DOCSLIB.ORG

CMSC 426 - Computer Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CMSC 426 - Computer Security Course Introduction CMSC 426 - Computer Security Course Policy • Textbook: Stallings & Brown, Computer Security: Principles and Practice, 4th Edition. • You will be graded on... • Homework problems (problems assigned to individuals; write-ups on Piazza) • Labs (4 group labs) • Exams (midterm and final) Course Materials • Course website: syllabus, schedule, assignments. www.csee.umbc.edu/courses/undergraduate/426/spring18 • Piazza: discussion groups, homework. • Blackboard: grades, materials that I do not want to be visible on the Internet. I will link the website from Blackboard. Course Outline • Security Concepts (1-2 lectures) • Buffer Overflow & SW Security (3 lectures) • Malicious SW & Intrusion Detection (5 lectures) • Cryptography (5 lectures) • Authentication & Access Control (4 lectures) • Network Security (5 lectures) • Economics & Ethics (2 lectures) A Brief History of Security Technologies Culmstock Beacon • Confidentiality? • Availability? Wax Seal • Confidentiality? • Integrity? • Who or what does a user have to trust? Encryption • Confidentiality? • Cryptanalysis advances...ciphers become more complex. • From hand ciphers, to machine ciphers, and modern cryptography. Trust in the End-point • Encryption sufficient. • Keys, codebooks, plaintext in protected enclaves. • Controlled communications in and out of enclave. Encryption Machines • SIGSALY - World War II secure voice. • M-209 - World War II and Korean War tactical encryptor. Computer Networks • Communications no longer so easy to control. • Malicious software exploits security holes. Network Security • Authentication & Access Control • Firewalls • VPNs • Intrusion Detection & Prevention How secure can we be? Trusting Trust • Ken Thompson, Reflections on Trusting Trust, 1983. • Consider a modified C compiler that: 1. When the login program is compiled from source, the compiler introduces a back door. 2. If the C compiler is re-compiled from source, the ability to do (1) and (2) is introduced into the executable output. • The only way to find this is to reverse-engineer the hooked compiler. Other Problems • Complexity of networks and network security • Cryptanalytic advances - e.g. quantum computing, mathematical breakthroughs • Other attacks - e.g. side channels TEMPEST Demo Next Time: Security Concepts.
Load more

Recommended publications
  • Secure Terminal Equipment)
    STE (Secure Terminal Equipment) GENERAL Secure Terminal Equipment (STE) is the next generation STU-III being designed to provide services far beyond the present STU-III devices. The STE offers backward compatibility with STU-III, while taking advantage of digital communications protocols like ISDN and future ATM. The initial release of STE will be an ISDN terminal. STE is designed to take advantage of the key and privilege management infrastructure developed under the Multi-level Information Systems Security Initiative (MISSI) Fortezza Plus Cards. The cryptographics for STE will be located on a removable Personal Computer Memory Card International Associate (PCMCIA) card. This card will be procured separately. SECURE TERMINAL EQUIPMENT (STE) TACTICAL This tactical terminal, manufactured by L-3 Communications, (a division of Lockheed Martin) currently provides secure digital communication for military operational environments. The design is based on an open modular architecture common with the L-3 STE-Office. STE-Tactical is compatible with the Portable Uninterruptable Power Supply System (PUP). The terminal offers backward compatibility with STU-III and DNVT and provides connectivity to ISDN, PSTN, TRI-TAC/MSE and RS-530A ( eg. MILSTAR) networks. Cryptography for the STE is provided by a removable PCMCIA ( Fortezza Plus) based card. The STE as it appeared in 1994. (Photo courtesy Lockheed Martin, now L-3 Communications) SPECIFICATIONS Security Features: Information Protected by PCMCIA Crypto Card . U.S.. Government FORTEZZA Plus, Top Secret to Protected . Secure Access Control System (SACS) - Access Control List (ACL) - Maximum and Minimum Security Levels . Alphanumeric Display for Identification and Authentication . Tempest Design Integrity . Telephone Security Group (TSG) Qualified .
