, birthday § license plate number, telephone number § initials § year of marriage § female surname or name (are sufficient to get into various account in Bell Labs)

Keyboard Patterns § § § Ghghgh bbbbb 123 -09 qwppo 1 qaz etc

Re-used passwords § Normal users with access to various systems will maintain the same password pattern § if attacker crack a password in a less secured environment, this password may be used to crack some more secured system

4. 1. 2 Computer Generated Password § § Created by computer to be less predictable poor password can be removed from system normal a choice of password is provided to prevent possible attack, password aging technique is used, that is new password is generated periodically § disadvantage: difficult to remember

4. 1. 3 Tunable Password § Compromise approach for user and computer generated password § allows system administrator to provide users with part of a password § user can use this to construct a new password according to specified rules § Example: computer generated w 5 G and user can provide prawn 5 GRAND or why 55_Go 60 § advanatge: of both user and CG password

4. 1. 4 Dynamic Password § Similar to tunable password § the CG password part is generated by computer and a tag (portable device) and user part is the same § require synchronization of Password Generation § Advantage: prevent tapping the static password via the network

4. 1. 5 Password Cracking § Critical consideration for selecting password protection scheme should be more difficult for a determined attacker in cracking the password with automatic assistance § present state of computer (3 -400 MIPS) is capable of cracking 4 -char length of 128 character sets of ASCII data in few seconds.

4. 1. 6 Password Encryption § Required if the attacker can simply steal the stored password § use of encryption will help reducing the chance of being cracked § can be attacked by using encrypted password as entry for electronic search instead of the raw password extracted from dictionary

4. 1. 7 Password salt § Technique is based on adjusting the password by adding some random characters before encryption takes place § this technique can confuse electronic search because a similar tunable password is applied § Example : scrap is modified to scrap 7^ for encryption

4. 1. 8 Example: Unix Password Management § Allow user to define their password § password is stored in file called etc/passwd § the data stored are encrypted version with loging name and administrative information § Example: root: v. Bbddf. RT 56 x 34, M. y 8: 0: 0: admin: /: /bin/sh

4. 2 Key Management Protocol § Computer system requires to communicate remotely to other systems via communications network § it may not be useful to type in password or use a smart card § approaches are developed to identifying and authenticating the systems § techniques are called key management protocols

4. 2. 1 Attacks to Remote Communications § The most popular attacks are: l l l disclosure to unauthorized listener receipt of message from a masquerading sender corruption or blocking of sent messages

Disclosure to Unauthorized Listener § When messages are passed by sending entity along some communications medium to a remote receiving entity, the possible emerges that a third malicious entity (an intruder) could read these messages by simply observing and interpreting the data traveling along the medium sender messages receiver “observe” intruder

§ Attacks require that the intruder has the ability to decipher the information being transmitted along the tapped medium § As a result, encryption will provide a useful means for mitigating the effect of this type of attack § Key management protocols will ensure such an attack cannot occur by encrypting messages with keys that are only known by the appropriately authorized entities

Receipt of Message from Masquerading Sender § Some sending entity masquerading as another sender results bad messages were sent from an intruder sender receiver Bad messages intruder § avoided by providing a mean for senders to uniquely identify themselves when messages are sent

Corruption or blocking of sent messages § This attack involves a message sent by a sender being corrupted or blocked by an intruder sender Good messages receiver Bad messages intruder § difficult to encounter, possible to use check sum

4. 2. 2 Private Key Protocol § A private key protocol involves a single key that is known by two entities who wish to communicate § Advantages: provides solution for disclosure protection and authentication and work well with DES § Disadvantages: entity needs to maintain a separate key for each remote entity and key distribution can be a problem too

Send Message M Compute [M]k Compute [[M]k]k] Sender Private Key Protocol Receive message M Receiver

