Study Guides (238,487)
Canada (115,165)
CS 458 (1)

CS458 - Study Notes.docx

21 Pages
Unlock Document

University of Waterloo
Computer Science
CS 458
Urs Hengartner

Pre – Midterm  What is security? Confidentiality, Integrity, Availability.  What is privacy? Informational self-determination.  Mediation – Application ensures that what the user has entered constitutes a meaningful request. Incomplete mediation occurs when application accepts incorrect data from user. Always do server side mediation. Client side mediation can be turned off or tricked.  TOCTTOU – Time-Of-Check To Time-Of-Use  Malware – Software written with malicious intent. Virus is a malware that infects other files Trojan horses are programs which claim to do something innocuous (and usually do), but which also hide malicious behavior. Logic bombs are usually written by insiders. A worm is a piece of code that can replicate with little or no user environment. Web bugs can send IP addresses, Contents of cookies, and any personal info the site has about you.  Back door – set of instructions designed to bypass the normal authentication mechanism.  A salami attack is made of many small attacks e.g. gas pumps misreport, credit cards charge, etc.  A root kit is tool that can be used to gain unauthorized root/administrator privileges and to hide its existence by changing log file, modifying ls and ps commands, modifying the kernel, etc.  Key loggers - Application specific, System keyboard loggers, Hardware keyboard loggers.  Man-in-the-middle – intercepts the communication from the user, and then passes it on to the intended party. E.g. key logger, interface illusions, phishing.  Covert and Side channels.  Easter egg code review – author inserts intentional flaws into the code.  Black box testing – A test where you just have access to a completed object is a black- box test o Fuzz testing – Supply random data to the object.  White box testing – when you take design and implementation into account. Also known as clear-box testing.  Access control – Three goals Check every access, Enforce least privilege, Verify acceptable use. o Each object has a list of subjects and their access rights. o Role Based access controls – In a company, objects that a user can access often do not depend on the identity of the user, but on the user’s job function (role) within the company. o Mandatory Access control (MAC) – central authority establishes who can access what o Discretionary access control (DAC) – some control over who can access what.  Identification: Who are you? Authentication: Prove It! o Four classes of authentication: something the user knows, has, is, context (location).  Trusted Computing Base (TCB) – Part of a trusted OS that is necessary to enforce OS security policy. TCB can be implemented in different parts of the OS or in a separate security kernel o Rings – If a processor is operating in ring n, code can access only memory and instructions in rings >= n. Access to rings < n will trigger interrupt/exception. Windows and Linux use 2 rings. Module 4 – Networks  Types of Communication links o Wireless vs. Wired  Loose-lipped systems reveal (non-confidential) information that could facilitate the attack.  Nmap can identify many applications  Social Engineering / Dumpster diving / oral communication  Local Area Network (LAN) - Connects all computers within a company or a university  URL Spoofing – used for phishing attacks  Evil Twin Attack – wireless version of the phishing scam.  Session Hijacking – attacker can steal cookie or become end communication node.  Traffic Analysis – The existence of communication between two parties should be hidden e.g. Syrian protestors sending information to other countries. Attacker can sniff packets and learn.  Integrity Attacks – attacker can modify, delete and create packets while being transmitted.  DNS cache poisoning (Domain Name System) - maps hostnames to numerical addresses. Attacker can create wrong mappings.  Protocol Failures – TCP/IP assumes that all nodes implement protocols faithfully. Some implementations do not check whether a packet is well formatted e.g. buffer overflow.  Web site defacements – attacker can download web code and look for vulnerabilities. Attacker can send malicious URL to exploit buffer overflow, invoke shell, access sensitive files etc.  HTTP protocol is stateless – attacker can submit modified state  Cross-site scripting (XSS) / request forgery (CSRF) – attacker adds his/her HTML code to someone’s website. XSS steals sensitive information (cookie) on the other hand CSRF performs malicious action at some website (transfer money from bank).  Denial of service (DoS) – cutting/jamming wire, flooding node, ping flood, ping of death, smurf attack and SYN flood.  Black hole Attack – router announces low cost for reaching victim and drops all packets.  DNS attack – cache poisoning can lead to packets being routed to wrong host.  Distributed Denial of service (DDoS) – network of bots known as botnet. Examples include Nimda, Slammer and Storm worm.  Active code – To reduce load on server, server might ask client to execute code on its behalf e.g. Java, JavaScript and ActiveX.  Design and Implementation - Don’t trust inputs from clients and use white list of allowed characters.  Segmentation and Separation – deploy multiple servers / put services on different servers.  Redundancy - avoid single points of failure. Deploy servers to different locations with different software’s / keep backup servers close and ready.  