    [Show full text]
  • Non-Proprietary FIPS 140-2 Security Policy: KMF/Wave/Traffic Cryptr
    Non-Proprietary FIPS 140-2 Security Policy: KMF/Wave/Traffic CryptR Document Version: 1.5 Date: January 9, 2020 Copyright Motorola Solutions, Inc. 2020 Version 1.5 Page 1 of 30 Motorola Solutions Public Material – May be reproduced only in its original entirety (without revision). Table of Contents KMF/Wave/Traffic CryptR ...................................................................................................... 1 1 Introduction .................................................................................................................... 4 1.1 Module Description and Cryptographic Boundary ......................................................................6 2 Modes of Operation ........................................................................................................ 8 2.1 Approved Mode Configuration ....................................................................................................8 3 Cryptographic Functionality ............................................................................................. 9 3.1 Critical Security Parameters ...................................................................................................... 11 3.2 Public Keys ................................................................................................................................. 15 4 Roles, Authentication and Services ................................................................................ 16 4.1 Assumption of Roles .................................................................................................................
    [Show full text]
  • Secure Communications Interoperability Protocols (SCIP)
    UNCLASSIFIED/UNLIMITED Secure Communications Interoperability Protocols (SCIP) John S. Collura NATO C3 Agency P.O. Box 174 2501 CD The Hague THE NETHERLANDS [email protected] ABSTRACT The concept of NATO Network Enabled Capabilities, (NNEC) including network-ready communications systems requires a fundamental shift in the paradigms and policies used by NATO and the NATO nations. Enabling these concepts down to the tactical mobile user community will be a challenge. Gone are the days where a single nation brings a combat-ready brigade to a NATO sponsored engagement. Modern brigade-level NATO deployed forces may consist of contributions from many nations. This can be highlighted by the fact that one nation might provide command and control capabilities, another logistics, a third special operations, etc. If communications equipments are purchased from multiple sources in multiple nations, and used in-theatre by the nations contributing to a multinational NATO Response Force formation, (brigade, battalion or corps) there are some inherent issues that require resolution to enable efficient network-ready interoperable communications systems. Adding to these issues are the requirements for secure communications and key management. Which nation or entity will provide the security authority in the deployed segment? Will it be the nation supplying command and control, security, logistics, or some other? Or will it be a NATO entity such as NATO HQ, JFHQ Lisbon, JFC Naples, JFC Brunsum, SHAPE, NAMSA, etc.? Who will be responsible for the in-theatre distribution of cryptographic keying material for the operation? When working with coalitions, how does one define communities of interest such that there is appropriate isolation of operations between different coalitions? Can capabilities be eliminated when a coalition member ceases to be friendly? Efficient net-ready interoperable communications systems are one of the core enabling capabilities for future effective NATO engagements.
    [Show full text]
  • A History of U.S. Communications Security (U)
