Pre – Midterm
What is security? Confidentiality, Integrity, Availability.
What is privacy? Informational self-determination.
Mediation – Application ensures that what the user has entered constitutes a
meaningful request. Incomplete mediation occurs when application accepts incorrect
data from user. Always do server side mediation. Client side mediation can be turned off
TOCTTOU – Time-Of-Check To Time-Of-Use
Malware – Software written with malicious intent. Virus is a malware that infects other
files Trojan horses are programs which claim to do something innocuous (and usually
do), but which also hide malicious behavior. Logic bombs are usually written by insiders.
A worm is a piece of code that can replicate with little or no user environment. Web
bugs can send IP addresses, Contents of cookies, and any personal info the site has
Back door – set of instructions designed to bypass the normal authentication
A salami attack is made of many small attacks e.g. gas pumps misreport, credit cards
A root kit is tool that can be used to gain unauthorized root/administrator privileges and
to hide its existence by changing log file, modifying ls and ps commands, modifying the
Key loggers - Application specific, System keyboard loggers, Hardware keyboard
Man-in-the-middle – intercepts the communication from the user, and then passes it on
to the intended party. E.g. key logger, interface illusions, phishing.
Covert and Side channels.
Easter egg code review – author inserts intentional flaws into the code.
Black box testing – A test where you just have access to a completed object is a black-
o Fuzz testing – Supply random data to the object.
White box testing – when you take design and implementation into account. Also
known as clear-box testing.
Access control – Three goals Check every access, Enforce least privilege, Verify
o Each object has a list of subjects and their access rights.
o Role Based access controls – In a company, objects that a user can access
often do not depend on the identity of the user, but on the user’s job function
(role) within the company.
o Mandatory Access control (MAC) – central authority establishes who can
o Discretionary access control (DAC) – some control over who can access what. Identification: Who are you? Authentication: Prove It!
o Four classes of authentication: something the user knows, has, is, context
Trusted Computing Base (TCB) – Part of a trusted OS that is necessary to enforce OS
security policy. TCB can be implemented in different parts of the OS or in a separate
o Rings – If a processor is operating in ring n, code can access only memory and
instructions in rings >= n. Access to rings < n will trigger interrupt/exception.
Windows and Linux use 2 rings.
Module 4 – Networks
Types of Communication links
o Wireless vs. Wired
Loose-lipped systems reveal (non-confidential) information that could facilitate the
Nmap can identify many applications
Social Engineering / Dumpster diving / oral communication
Local Area Network (LAN) - Connects all computers within a company or a university
URL Spoofing – used for phishing attacks
Evil Twin Attack – wireless version of the phishing scam.
Session Hijacking – attacker can steal cookie or become end communication node.
Traffic Analysis – The existence of communication between two parties should be hidden
e.g. Syrian protestors sending information to other countries. Attacker can sniff packets
Integrity Attacks – attacker can modify, delete and create packets while being
DNS cache poisoning (Domain Name System) - maps hostnames to numerical
addresses. Attacker can create wrong mappings.
Protocol Failures – TCP/IP assumes that all nodes implement protocols faithfully. Some
implementations do not check whether a packet is well formatted e.g. buffer overflow.
Web site defacements – attacker can download web code and look for vulnerabilities.
Attacker can send malicious URL to exploit buffer overflow, invoke shell, access
sensitive files etc.
HTTP protocol is stateless – attacker can submit modified state
Cross-site scripting (XSS) / request forgery (CSRF) – attacker adds his/her HTML code
to someone’s website. XSS steals sensitive information (cookie) on the other hand
CSRF performs malicious action at some website (transfer money from bank).
Denial of service (DoS) – cutting/jamming wire, flooding node, ping flood, ping of death,
smurf attack and SYN flood. Black hole Attack – router announces low cost for reaching victim and drops all
DNS attack – cache poisoning can lead to packets being routed to wrong host.
Distributed Denial of service (DDoS) – network of bots known as botnet. Examples
include Nimda, Slammer and Storm worm.
Active code – To reduce load on server, server might ask client to execute code on its
Design and Implementation - Don’t trust inputs from clients and use white list of allowed
Segmentation and Separation – deploy multiple servers / put services on different
Redundancy - avoid single points of failure. Deploy servers to different locations with
different software’s / keep backup servers close and ready.
Access controls (ACLs) – define router ACL that drops packets with particular source
and destination address.
Firewalls – Firewalls have been designed to filter traffic, maybe based on other criteria
than just packet addresses.
o Choke points – examine traffic
o Company firewall do not protect against attacks on company hosts that generate
within the company.
Types of Firewalls
o Packet filtering gateways – make decision based on header of a packet.
