CSC 382582 Computer Security Incident Response CSC 382582

  • Slides: 29
Download presentation
CSC 382/582: Computer Security Incident Response CSC 382/582: Computer Security 1

CSC 382/582: Computer Security Incident Response CSC 382/582: Computer Security 1

Topics 1. 2. 3. 4. 5. 6. Future Threats Security in Hardware Software Security

Topics 1. 2. 3. 4. 5. 6. Future Threats Security in Hardware Software Security Economics of Security and Usability Privacy CSC 382/582: Computer Security 2

Increasing Attack Sophistication CSC 382/582: Computer Security 3

Increasing Attack Sophistication CSC 382/582: Computer Security 3

More Data Breaches CSC 382/582: Computer Security 4

More Data Breaches CSC 382/582: Computer Security 4

Future Threats: Profitable Worms: Sobig – W 32 worm using email/network share vectors. –

Future Threats: Profitable Worms: Sobig – W 32 worm using email/network share vectors. – Contains upgrade mechanism • Worm checked sites every few minutes. • When site valid, downloaded code. • Later variants could update upgrade server list. – Downloaded payload from upgrade mechanism • Key logger. • Wingate proxy server (for spam proxying. ) CSC 382/582: Computer Security 5

Future Threats: Vishing Voice Phishing – Send e-mail with phone number. Call into software

Future Threats: Vishing Voice Phishing – Send e-mail with phone number. Call into software voice mail system which uses recordings of real bank’s voice mail system. • Free PBX software makes this easy to do. • E-mails are targeted, including customer’s name. – Call victims directly using VOIP for cheap, anonymous international calls. • Caller-ID spoofing. • Attacker often knowns CC number, wants 3 -digit. CSC 382/582: Computer Security 6

Future Threats: Offline Impact Davis-Besse nuclear power plant Slammer infected Plant Process Computer and

Future Threats: Offline Impact Davis-Besse nuclear power plant Slammer infected Plant Process Computer and Safety Parameter Display System (Jan 2003. ) Analog backups unaffected. Infected contractor’s network, then moved through T 1 line that bypassed plant firewall. Seattle 911 system Slammer disabled computer systems. Dispatchers reverted to manual systems. 2003 Blackout Blaster infected First Energy systems. CSC 382/582: Computer Security 7

Future Threats: Speed Fast Worms: Slammer – Attacked MS SQL servers. – Worm is

Future Threats: Speed Fast Worms: Slammer – Attacked MS SQL servers. – Worm is single 404 -bye UDP packet. – Random-scan (PRNG bugs limited. ) – Limited by network bandwidth, not latency. – Observed scan rate of 26, 000 hosts/second. – Infected 90% of vulnerable hosts in 10 min. – Too fast for humans to react. CSC 382/582: Computer Security 8

Hardware Security: Biometrics will become more common. – Laptop fingerprint readers to login. –

Hardware Security: Biometrics will become more common. – Laptop fingerprint readers to login. – Voice print / eye scan used to login. – Disney: fingerprint-based Ticket. Tag system – Fingerprints used to check nightclub goers. CSC 382/582: Computer Security 9

Hardware Security: TC • Problem: You can’t trust the client. • Solution: Add hardware

Hardware Security: TC • Problem: You can’t trust the client. • Solution: Add hardware to give third parties power to enforce security policies on client against users’ wishes. – Hardware component: “Trusted” Computing – Software component: NGSCB CSC 382/582: Computer Security 10

Hardware Security Features 1. Memory Curtaining Hardware-enforced memory protection to prevent programs from accessing

Hardware Security Features 1. Memory Curtaining Hardware-enforced memory protection to prevent programs from accessing each others’ memory, including OS. 2. Secure I/O Secure path from keyboard to application that cannot be snooped on by keyloggers or spyware. 3. Sealed Storage 1. 2. 4. Generates keys based on program + hardware. Only that program on that computer can access data. Remote Attestation Hardware generation of certificate attesting to identity of software that currently runs on PC. CSC 382/582: Computer Security 11