    A HISTORY OF U.S. COMMUNICATIONS SECURITY (U) THE DAVID G. BOAK LECTURES VOLUME II NATIONAL SECURITY AGENCY FORT GEORGE G. MEADE, MARYLAND 20755 The information contained in this publication will not be disclosed to foreign nationals or their representatives without express approval of the DIRECTOR, NATIONAL SECURITY AGENCY. Approval shall refer specifically to this publication or to specific information contained herein. JULY 1981 CLASSIFIED BY NSA/CSSM 123-2 REVIEW ON 1 JULY 2001 NOT RELEASABLE TO FOREI6N NATIONALS SECRET HA~mLE YIA COMINT CIIA~HJELS O~JLY ORIGINAL (Reverse Blank) ---------- • UNCLASSIFIED • TABLE OF CONTENTS SUBJECT PAGE NO INTRODUCTION _______ - ____ - __ -- ___ -- __ -- ___ -- __ -- ___ -- __ -- __ --- __ - - _ _ _ _ _ _ _ _ _ _ _ _ iii • POSTSCRIPT ON SURPRISE _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I OPSEC--------------------------------------------------------------------------- 3 ORGANIZATIONAL DYNAMICS ___ -------- --- ___ ---- _______________ ---- _ --- _ ----- _ 7 THREAT IN ASCENDANCY _________________________________ - ___ - - _ -- - _ _ _ _ _ _ _ _ _ _ _ _ 9 • LPI _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I I SARK-SOME CAUTIONARY HISTORY __ --- _____________ ---- ________ --- ____ ----- _ _ 13 THE CRYPTO-IGNITION KEY __________ --- __ -- _________ - ---- ___ -- ___ - ____ - __ -- _ _ _ 15 • PCSM _ _ _ _ _ _ _ _ _ _ _ _ _ _
    [Show full text]
  • Original Paper Written & Signed by William F
    / I / I p. I I _., • CRYPTOGRAPHIC EQUIP~lliNT FOR EITHER -SINGLE-ORIGINATOR OR MULTI-ORIGINATOR COMMUNICATION 1. a. Progress in the cryptologic field-during the.past fevT yea.,:s has .led to a basic change in cryptologic philosophy, a change Which has already oeen recognized by and is of im.,­ portant interest to the ASA. b. The t1~ust vrhich 'has heretofore been placed in the ordinary types of crypto-systems, the solution of which depends upon, or is directly or indirectly correlated with, the number of tests that have to be made to exhaust a multiplicity of , / hypotheses based upon keying possibilities, is daily decreasing. The beginning of this decreasing confidence i~ the degree of cryptographic security potentially offered by a vast number of permutations and combinations available of keying possibilities can be traced back to the advent of the application of ~abu~ lating machinery to the solution of cryptanalytic problems. _ Later, when specially designed cryptanalytic machines employ- ing electrical relays came to be constructed and applied, success­ fully to these problems, a real blow was struck at our former concepts of cryptographi·c security. And, now, the assurance that electronic cryptanalytic machinery can be a·pplied to ~?Peed up the solution 9f complex cryptographic systems is tend­ ing· slm1ly to undermine what faith was left in the systems or crypto-mechanisms currently considered as being the best there are, those using rotors with complicated stepping controls .. , ·· . c.- To sum this up, it can be said that, save for orie exception, cryptologic theory and practice during the past 'quar,ter of a c~ntury serves only to corroborat.E? the theoretical validity of·the century-old dictum first enunciated by Edgar Allan Poe: "Yet it may be r·oundly asserted that ht1.man ingenuity cannot concoct a cipher which human ingenuity cannot solve.11 2.
    [Show full text]
  • (U) a History of Secure Voice Codin~: Insights Drawn from the Career of One of Tile Earliest Practitioners of the Art of Speech Coding JOSEPH P
    DOCID: 3860926 UNCLASSIFIED Cryptologic Quarter1y (U) A History of Secure Voice Codin~: Insights Drawn from the Career of One of tile Earliest Practitioners of the Art of Speech Coding JOSEPH P. CAMPBELL, JR., and RICHARD A. DEAN Editor's Note: This artrde Is basecl on one publlshecl In Dlgittl Signal Processing, July 1993, wfth permission ofthe authors. The history of speech coding is closely tied to tion of PCM. A "Buzz" /"Hiss" generator was used the career of Tom Tremain. He joined the as an exciter for the vocoder corresponding to the National Security Agency i~ 1959 as an Air Force voiced/unvoiced attribute of each 20-ms speech lieutenant assigned to duty at the Agency. Llttle segment. Balance of the "Buzz" /"Hiss" generator, did he know then that this assignment would or voicing, represented a major factor in the qual­ shape his career as well as' the future of speech ity of the speech. Early practitioners of speech coding. 1 coders, like Tom, can still be found today speak­ I . ing"Aaahhh" /"Sshhhhh" into voice coders to test Thomas E. Tremain was the U.S. govern- this balance. ment's senior speech scientist. He was a recog­ nized leader and an expert in speech science. From the time of SIGSALY until Tom arrived 1 Tom's work spanned five dife3des of state-of-the- at NSA, several generations of voice coders had art modem and speech co<;Iing innovations that been developed in conjunction with Bell Labs. are the basis of virtually e~ery U.S. and NATO The K0-6 voice coder, developed in 1949 and modem and speech coding standard.