Ignores payload of a packet. Can drop spoofed traffic.
o Stateful inspection firewalls – keep state to identify packets that belong
together. Might have to re-assemble packets for Stateful inspection.
o Application Proxies – Clients talk to proxy, proxy talks to server. Can do
sophisticated processing such as limit types of allowed database queries, filter
URLs, log all emails, and scan for viruses. Can also do strong user
o Personal Firewalls – runs on home computers. Typically forbids everything
unless explicitly allowed.
Demilitarized zone (DMZ) – Subnetwork that contains an organization’s external
services, accessible to the internet.
o Deploy external and internal firewall
o External firewall protects DMZ and internal firewall protects internal network from
attacks lodged in DMZ.
Honeypots / honeynets - Set up an (unprotected) computer or an entire network as a
trap for an attacker. Observe attacker and learn about new attacks to stop or divert
o Types - Low interaction and High interaction
Intrusion Detection System (IDSs)
o Host-based and Network-based IDSs
o Distributed IDSs combination of the above two
o Signature-based and heuristic/anomaly-based IDSs
o Tripwire (Host and anomaly based) detects file modifications Module 5 – Cryptography
Cryptography – Making secret messages (Turning plaintext into cipher text)
Cryptanalysis – Recovering the plaintext from cipher text
Cryptology is the science that studies both – point of cryptography is to send secure
messages over an insecure medium.
Trent – A trusted third party
Three main components of cryptography
o Confidentiality components – Preventing Eve from reading Alice’s messages
o Integrity components – Preventing Mallory from modifying Alice’s messages
o Authenticity components – Preventing Mallory from impersonating Alice.
Kerckhoffs’ principle – security of cryptosystem should not rely on a secret that’s hard
or expensive to change. Use publicly available methods.
Strong cryptosystem - where Eve has to try all the keys.
Symmetric Encryption – simplest form of cryptography. The key Alice uses to encrypt
the message is the same key Bob uses to decrypt it.
One-Time Pad – Completely unbreakable. Key is truly random bitstring of the same
length as the message.
A two-time pad is insecure. OPT “information-theoretic” security.
Most cryptosystems have “computational” security which means that it’s certain they
can be broken.
BOINC – Berkeley Open Infrastructure for Network Computing.
Modern standard 128-bit crypto
Principle of Easiest Penetration – the point of cryptography is to make sure the
information transfer is not the weakest link.
Symmetric ciphers come in two major classes.
o Stream ciphers – Stream cipher is what you get if you take the One-Time pad,
but use a pseudorandom key stream instead of a truly random one. Stream ciphers can be very fast and is useful if you want to send a lot of data securely.
Stream ciphers operate on the message one bit at a time. E.g. RC4
o Block ciphers operate on the message one block at a time. Blocks are usually
64 or 128 bits long. E.g. AES
The choice of what to do with multiple blocks is called the mode of operation of the
o Simplest approach – encrypt each successive block separately. This is known as
Electronic Code Book (ECB) mode.
o Cipher Block chaining (CBC) and counter (CTR) modes – these modes don’t
reveal patterns in the plain text. But you need an initial IV value that acts like a
Symmetric ciphers can be shared in the following ways – meeting in person; diplomatic
In asymmetric (or public key) crypto, there’s one key for locking, and a different key for
unlocking. E.g. RSA, ElGamal, ECC .
o Alice uses bob’s public key to encrypt. Bob uses his private key to decrypt.
o The public keys can be published in a directory somewhere.
Public key crypto have longer keys compared to symmetric-key crypto and also take
long time to calculate.
Hybrid Cryptography – using public key to encrypt large messages would be too slow,
so we take a hybrid approach.
o Pick a random 128-bit key for a symmetric key cryptosystem
o Encrypt the large message with that symmetric key (AES)
o Encrypt the 128-bit key with a public-key cryptosystem.
o Send the symmetric-encrypted message and the public-encrypted key to Bob.
Mallory can sometimes modify messages in transit even if they are encrypted.
Use checksums to make sure that message has not changed in transit.
Alice computes the checksum of message and sticks it to the end before encrypting. But
with most checksum methods Mallory can still change the message with the checksum
remaining the same. We need to use cryptographic checksum. Cryptographic checksums are called hash functions. Common examples MD5, SHA-
1, SHA-256. Hash functions generally have two properties.
o One-way – Given a hash value it’s hard to find a message which hashes to that
o Collision-resistant – It’s hard to find two messages which hash to the same
value (a collision).
Birthday paradox - why collision occurs is SHA-1.
Hash functions are useful only when there is a secure way of sending the hash value.
For example Bob can publish a hash of his public key on a business card.