4. 2. 3 Public Key Protocol § A public key protocol involves a key pair, i. e the secret and public keys, that are held separately by two entities who wish to communicate § Advantages: allow system communications without the need for the storage and maintenance of many private keys § Disadvantages: more complex and computational intensive

Send Message M [[M]SB] PA Compute [[[[M]SB] PA]SA]PB] Sender(B) Receive message M Receiver(A) Public Key Protocol SA, PA = Secret and Public keys of A SB, PB = Secret and Public keys of B

4. 2. 4 Example: Secure Terminal/Host Communication § System consists of a host that communicates with a collection of terminals in a manner that uses key managed encryption protocols to ensure secrecy of all information passed § The host maintains a collection of session keys that dynamically generated for each communication session with a terminal and a collection of terminal keys that are fixed for the set of terminals

§ Each terminal has its fixed terminal keys § The host maintains a cryptographic facility that contains master keys to encrypt and decrypt terminal and session keys § Each terminal maintains its own cryptographic facility § Notation: l l Ek(cleartext) is cleartext encrypted using key K and Dk is ciphertext decrypted using key K

Silent characteristics § The terminal communicate directly with the host and a new session key is generated for each communication session § Since the host and each terminal contain the terminal key, it is used in private key protocol to distribute the session key. Both the host and terminal can encrypt and decrypt the terminal key using the master terminal key or the specific terminal key at each terminal. Each session is established.

§ Each time a new session is established, the host updates its session key table with a new encrypted entry Emsk(new session key) where msk is the secret master key for session keys § communication between host and terminal can thus follow a simple key managed protocol using the session key, where messages sent from the host to a terminal i would be of the form Eski(message) [where ski is the session key for i] and messages received from a terminal i would be deciphered by computing Dski(message)

Step 6: recover message Dski(Eski(Mi h)) Step 4: Dmsk(Emsk(ski)) or Dtki(Etki(ski)) Step 1: transmission of msk or Tki via secure means Host hold: msk, Tk’s and sk’s Terminal i Tki or msk generate Step 2: Session key Step 6: recover message Dski(Eski(Mh i)) Step 3: Emsk(ski) or ETki(ski) Eski(Mh i) Eski(Mi h) Step 5: Message M Secure Terminal/Host Communications (Repeat steps 2 to 6 for new transmission)

4. 2. 5 RSA Implementation § Select two large prime numbers p and q each about 100 digits long § compute n = pq and =(p-1)(q-1) § chosse an integer E between 3 and which has no common factors with § select an integer D, such that DE mod =1 § Make E and n public and keep p, q, D and secret

Example: § P = 5 and q = 7 § n = 35 and = 24 choose E = 11 since 3 < 7<24 and HCF(7, 24) = 1 § select D = 7 where 7 x 7 =49 and 49 mod 24 =1 § Let the message = 3, C = 37 mod 35 =2187 mod 35 = 17 § P = 177 mod 35 = 410338673 mod 35 = 3

4. 2. 6 Arbitrated Protocols with Third Party § An alternative for point to point key management protocols between senders and receivers is an arbitrated protocol that utilizes a third party to ensure authentication between communication entities § Two possible schemes l l arbitrated routing protocol arbitrated communication establishment protocol

Arbitrated Routing Protocol § This scheme requires that the routing not introduce any security problem such as routing a secret message through a party that should not have access to such information § example: message is passed to a router and user associated with that router have access to the message

Arbitrated Communication Establishment Protocol § This involves the third party arbiter establishing authentication between the senders and receivers so that communication can proceed without continued involvement of the arbiter § this scheme often involves the creation of tickets by the arbitrator that allows for subsequent secure communication

Arbitrator A Message to C from A B Routed message to C from A C Arbitrated Routing Protocol Arbitrator (1) request communications from C A B (2) establish communications (3) communications between A and C Arbitrated Communications Establishment Protocol C

4. 2. 7 Key Distribution § Key distribution is a key issue for the establishing of a secured key management protocol § Key distribution is normally achieved via a Key Distribution Centre (KDC) via a secure channel