Problems with Remote Attestation • Core Problem – If third parties know what software

Problems with Remote Attestation • Core Problem – If third parties know what software you’re using, they can refuse to interact with you if you’re running software they don’t want. • Examples – Web sites could force you to run IE. – Of a specific version vulnerable to their adware. – Vendor lock-in: prevent interoperability of IM clients or Samba with Windows servers. CSC 382/582: Computer Security 12

TC as a way of enforcing DRM • Secure I/O – Prevent text or

TC as a way of enforcing DRM • Secure I/O – Prevent text or images on screen from being printed or saved to a file. • Sealed Storage – Files encrypted on hard disk so only DRM client can access them. – Prevent files from being moved to new PC. • Remote Attestation – Prevents programs other than DRM client from ever receiving DRMed files. CSC 382/582: Computer Security 13

TC supports Remote Censorship • Applications can be designed to delete unauthorized documents by

TC supports Remote Censorship • Applications can be designed to delete unauthorized documents by remote control. – Documents must have watermark or serial #. – DRM documents already include these features. • Other TC features can be used to require application gets regular Internet access. – App phones home to get list of bad documents. • App refuses to allow access to banned documents on any PC. CSC 382/582: Computer Security 14

Solution: Owner Override Attestation + Owner Override – Allows third parties to know if

Solution: Owner Override Attestation + Owner Override – Allows third parties to know if software on your PC has changed w/o your knowledge. – Illicit activities and malware can be detected. – You can install and run the software you want to use, independent of third party wishes. CSC 382/582: Computer Security 15

Software Security • The problem with security: Bad design, code. • Trinity of Trouble

Software Security • The problem with security: Bad design, code. • Trinity of Trouble will expand – Connectivity: business critical processes will use wireless networking. – Complexity: software will continue to get larger. – Extensibility: more mobile code will be used, and SOA will be used for extensibility on server side. CSC 382/582: Computer Security 16

Economics of Security The problem with security: Bad incentives. – Systems are especially prone

Economics of Security The problem with security: Bad incentives. – Systems are especially prone to failure when security person doesn’t experience cost of failure. – Security problems are an externality. – Security techniques can distort markets (DRM. ) – Hidden costs of ownership • $99 MS Windows + $99 Antivirus, firewall, etc. CSC 382/582: Computer Security 17

Security Incentives • Banks – In US, banks liable for ATM fraud. • There

Security Incentives • Banks – In US, banks liable for ATM fraud. • There is relatively little ATM fraud in US. – In UK, customers liable for ATM fraud. • Banks ignored security since customer complaints were assumed to be lies or mistakes. • Medical Records – Medical providers dislike security because it requires time and limits sharing. – Patients want their medical records private. • Home Users – Should you pay for antivirus software when the virus likely won’t damage your data but instead attack someone else? CSC 382/582: Computer Security 18

Security as Externality • Externality: Cost or benefit of an economic transfer that someone

Security as Externality • Externality: Cost or benefit of an economic transfer that someone who is not a party to the transaction bears, e. g. air pollution, vaccination. • Security attacks often result in externalities. – Backscatter from DDOS attacks. – Botnet that does little damage to zombie PC can do extensive damage to its targets. CSC 382/582: Computer Security 19

Network Externality • Network externality: the more users a network has, the more valuable

Network Externality • Network externality: the more users a network has, the more valuable it is. – Compatibility is more important than security in building a market. – Excessive security (DRM) can allow dominant player to lock in users. • Problem: How to migrate to more secure network protocols? CSC 382/582: Computer Security 20

Security and Markets: Asymmetric Information The Market for Lemons – Ex: Used Car Market