“Keyed Hashes” are usually called Message Authentication Codes (MACs). E.g. SHA-1-
HMAC, SHA-256-HMAC, CBC-MAC.
Repudiation – Alice can just claim that Bob made up the message, and calculated the
Digital Signatures – For non-repudiation
If Bob receives a message with Alice’s digital signature on it, then:
o Alice, and not the impersonator, sent the message,
o The message has not been altered since it was sent, and
o Bob can prove these facts to a third party
Digital Signatures are similar to public-key cryptography
o To make a digital signature – Alice signs the message with her private signature
o To verify Alice’s signature – Bob verifies the message with his copy of Alice’s
public verification key. If it verifies correctly, the signature is valid.
We can Hybridize signatures to make them faster
o Alice sends the (unsigned) message, and also a signature on a hash of the
o The hash is much smaller than the message, and so faster to sign and verify.
Key management is the hardest problem of public-key cryptography. Ways in which Alice
can find out Bob’s public key.
o She can know It personally (manual keying) – SSH does this o She can trust a friend to tell her (web of trust) – PGP does this
o She can trust third party to tell her (CA’s) – TLS/SSL do this
Certificate Authorities (CA’s) – A trusted party that keeps a directory of people’s (and
organizations’) public keys.
o Bob signs his personal information and his public key using private key. He then
sends it to the CA. The CA ensures that the info and signature are correct.
o The CA releases a certificate containing Bob’s personal info and public key. The
CA signs the certificate with its signature key.
Everyone is assumed to have a copy of CA’s verification key, so they can verify the
signature on the certificate.
Public-key infrastructure (PKI)
o Need to have only public key of root CA to verify certificate chain.
Encryption does not provide integrity.
Symmetric-crypto can be a problem, since any secrets (like the key) need to be available
to the legitimate users but not the adversaries.
Public key is safe, since an attacker can only perform encryption or verification and no
decryption or signing.
Hard drive encryption protects data if the laptop gets stolen/lost. Not from legitimate
users of that laptop. Attacker can still install malware on the laptop. Also attacker can
extract the decryption key from the laptop’s memory.
Network cryptography is used at every layer of the network stack for both security and
o Link – WEP, WPA, WPA2
o Network – VPN, IPSec
o Transport – TLS/SSL, Tor
o Application – ssh, Mixminion, PGP, OTR
Link-layer security controls are intended to protect local area networks. Widespread
example: WEP (Wired Equivalent Privacy) Slide 70.
Understand 5 security/privacy issues with WEP. Wi-Fi Protected Access (WPA) was rolled out as a short term patch to WEP. Read
WPA2 replaced WPA in 2006. It’s been required for all products calling themselves Wi-
o Dictionary attack still possible.
We need security across networks. This is usually accomplished with a Virtual Private
Tunnelling is the sending of messages of one protocol inside (that is, as the payload of)
messages of another protocol, out of their usual protocol nesting sequence.
Application layer protocol is top of the stack. Link layer protocol is bottom of the stack.
o TCP-over-IP is not tunnelling but IP-over-TCP is tunnelling.
One standard way to set up a VPN is by using IPSec.
o Transport Mode – Useful for connecting a single laptop to a home network. Only
the contents of the original IP packet are encrypted and authenticated.
o Tunnel Mode – Useful for connecting two networks. The contents of the original
IP packet are encrypted and authenticated; result is placed inside a new IP
packet destined for the remote VPN gateway.
Network-layer security mechanisms arrange to send individual IP packets securely from
one network to another.
Transform-layer security mechanisms transform arbitrary TCP connections to add
Main transport-layer security mechanism TLS (formerly known as SSL)
Main transport-layer privacy mechanism Tor.
In the mid-1990S Netscape invented a protocol called Secure Sockets Layer (SSL)
meant for protecting HTTP (web) connections. HTTP + SSL = HTTPS. Also the protocol
can be used to protect any TCP-based connection. TLS is the standard protocol which
was introduced after making a few revisions to SSL.
TLS at a high level
o Client connects to server, indicates it wants to speak TLS, and which ciphersuites
o Server sends its certificate to client. Server also chooses which ciphersuites to
o Client validates server’s certificate.
o Client sends symmetric encryption key K, encrypted with server’s public key.
o Server decrypts with its private key and gets K
o Communication now proceeds using K and the chosen ciphersuite.
Security properties provided by TLS
o Server Authentication
o Message integrity
o Message confidentiality
o Client authentication (optional)
TLS including SSL has become the most successful Privacy Enhancing Technology
(PET) ever. o Comes with your browser and works without configuring. Increasingly important
due to success of Wi-Fi.