    [Show full text]
  • Provides for the Procurement of Secure Communications Equipment to Navy Ships, Shore Sites, Aircraft, Marine Corps, and United States Coast Guard
    UNCLASSIFIED BUDGET ITEM JUSTIFICATION SHEET DATE May 2009 APPROPRIATION/BUDGET ACTIVITY P-1 ITEM NOMENCLATURE SUBHEAD OP,N - BA2 COMMUNICATIONS & ELECTRONIC EQUIPMENT 3415 Information Systems Security Program (ISSP) 52DA FY 2008 FY 2009 FY 2010 FY 2011 FY 2012 FY 2013 FY2014 FY2015 TO COMP TOTAL QUANTITY COST (in millions) 121.319 100.855 119.054 Continuing Continuing Spares 0.442 0.425 0.319 PROGRAM COVERAGE: The Information Systems Security Program (ISSP) provides for the procurement of secure communications equipment to Navy ships, shore sites, aircraft, Marine Corps, and United States Coast Guard. ISSP protects information systems from unauthorized access or modification of information, and against the denial of service to authorized users or provision of service to unauthorized users. Information Assurance (IA) is a layered protection strategy, using Commercial Off-The-Shelf (COTS) and Government Off-The-Shelf (GOTS) hardware and software products that collectively provide an effective Network Security Infrastructure (multiple level security mechanisms and ability to detect and react to intrusions). IA is critical in protecting our ability to wage Network Centric Warfare (NCW). The following ISSP specific efforts will be funded under this program: SECURE VOICE: The Secure Voice program procures equipment that provides secure voice communication capabilities. Equipment to be procured in FY10-FY11 includes various secure voice strategic/tactical products (VINSON/Advanced Narrowband and Digital Voice Terminal (VACM), KSV-21, Next Generation Internet Protocol Phones (Next Gen IP Phones), Call Manager, Internet Protocol Tactical Shore Gateway (IP TSG), Navy Certificate Validation Infrastructure (NCVI) cards, and Secure Communication Interoperability Protocol (SCIP) Inter-Working Function (IWF).
    [Show full text]
  • Secure Voip Call on Android Platform
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Global Journal of Computer Science and Technology (GJCST) Global Journal of Computer Science and Technology Network, Web & Security Volume 12 Issue 12 Version 1.0 Year 2012 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals Inc. (USA) Online ISSN: 0975-4172 & Print ISSN: 0975-4350 Secure Voip Call on Android Platform By Saruchi Kukkar Lovely Professional University Abstract - In the Secure voice call, the human voice shall be digitized by the Android APIs and the VOIP packets will travel over the SIP layer. The digitization process also includes the encryption phase wherein secure call technique is used in order to generate unique keys every time a call handshake is done. During the Secure Call key exchange, the caller party sends a Secure Call hello packet. Once that packet is positively acknowledged by the recipient party the handshake happens successfully and the call packets get encrypted. Using Secure call, digitized voice data is transformed into cipher text form on third generation GSM data or GPRS servers in android platform which results in a better encrypted voice speed and clarity. GJCST-E Classification: C.2.m Secure Voip Call on Android Platform Strictly as per the compliance and regulations of: © 2012 Saruchi Kukkar. This is a research/review paper, distributed under the terms of the Creative Commons Attribution- Noncommercial 3.0 Unported License http://creativecommons.org/licenses/by-nc/3.0/), permitting all non-commercial use, distribution, and reproduction inany medium, provided the original work is properly cited.
    [Show full text]
  • CSD 3324 SE Secure Telephone, Fax & Data Encryptor
    CSD 3324 SE Secure Telephone, Fax & Data Encryptor Providing integrated voice, fax and data secure communications for mission-critical government applications The CSD 3324 SE is an executive telephone with integrated secure voice, fax and data communications capabilities. The CSD 3324 SE is designed to provide strategic-level security with exceptional voice quality for government office applications. It also interoperates with TCC’s DSP 9000 radio base military encryptor to connect commanders with field forces. Secure Voice Encryption The CSD 3324 SE uses powerful, 128-bit Benefits encryption driving dual, full duplex Teltect-SE data encryption engines. The Strategic-level security DSP-based 9,600 bps vocoder provides Excellent recovered voice excellent voice quality with fallback quality (dual vocoder design) modes to 4,800 bps digital and DSP 9000 analog mode for secure voice Interoperates with DSP 9000 communications over severely degraded radio base military encryptor phone lines and radio channels. Operates over degraded telephone line conditions with Group 3 Fax Encryption auto-fallback Two-wire (RJ-11) Group 3 fax encryption is provided as a standard feature with Easily connects to any Group 3 auto-answer/auto-fax sense, which allows Operational Features fax machine Controlled access — User access to all incoming calls to be screened by the 128-bit encryption (Teltect-SE) telephone. If the call is not a fax call, the secure fax, data and voice communica- telephone rings, giving a user a second tions modes is restricted using user Secret Local Key based — chance to answer incoming voice calls. passwords. 800 keys User-friendly settings allow any incoming User customizable Teltect-SE Menu-based setup — User-friendly menus and outgoing fax call (plain or secure) to crypto algorithm be accepted.