Security and Markets: Asymmetric Information The Market for Lemons – Ex: Used Car Market • • 50 good used cars worth $3000. 50 lemons worth $1000 each. Sellers know the difference, buyers do not. What will price will the market bear? – Software market suffers from info asymmetry. CSC 382/582: Computer Security 21

Security and Markets: Insurance Computer security rarely applies insurance. – Different organizations IT risk

Security and Markets: Insurance Computer security rarely applies insurance. – Different organizations IT risk is correlated with other organizations. A Microsoft Windows virus is like a major hurricane, affecting many networks at once. – Software vendors aren’t responsible for risk of vulnerabilities in their software. Who would insure them if they were? CSC 382/582: Computer Security 22

Security and Markets: DRM • Security technologies can distort markets. – Infinite supply of

Security and Markets: DRM • Security technologies can distort markets. – Infinite supply of digital goods drives price to 0. – Copyright grants limited monopolies to prevent. – DRM gives owners complete market control. • Eliminate resale. • Eliminate transfer to other media. • Eliminate any use owner dislikes. CSC 382/582: Computer Security 23

Economics of Privacy • Technology increases ability to discriminate in pricing. – Data mining

Economics of Privacy • Technology increases ability to discriminate in pricing. – Data mining can be used to individuals’ willingness to pay. – Complex, changing prices for airlines, software. • Data breach law gives incentive for privacy. – Stock prices fall after data breaches revealed. CSC 382/582: Computer Security 24

Security and Usability The problem with security: Bad interfaces. – Semantic attacks such as

Security and Usability The problem with security: Bad interfaces. – Semantic attacks such as phishing depend on difference between how user perceives communication and the actual effect of the communication. – How can we bridge the gap between user’s mental model and the model of how systems actually work? CSC 382/582: Computer Security 25

Security and Usability Figure 2. Passpet CSC 382/582: Computer Security 26

Security and Usability Figure 2. Passpet CSC 382/582: Computer Security 26

Future of Privacy: Tracking The problem with privacy: Computers. • Portable computing devices =>

Future of Privacy: Tracking The problem with privacy: Computers. • Portable computing devices => tracking – Cell phone: current location, path travelled – RFID tags • Ubiquitous video cameras => tracking – Average Londoner has picture taken 300/day CSC 382/582: Computer Security 27

Future of Privacy: Wholesale Surveillance • Don’t look at a suspicious person, look at

Future of Privacy: Wholesale Surveillance • Don’t look at a suspicious person, look at everyone. – – – NSA phone/email surveillance; Echelon Satellite photography Cameras + OCR track license plates in London. Auto toll-pay systems and cell phones track cars. Credit card and Paypal purchases • Quantity has a Quality all its own – Changes balance between police power and rights of the people. – Past compromises: random license plates instead of owner’s name. CSC 382/582: Computer Security 28

References 1. 2. 3. 4. 5. 6. 7. 8. Ross Anderson and Tyler Moore,

References 1. 2. 3. 4. 5. 6. 7. 8. Ross Anderson and Tyler Moore, “Economics of Security, ” Science, Oct 27, 2006. Gary Mc. Graw and Greg Hoglund, Exploiting Software: How to Break Code, Addison-Wesley, 2004. Peter Neumann, (moderator), Risks Digest, http: //catless. ncl. ac. uk/Risks/ Bruce Schneier, Beyond Fear, Copernicus Books, 2003. Bruce Schneier, “Future of Privacy, ” http: //www. schneier. com/blog/archives/2006/03/the_future_of_p. html, 2006. Seth Schoen, “Trusted Computing: Promise and Risk, ” http: //www. eff. org/Infrastructure/trusted_computing/20031001_tc. php, 2003. Jon Schwartz, “Phishing attacks now using phone calls, ” USA Today, Nov 26, 2006. Ken Thompson, “Reflections on Trusting Trust”, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761 -763 (http: //www. acm. org/classics/sep 95/) CSC 382/582: Computer Security 29