Access controls (ACLs) – define router ACL that drops packets with particular source and destination address.  Firewalls – Firewalls have been designed to filter traffic, maybe based on other criteria than just packet addresses. o Choke points – examine traffic o Company firewall do not protect against attacks on company hosts that generate within the company.  Types of Firewalls o Packet filtering gateways – make decision based on header of a packet. Ignores payload of a packet. Can drop spoofed traffic. o Stateful inspection firewalls – keep state to identify packets that belong together. Might have to re-assemble packets for Stateful inspection. o Application Proxies – Clients talk to proxy, proxy talks to server. Can do sophisticated processing such as limit types of allowed database queries, filter URLs, log all emails, and scan for viruses. Can also do strong user authentication. o Personal Firewalls – runs on home computers. Typically forbids everything unless explicitly allowed.  Demilitarized zone (DMZ) – Subnetwork that contains an organization’s external services, accessible to the internet. o Deploy external and internal firewall o External firewall protects DMZ and internal firewall protects internal network from attacks lodged in DMZ.  Honeypots / honeynets - Set up an (unprotected) computer or an entire network as a trap for an attacker. Observe attacker and learn about new attacks to stop or divert attacker. o Types - Low interaction and High interaction  Intrusion Detection System (IDSs) o Host-based and Network-based IDSs o Distributed IDSs combination of the above two o Signature-based and heuristic/anomaly-based IDSs o Tripwire (Host and anomaly based) detects file modifications Module 5 – Cryptography  Cryptography – Making secret messages (Turning plaintext into cipher text)  Cryptanalysis – Recovering the plaintext from cipher text  Cryptology is the science that studies both – point of cryptography is to send secure messages over an insecure medium.  Trent – A trusted third party  Three main components of cryptography o Confidentiality components – Preventing Eve from reading Alice’s messages o Integrity components – Preventing Mallory from modifying Alice’s messages o Authenticity components – Preventing Mallory from impersonating Alice.  Kerckhoffs’ principle – security of cryptosystem should not rely on a secret that’s hard or expensive to change. Use publicly available methods.  Strong cryptosystem - where Eve has to try all the keys.  Slide 11  Symmetric Encryption – simplest form of cryptography. The key Alice uses to encrypt the message is the same key Bob uses to decrypt it.  One-Time Pad – Completely unbreakable. Key is truly random bitstring of the same length as the message.  A two-time pad is insecure. OPT “information-theoretic” security.  Most cryptosystems have “computational” security which means that it’s certain they can be broken.  BOINC – Berkeley Open Infrastructure for Network Computing.  Modern standard 128-bit crypto  Principle of Easiest Penetration – the point of cryptography is to make sure the information transfer is not the weakest link.  Symmetric ciphers come in two major classes. o Stream ciphers – Stream cipher is what you get if you take the One-Time pad, but use a pseudorandom key stream instead of a truly random one. Stream ciphers can be very fast and is useful if you want to send a lot of data securely. Stream ciphers operate on the message one bit at a time. E.g. RC4 o Block ciphers operate on the message one block at a time. Blocks are usually 64 or 128 bits long. E.g. AES  The choice of what to do with multiple blocks is called the mode of operation of the block cipher. o Simplest approach – encrypt each successive block separately. This is known as Electronic Code Book (ECB) mode. o Cipher Block chaining (CBC) and counter (CTR) modes – these modes don’t reveal patterns in the plain text. But you need an initial IV value that acts like a salt.  Symmetric ciphers can be shared in the following ways – meeting in person; diplomatic courier.  In asymmetric (or public key) crypto, there’s one key for locking, and a different key for unlocking. E.g. RSA, ElGamal, ECC . o Alice uses bob’s public key to encrypt. Bob uses his private key to decrypt. o The public keys can be published in a directory somewhere.  Public key crypto have longer keys compared to symmetric-key crypto and also take long time to calculate.  Hybrid Cryptography – using public key to encrypt large messages would be too slow, so we take a hybrid approach. o Pick a random 128-bit key for a symmetric key cryptosystem o Encrypt the large message with that symmetric key (AES) o Encrypt the 128-bit key with a public-key cryptosystem. o Send the symmetric-encrypted message and the public-encrypted key to Bob.  Mallory can sometimes modify messages in transit even if they are encrypted.  Use checksums to make sure that message has not changed in transit.  Alice computes the checksum of message and sticks it to the end before encrypting. But with most checksum methods Mallory can still change the message with the checksum remaining the same. We need to use cryptographic checksum.  Cryptographic checksums are called hash functions. Common examples MD5, SHA- 1, SHA-256. Hash functions generally have two properties. o One-way – Given a hash value it’s hard to find a message which hashes to that value (preimage). o Collision-resistant – It’s hard to find two messages which hash to the same value (a collision).  Birthday paradox - why collision occurs is SHA-1.  