    [Show full text]
  • The First Devices to Secure Transmission of Voice Were Developed Just After World War I
    F, 5 January Cabinet War Rooms SIGSALY The first devices to secure transmission of voice were developed just after World War I. They were substitution devices; they inverted frequencies. High frequencies were substituted for low frequencies and low frequencies were substituted for high frequencies. This was easy to do electronically. But, it was also easy to break. In fact, because much voice is in the middle frequencies and the middle frequencies are not changed much by inversion, it was sometimes possible to get a sense of the message just from the ciphertext. The A-3 scrambler … was based upon 1920s concepts. It divided the voice-frequency band into five subbands, inverted each of them, and then shifted the voice from one subband to another every 20 seconds. David Kahn Cryptology and the origin of spread spectrum In 1941, the United States was not at war although we were supporting the Allies, especially Britain, materially. The United States had a device to secure voice transmission called the A-3 Scrambler. This device used both substitution and transposition to encipher voice. Messages were chopped into small pieces, in each piece substitution was made by inverting frequencies, and the pieces were scrambled. This device was broken by the Germans during Fall 1941. The United States military was aware that the A-3 was not secure. On December 7, 1941, cryptanalysts in Washington, D.C., were in the process of breaking a long ciphertext from Tokyo to the Japanese embassy in Washington, D.C. William Friedman’s SIS team had earlier broken the Japanese diplomatic ciphers, but the naval ciphers had not yet been broken.
    [Show full text]
  • TICOM: the Last Great Secret of World War II Randy Rezabek Version of Record First Published: 27 Jul 2012
    This article was downloaded by: [Randy Rezabek] On: 28 July 2012, At: 18:04 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Intelligence and National Security Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/fint20 TICOM: The Last Great Secret of World War II Randy Rezabek Version of record first published: 27 Jul 2012 To cite this article: Randy Rezabek (2012): TICOM: The Last Great Secret of World War II, Intelligence and National Security, 27:4, 513-530 To link to this article: http://dx.doi.org/10.1080/02684527.2012.688305 PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and- conditions This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material. Intelligence and National Security Vol. 27, No. 4, 513–530, August 2012 TICOM: The Last Great Secret of World War II RANDY REZABEK* ABSTRACT Recent releases from the National Security Agency reveal details of TICOM, the mysterious 1945 operation targeting Germany’s cryptologic secrets.
    [Show full text]
  • SL700 Secure Communications
    SL700 Secure Communications HOMELAND SECURITY STRATEGIES GB LTD Secure Communication for Land line phones to protect both Voice & Data Transfers • Secure Voice Calls • Secure E-mail Attachments • Secure Voice Communications via PBX • Secure Point to Point File Transfers (connected to computer) • Secure Files in any Computer, Network or on the Internet • All This In Self Contained Units! Secure communications has been a dangerous game until now. The Secure Line 700 Thanks to the Secure Line 700 the game is over. HSS’ remarkable can protect important breakthrough in communications security, the Secure Line 700 is a information contained in your systems as well High Grade Encryption product that trumps technology with better as securing the communication of an e-mail technology. attachment and point to point file transfers. This encryption product combines the communication technology of Connect any compatible cell phone through the HSS with the Harris corporation's Citadel™ CCX cryptographic RS 232 Jack to the Secure Line 700, insuring chip. The result is a compact and portable security system that cryptographic communications of information ensures your e-mail, voice, fax, and data communications are between the 2 secure Line 700's. The secure secure. line 700 allows secure simultaneous voice communication (SVD) and file transfer over The Secure Line 700 connects to ordinary telephone lines, allowing ordinary telephone lines. easy encryption of voice communication between Secure Line 700 units. The secure line 700 provides a simple method of encrypting your computer files. Select encrypt and save files through the The Secure Line 700 - because confidentially Secure line 700 insuring that you important information is kept isn't a luxury, it is a necessity.
    [Show full text]