Sender Encrypted Message key Receiver key KDC Secured channel normal channel Centralized Key Distributor

4. 2. 8 Digital Signatures § Public Key Protocol is applied to “digital signatures” § Digital Signature is useful for direct communication or § as a third party authenticating systems § DS can be included as part of the message protocol for identity purpose

Concept § Step 1: Sender A transmits the digitally signed message (H, M, [Checksum(M)]SA) to B where H is the ID, M is the message and [Checksum(M)]SA is encrypted checksum § Step 2: Receiver computes the checksum and compared with the decrypted “encrypted checksum” [[Checksum(M)]SA ]PA § if both checksum are equal, the sender must be H and no message was corrupted during delivery

4. 3 Access Control § Access control provide a degree of protection from malicious attacks § it is defined as comprising those mechanisms that enforce mediation on subject requests for access to objects as specified in the security policy § Two main types of access control: l l discretionary access control (DAC) mandatory access control (MAC)

4. 3. 1 Discretionary Access Control § A DAC mechanism is defined as comprising those procedures and mechanisms that enforce the specified mediation at the discretion of individual users § This provide users with flexibility to protect their files and resources by setting DAC parameters as they see fit § However DAC parameters are easily changed and thus subject to Trojan Horse attack

4. 3. 2 Mandatory Access Control § MAC is defined as comprising those procedure and mechanisms that enforce the specified mediation, not at the discretion of individual users but by the system administration § Restriction imposed make it easier to establish an enforceable security policy § Do not allow users to change access control parameters and thus helps to reduce Trojan Horse attacks

4. 3. 3 Access Matrices and permission mechanism § Access matrices are used to define the access rights of the corresponding subjects (people) to the corresponding objects (resources) Subjects S 1. . . SN Access Right O 1 02 … Objects OM

§ Permission Mechanisms: l l e. g. owner/group/other in UNIX (rwx) all groups with read/write/execute permission (r-x) all groups with read/execute permission only special program setuid (set user identification) allows user to perform some task for which they would normally not have proper authorization

4. 3. 4 ACL and Capability Mechanism § Another ways is by use of access control list (ACL) § Example: Subjects X, Y, Z and objects A, B, C X: A, B Y: A Z: A, B, C § Capacities are represented conceptually as the reverse of ACLs about the specific access

4. 3. 5 Examples - MAC Implementation user Open(a, b) Invocation of command Underlying open routine sequence System call interface Operation disallowed and sequence completes Call to MAC routine Operation allowed and sequence completes MAC routine

4. 3. 6 Attacks Countered by Access Control § Attacks: l l Malicious attempts to attack certain resources inadvertent requests that could cause harm to resources on the system § MAC provides a more effective means for countering such attacks

4. 4 Covert Channel § A covert channel is defined as existing whenever some computer system mechanism is used in an unexpected manner to provide a means by which information can flow to an unauthorized individual § A perfect channel is defined as having a sender, a receiver and a perfect communication path that passes message between the two entities.

Overt channel Sender Overt Information flow mechanism receiver Mechanisms Not Intended for Information Flow Covert Channel Overt and Covert Channels

4. 4. 1 Covert Storage Channel § One type of covert channel exists is called covert storage channel. § In covert storage channel, information are passed unexpected and unauthorized manner from a high (secure) user to a low (secure) user § Example: ls commands in UNIX where low user can find out the name of the high user files and initial some attacks. . It can be avoided by hiding the filenames to low user

4. 4. 2 Covert Timing Channels § Another is called a covert timing channel where some resources are shared between both high and low users § Normally, a monitor program such as cpu_monitor is used to monitor the access control, auditing and authentication of the resources of both types of users. § Attacker (low user) may remove the cpu_monitor program or introduce some noise in confusing the detection of states in order to prolong the processing time and initiate attacks

4. 4. 3 Resource Matrix Approach § To analysis possible existence of covert channel, a resource matrix approach is used § The matrix is composed of resources as row and lowest level operation as column. § The contents of the matrix elements are M or/and R which denotes modification and read respectively § The presence of M represents a high potential of establishing a covert channel.