All of the above protect the contents of messages. We may want to protect the
metadata. Also bad things might happen if you are seen sending encrypted messages to
some organizations/people. So to hide that we can use Tor.
Tor is another successful privacy enhancing technology that works at the transport layer.
Tor allows you to make TCP connections without revealing your IP address. Mostly used
for HTTP web connections.
o Tor nodes are known as onion routers.
o Encrypted communication connections are established using public-key
o Each node decrypts one layer of the encrypted message and passes the
message to next node in the path EK1(EK2(EK3(M))). When the website replies
with message R it gets encrypted. Alice uses K1, K2 and K3 to decrypt the
o The connection between the last node and the website is not encrypted. To add
encryption use HTTPS.
o Tor is linkable in short run – Two connections in quick succession from the same
Tor node are more likely to in fact be from the same person.
o Verinymity – Government ID, SIN, credit card #, address
o Persistent pseudonymity – Noms de plume, many blogs
o Linkable anonymity – Prepaid phone cards, loyalty cards
o Unlinkable anonymity – Cash payments, Tor
o Always design systems with low level of Nymity fundamentally; adding more is
TLS can provide for encryption at the TCP socket level. Many applications would like
true end-to-end security.
Secure remote login (SSH) slide 110.
o Two main ways to authenticate with ssh
o Send a password over the encrypted channel – The server needs to know (a
hash) of your password.
o Sign a challenge with your private signature key – The server needs to know
your public key.
Read Remailers from slide
Pretty Good Privacy – the first popular implementation of public-key cryptography.
Today many compatible programs. GNU Privacy Guard (gpg), Hushmail, etc.
o What does it do? Its primary use is to protect the contents of email messages.
o How does it work? Use public-key cryptography to provide encryption of email
messages. Digital signatures on email messages.
In order to use public-key encryption and digital signatures, Alice and Bob must each
o A public encryption key
o A private decryption key
o A private signature key
o A public verification key
Sending a Message (Slide 122 & 123) *
PGP’s main functions – Create these four kinds of keys o Encryption, decryption, signature, verification
Ways in which Alice and Bob can share public keys
o If Alice knows Bob personally, she could download the key from Bob’s webpage.
Phone up Bob and verify she’s got the right key. Problem keys are big and
A fingerprint is a cryptographic hash of a key. This, of course, is much shorter.
Remember there is no known way to make two different keys that have the same
o Now Alice can download Bob’s key from his webpage. Use a software to
calculate the fingerprint of Bob’s key. Phone up Bob and confirm the fingerprint.
But what about Carol, who doesn’t know Bob enough to call him.
o Once Alice has verified Bob’s key, she uses her signature key to sign Bob’s key.
o Bob can then attach Alice’s signature to the key on his webpage.
o Now Carol can download Bob’s key from the webpage. If Carol has already
verified Alice’s key and she trusts her she can trust Bob’s key if she sees Alice’s
signature. This is called the Web of Trust and PGP software handles it most
Bob’s computer can get stolen or just broke into (virus, Trojan). Bad guys might be able
to decrypt the messages sent by Alice and might have mathematical proof that Alice sent
Casual conversations where no one can hear/record Alice and Bob are said to be “off-
Perfect forward secrecy – Future key compromises should not reveal past
o Use a short live encryption key
o Discard it after use – Securely erase it from memory
o Use long term keys to help distribute and authenticate the short-lived key. Q on
Deniable authentication – Don’t understand Slide 139.
All the above techniques require the parties to communicate interactively. Can only be
used for instant messaging.
Off-the-Record Messaging (OTR) is software that allows you to have private
conversations over instant messaging, providing: Confidentiality, Authentication, Perfect
forward Secrecy, and Deniability.
OTR last slide.
Module 6 – Database Security and Privacy
Most popular DBMS is based on relational model
Stores records in one or multiple tables (relations)
Most popular query language is SQL
Result of a query is a subschema Security requirements
o Physical database integrity
o Logical database integrity
o Element integrity
o Referential integrity
o Audit ability
o Access control
o User authentication
Logical and Physical integrity
o Protect against database corruption
o Allow only authorized individuals to perform updates
o Recover from physical problems (Power failures, disk crashes)
o Perform periodic backups
o Keep log of transactions to replay transactions since last backup
o Ensure correctness/accuracy of database elements
o Access control to limit who can update element
o Element checks to validate correctness – e.g. element must be numeric within a
particular range. Helps against mistakes by authorized users. Typically enforced
by triggers (procedures that are automatically executed after an INSERT,
o Change log or shadow fields to undo erroneous changes. Slide 12.
o Error detection codes to protect against OS or hard disk problems.
Integrity: two-phase update – For a set of operations either all of th