Hash functions are useful only when there is a secure way of sending the hash value. For example Bob can publish a hash of his public key on a business card.  “Keyed Hashes” are usually called Message Authentication Codes (MACs). E.g. SHA-1- HMAC, SHA-256-HMAC, CBC-MAC.  Repudiation – Alice can just claim that Bob made up the message, and calculated the MAC himself.  Digital Signatures – For non-repudiation  If Bob receives a message with Alice’s digital signature on it, then: o Alice, and not the impersonator, sent the message, o The message has not been altered since it was sent, and o Bob can prove these facts to a third party  Digital Signatures are similar to public-key cryptography o To make a digital signature – Alice signs the message with her private signature key. o To verify Alice’s signature – Bob verifies the message with his copy of Alice’s public verification key. If it verifies correctly, the signature is valid.  We can Hybridize signatures to make them faster o Alice sends the (unsigned) message, and also a signature on a hash of the message. o The hash is much smaller than the message, and so faster to sign and verify.  Key management is the hardest problem of public-key cryptography. Ways in which Alice can find out Bob’s public key. o She can know It personally (manual keying) – SSH does this o She can trust a friend to tell her (web of trust) – PGP does this o She can trust third party to tell her (CA’s) – TLS/SSL do this  Certificate Authorities (CA’s) – A trusted party that keeps a directory of people’s (and organizations’) public keys. o Bob signs his personal information and his public key using private key. He then sends it to the CA. The CA ensures that the info and signature are correct. o The CA releases a certificate containing Bob’s personal info and public key. The CA signs the certificate with its signature key.  Everyone is assumed to have a copy of CA’s verification key, so they can verify the signature on the certificate.  Public-key infrastructure (PKI) o Need to have only public key of root CA to verify certificate chain.  Encryption does not provide integrity.  Symmetric-crypto can be a problem, since any secrets (like the key) need to be available to the legitimate users but not the adversaries.  Public key is safe, since an attacker can only perform encryption or verification and no decryption or signing.  Hard drive encryption protects data if the laptop gets stolen/lost. Not from legitimate users of that laptop. Attacker can still install malware on the laptop. Also attacker can extract the decryption key from the laptop’s memory.  Network cryptography is used at every layer of the network stack for both security and privacy applications. o Link – WEP, WPA, WPA2 o Network – VPN, IPSec o Transport – TLS/SSL, Tor o Application – ssh, Mixminion, PGP, OTR  Link-layer security controls are intended to protect local area networks. Widespread example: WEP (Wired Equivalent Privacy) Slide 70.  Understand 5 security/privacy issues with WEP.  Wi-Fi Protected Access (WPA) was rolled out as a short term patch to WEP. Read Slides.  WPA2 replaced WPA in 2006. It’s been required for all products calling themselves Wi- Fi. o Dictionary attack still possible.  We need security across networks. This is usually accomplished with a Virtual Private Network (VPN).  Tunnelling is the sending of messages of one protocol inside (that is, as the payload of) messages of another protocol, out of their usual protocol nesting sequence.  Application layer protocol is top of the stack. Link layer protocol is bottom of the stack. o TCP-over-IP is not tunnelling but IP-over-TCP is tunnelling.  One standard way to set up a VPN is by using IPSec. o Transport Mode – Useful for connecting a single laptop to a home network. Only the contents of the original IP packet are encrypted and authenticated. o Tunnel Mode – Useful for connecting two networks. The contents of the original IP packet are encrypted and authenticated; result is placed inside a new IP packet destined for the remote VPN gateway.  Network-layer security mechanisms arrange to send individual IP packets securely from one network to another.  Transform-layer security mechanisms transform arbitrary TCP connections to add security.  Main transport-layer security mechanism TLS (formerly known as SSL)  Main transport-layer privacy mechanism Tor.  In the mid-1990S Netscape invented a protocol called Secure Sockets Layer (SSL) meant for protecting HTTP (web) connections. HTTP + SSL = HTTPS. Also the protocol can be used to protect any TCP-based connection. TLS is the standard protocol which was introduced after making a few revisions to SSL.  TLS at a high level o Client connects to server, indicates it wants to speak TLS, and which ciphersuites it knows. o Server sends its certificate to client. Server also chooses which ciphersuites to use. o Client validates server’s certificate. o Client sends symmetric encryption key K, encrypted with server’s public key. o Server decrypts with its private key and gets K o Communication now proceeds using K and the chosen ciphersuite.  Security properties provided by TLS o Server Authentication o Message integrity o Message confidentiality o Client authentication (optional)  TLS including SSL has become the most successful Privacy Enhancing Technology (PET) ever. o Comes with your browser and works without configuring. Increasingly important due to success of Wi-Fi.  All of the above protect the contents of messages. We may want to protect the metadata. Also bad things might happen if you are seen sending encrypted messages to some organizations/people. So to hide that we can use Tor.  