4. 4. 5 Computers as the Weakest Link § Because computer can be access by both high and low users, the establishment of covert channel is high. § Normally cover channels are fixed if vulnerabilities exist. The simplest way to remove covert channel is by using hardcopy instead of electronic transfer which may not be viable in the IT age.

4. 5 Composing Security § When two or more secure systems are connected together, they may not compose into a secure system as expected. § Because non-deducibility and noninterference security are normally not exist § Compositional analysis must be carried out to ensure two/more systems are connected securely. § The presence of covert channels will further weaken the security properties.

4. 6 Privileges and Roles § A privilege is defined as a collection of related computer system operations that can be performed by users of that systems. By operations, we mean low-level system activities. § A role is defined as a collection of related privileges.

§ Privileges can exist in multiple different roles. This implies that if a given privilege is required, then in some cases, a choice of which role should be allocated § A role might contain only one privilege. § A role might be defined to include every privilege. role Priv Priv role

4. 6. 1 Role based attacks § Attacks arises when security is not considered in the allocation of roles to users § Example a user was granted with a supervisor role in UNIX based system § This will results a more potentially destructive power to a user then is desired § An attack may occurs if some user is granted a role that contain certain privilege that the user should not have.

§ The possibility is high if the number of roles is smaller and the associated privilege is larger. § As a results, privileges and roles must be designed in a manner that maximizes the granularity of privilege allocation without so many roles that their administration and allocation becomes overly complex.

4. 6. 2 Principle of Least Privilege § The principle of least privilege states that users should only be granted privileges to perform operation for which they have a legitimate need. § Designer based on this rule should ensure the granularity of role is fine enough to allow for different types of allocations.

4. 6. 3 Transformation and Revocation § By transformation, we imply that some change is being associated with the privileges allocated to a user. The transformation of privilege may occur internally to a single user in which certain roles and privilege are changed.

§ Transformation may also occur externally to a single user in which a user transfer a role or privilege to another user. Usually, external transformation occurs when a user is associated with a role or privilege that allows for such transfer to another user. § Privilege or role revocation is a special type of privilege transform that involves the timely removal of the ability to perform certain operations, presumably because of some event that changes the job requirements.

§ Example: if a user associated with some privilege or role and is found to be a malicious intruder with motivation to harm the system, then immediate revocation of that user’s role and privilege may be necessary. § Examples: commands in UNIX $ su adduser $ su deluser

4. 7 Security kernels § A security kernel is defined as an isolated portion of a computer system that is designed to enforce the security policy of the system.

Users and Application Operating System Security Kernel Hardware Security Kernel Organization

4. 7. 1 Principles of Kernel Design § Avoidance of Tampering: must protect from malicious or inadvertent tampering. Explicit attention must be placed on ensuring the security kernel is tamper-proof. § Avoidance of Bypass: Kernel must be designed in a manner that ensures complete avoidance of security kernel bypass by a subject requesting some service.

§ Provision for Assurance: Convincing evidence is needed to assure a system is secure: l l demonstrated secure usage over a period of time full documentation on security mechanisms, development methods, relevant information to ensure proper attention is addressed results of security tests - ensure security results of penetration tests - ensure all possible attack

l l Formal methods to prove evaluation, certification or accreditation from authority individual or agency § Hardware Mechanisms: hardware to implement certain portions of security kernel functionality presents some advantages l l l provide memory protection protect integrity of executing processes provide security support for I/O operations

§ Minimization of Complexity: if system is large and complex, the formal proof will be hindered. Minimizing the size of kernel is critical. § Fault tolerance: must designed to resist against any classes of faults because recovery from fault is always complicated and needs human intervention.

References: § Amoroso: chapters 19, 21 -26