<p> CHAPTER 8: SECURITY</p><p>CHAPTER OUTLINE</p><p> Basic Concepts  Cryptography  Authentication  Authorization  Security Management</p><p>Basic Concepts</p><p> Security: secrecy (confidentiality, privacy), integrity, availability – intentional intrusion  Reliability: system hardening, fault-tolerance – unintentional faults  Dependability: Security + Reliability  Threat and Defense: Authentication, Authorization, Auditing  Models, Policies, Mechanisms  Least privilege  Trusted Computing Base (TCB)</p><p>Cryptography</p><p>Private-key (symmetric) systems</p><p>P = DK(EK(P)), message confidentiality</p><p> Public algorithms, private (secret) key  One-to-one injective mapping and one-way function  Uniqueness: different messages same key, same message different keys  DES: 64-bit block cipher, 56-bit key, 16-stage transpositions and substitutions  Cipher block chaining  AES  Key distribution Hash functions h = H(m), message integrity</p><p> One-way digest function  Weak and strong collision resistance  Message digest algorithm MD5: 512-bit block, 128-bit digest  Digital signature</p><p>Public-key (asymmetric) systems</p><p>P = DKD(EKE(P)), message confidentiality and user authenticity</p><p> Public algorithms, private (secret) and public key pair  One-to-one, one-way, invertible  Can’t infer one key from the other</p><p> RSA: P= DKD(EKE(P)) = DKE(EKD(P)): P= DKs(EKp(P)) = DKp(EKs(P))  Relying on computational difficulty of factoring two large prime numbers  E: C = MKp mod N, D: M = CKs mod N  100 to 1000 times slower than DES, used for critical information such as keys</p><p>Example: Privacy Enhanced Mail (PEM)</p><p> DEK: Data Encryption Key, one-shot symmetric secret key for encrypting mail message  IK: Interchange Key with a public (IKp) and private (IKs) key pair  MIC: Message Integrity Check, finger print of the mail message  A sends a PEM to B</p><p>EBIKp (DEK) EDEK (M) EAIKs (MIC) RSA DES MD5</p><p>Example: Secure RPC (www.cise.ufl.edu/~chow/sl4.pdf) Authentication Users or principles</p><p>Authentication based on a shared secret key</p><p> Figures 8-12 and 8-13  Reflection attack  Complexity in key distribution</p><p>Authentication using a key distribution center</p><p> Figure 8-15  Needham-Schroeder protocol, Figure 8-17  Replay attack  Use of nonce for freshness and challenge</p><p>Authentication using public-key cryptography</p><p> Figure 8-19  No KDC  Need to authenticate public keys</p><p>Message authentication</p><p> Confidentiality, integrity, plus non-repudiation  Use public-key system  Use message digest to reduce overhead  Use session key to avoid wear and tear</p><p>Secret Sharing</p><p> Multiple digital signature  Information dispersal and threshold schemes Authorization</p><p> Discretionary access control  Mandatory access control</p><p>Discretionary access control</p><p>Subject, object, privilege Access control matrix Reference monitor Sparse ACM Organize in lists, by column, per object: ACL Organize in lists, by row, per subject: CL Grouping of subjects with same privileges: groups or roles Grouping of objects with same privileges: categories Propagation (copy or transfer) of privileges: proxy Review of access rights Access revocation</p><p>Mandatory access control</p><p>System-wide enforcement Flow model – lattice, reflexive/transitive/antisymmetric Multi-level security model – hierarchical security-level, non-hierarchical security category</p><p>Complex access control policies</p><p>Firewall</p><p>Ingress/outgress filtering Packet/application level filtering</p><p>Secure mobile code</p><p>Protecting mobile agent against malicious hosts – secrecy (code/data/state), integrity (read-only state, append-only logs, selective revealing), availability (routing) Protecting hosts against malicious agents – sandbox (class loader, byte code verification, security manager), playground (code-signing, access local references) Protecting agents against other hostile agents – subsumed by the above</p><p>Security Management</p><p>Key Management</p><p>Trusted KDC Diffie-Hellman exponential key exchange – secure RPC and SSL Key distribution using public-key certificates – chained/hierarchical certification authorities (CA) Key assignment Key escrow</p><p>Secure Group Management</p><p>Group communication – shared symmetric-key (CKG) and asymmetric-key, adding a new member, Figure 8-33 How about deleting a member? Previous/residual messages ?</p><p>Authorization Management</p><p>Capabilities vs access control lists Amoeba’s capability Attributed certificates Delegation or Proxy – single-level (Figure 8-37), chained</p>