Tor is another successful privacy enhancing technology that works at the transport layer. Tor allows you to make TCP connections without revealing your IP address. Mostly used for HTTP web connections. o Tor nodes are known as onion routers. o Encrypted communication connections are established using public-key cryptography. o Each node decrypts one layer of the encrypted message and passes the message to next node in the path EK1(EK2(EK3(M))). When the website replies with message R it gets encrypted. Alice uses K1, K2 and K3 to decrypt the message. o The connection between the last node and the website is not encrypted. To add encryption use HTTPS. o Tor is linkable in short run – Two connections in quick succession from the same Tor node are more likely to in fact be from the same person.  Nymity levels o Verinymity – Government ID, SIN, credit card #, address o Persistent pseudonymity – Noms de plume, many blogs o Linkable anonymity – Prepaid phone cards, loyalty cards o Unlinkable anonymity – Cash payments, Tor o Always design systems with low level of Nymity fundamentally; adding more is easy.  TLS can provide for encryption at the TCP socket level. Many applications would like true end-to-end security.  Secure remote login (SSH) slide 110. o Two main ways to authenticate with ssh o Send a password over the encrypted channel – The server needs to know (a hash) of your password. o Sign a challenge with your private signature key – The server needs to know your public key.  Read Remailers from slide  Pretty Good Privacy – the first popular implementation of public-key cryptography. Today many compatible programs. GNU Privacy Guard (gpg), Hushmail, etc. o What does it do? Its primary use is to protect the contents of email messages. o How does it work? Use public-key cryptography to provide encryption of email messages. Digital signatures on email messages.  In order to use public-key encryption and digital signatures, Alice and Bob must each have: o A public encryption key o A private decryption key o A private signature key o A public verification key  Sending a Message (Slide 122 & 123) *  PGP’s main functions – Create these four kinds of keys o Encryption, decryption, signature, verification  Ways in which Alice and Bob can share public keys o If Alice knows Bob personally, she could download the key from Bob’s webpage. Phone up Bob and verify she’s got the right key. Problem keys are big and unwieldy!  A fingerprint is a cryptographic hash of a key. This, of course, is much shorter. Remember there is no known way to make two different keys that have the same fingerprint. o Now Alice can download Bob’s key from his webpage. Use a software to calculate the fingerprint of Bob’s key. Phone up Bob and confirm the fingerprint. But what about Carol, who doesn’t know Bob enough to call him. o Once Alice has verified Bob’s key, she uses her signature key to sign Bob’s key. o Bob can then attach Alice’s signature to the key on his webpage. o Now Carol can download Bob’s key from the webpage. If Carol has already verified Alice’s key and she trusts her she can trust Bob’s key if she sees Alice’s signature. This is called the Web of Trust and PGP software handles it most automatically.  Bob’s computer can get stolen or just broke into (virus, Trojan). Bad guys might be able to decrypt the messages sent by Alice and might have mathematical proof that Alice sent those messages.  Casual conversations where no one can hear/record Alice and Bob are said to be “off- the-record”.  Perfect forward secrecy – Future key compromises should not reveal past communication o Use a short live encryption key o Discard it after use – Securely erase it from memory o Use long term keys to help distribute and authenticate the short-lived key. Q on slide 138.  Deniable authentication – Don’t understand Slide 139.  All the above techniques require the parties to communicate interactively. Can only be used for instant messaging.  Off-the-Record Messaging (OTR) is software that allows you to have private conversations over instant messaging, providing: Confidentiality, Authentication, Perfect forward Secrecy, and Deniability.  OTR last slide. Module 6 – Database Security and Privacy  Most popular DBMS is based on relational model  Stores records in one or multiple tables (relations)  Most popular query language is SQL  Result of a query is a subschema  Security requirements o Physical database integrity o Logical database integrity o Element integrity o Referential integrity o Audit ability o Access control o User authentication o Availability  Logical and Physical integrity o Protect against database corruption o Allow only authorized individuals to perform updates o Recover from physical problems (Power failures, disk crashes) o Perform periodic backups o Keep log of transactions to replay transactions since last backup  Element integrity o Ensure correctness/accuracy of database elements o Access control to limit who can update element o Element checks to validate correctness – e.g. element must be numeric within a particular range. Helps against mistakes by authorized users. Typically enforced by triggers (procedures that are automatically executed after an INSERT, DELETE). o Change log or shadow fields to undo erroneous changes. Slide 12. o Error detection codes to protect against OS or hard disk problems.  Integrity: two-phase update – For a set of operations either all of th
More Less

Related notes for CS 458

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.