Last Lecture: Security II

By:Brian Yeh, Ryan Gochee ,David Hwang, Lee Chou

Keys

There are two popular ways to encrypt data:

1. Using a shared secret key (symmetric encryption)
2. Using a public key (asymmetric encryption)

Table of Asymmetric Encryption

What the table above says is if you have data (P) and a public key (U), you can easily encrypt it to ({P}U).  If you have the encrypted data {P}U and the private key (K), you can easily decrypt the data (P).  However, if you have the encrypted data {P}U but only have a public key (U), you cannot easily decrypt it (P).  Also if you only have the public key (U), you cannot figure out the private key easily (K).

What are the disadvantages of using public keys (asymmetric encryption)?
-It is slower.
-It doesn’t solve the key distribution problem; it only changes it.

Example: Symmetric Encryption
Alice and Bob want to talk; they share a secret key, K. (symmetric encryption)

Alice communicates to Bob with "Im Alice" and encrypts the message using private key, K.  Then Bob communicates to Alice, "OK".

However, what if Eve was eavesdropping?  Then, she can intercept the message and act if she was Alice to Bob.

To prevent the situation in Example 1 form happening, we use a nonce (a random beautiful bit string).

Example: Symmetric Encryption using Nonces

After Alice sends Bob, “I’m "Alice", Bob will send Alice a nonce.  Then Alice must send the nonce back to Bob, in encrypted form.  Then, Bob will receive the encrypted nonce back and decrypt it.  If the nonce he sent is the same as the one he receives back, then he will know for sure that Alice is truly Alice.

Even if Eve intercepts Nonce and {Nonce}K, Eve should not be able to calculate K.

Integrity + Authentication + Privacy

A message authentication code (MAC) is used to authenticate a message. 

One such algorithm used to produce such messages is the HMAC algorithm. Use of the HMAC algorithm assumes a shared secret key K.  M is the message.  pad1 and pad2 are random pads of characters.  The output of the HMAC algorithm will output 160 bytes.

The sender attaches this code to the message.  Then the receiver calculates the code itself and compares it to the code it received.  If what it calculated and what it received are not the same, it means the message’s integrity was compromised.

We do not get privacy with just using a MAC alone.  The eavesdropper can still see the message.  Therefore, when we send a message M, we encrypt it with the shared secret key K.

However, there are costs to attaining integrity and privacy.  The overhead is 24% which is a large energy drain.

Below is an example of a typical authentication session using asymmetric encryption.

Example: Asymmetric Encryption using Nonces

Note: Only A knows A’s private key, UA.  Likewise, B only knows B’s private key, UB.  Also, K is a shared key used for only this session.

SSH Protocol/Implementation

From a users viewpoint:
client: ~/.ssh/id_rsa.pub
id_rsa
known_hosts
id_rsa.pub is the public key
id_rsa is the private key (do not copy it or open it, leave on disk
known_hosts has the servers you want to talk to and its public keys

From a servers viewpoint:
server: ~/.ssh/authorized_keys
The server holds authorized host names and public keys.

Example:
Imagine a client as the client. The Treasury Central Bank account is the server.

What if the clients laptop is stolen? Then someone else has the clients private key and that would seem to be bad.

However, the clients private key is encrypted with a passphrase that only the client would know (in their head).

IPsec

Basic concept:
Go one level lower: make the network secure, and leave the applications alone.
The major idea is to have internal network nodes all trust each other, and build an internal virtual network using a shared secret key.

From the application’s point of view:
Unencrypted packets are sent atop a virtual network.

As this protocol is intended for use by large organizations and networks, and also does cost money unlike the free ssh, IPsec is not widely used by college students.

Authorization and Access Control

Access control is how an operating system keeps track of who can do what.

Related factors are:
Privacy: reading files
Integrity: writing files
Trust: access permissions

Access Control Lists (ACLs)
-these keep track of which users have which permissions on which files and objects.

The simplest way is to use a 3D bit array, in which each user would map to an object and also map to a set of permissions associated with that object.

Problems with a 3D bit array:
-too unwieldy and the large size of it is impractical

The UNIX model is to use the 9(+) bits for read, write, and execute access for user, group, and world: the drwxr-x-r-x string often found when using ls –l.

Problems with the UNIX model:
-oversimplified and cannot handle very specific permissions for certain users

Another model uses a linked list of sorts of keep track of users and their permissions for a certain object, as below:

One can inspect ACLs on Solaris by using the commands getfacl and setfacl.

However, this type of ACL can also be very long, and hard to manage.

Another alternative:

Role Based Access Control (RBAC)

These are ACLs that contain roles, instead of users. A role could be something like “administrator”, “grader”, “moderator”, or “technician”. Then, for each user, there is a list of roles that it can assume, and each role has certain privileges. Each session would have a role that the user would assume. Now, the ACLs would be shorter due to only having to keep track of which users could access certain roles, and each role would have actions that they could execute on the system. For example, an dangerous unlink call such as unlink(“d1/d2”); would only be available to system restorers.

Capabilities

• a ticket for an object and action
• records for a process one thing it can do

• Characteristics:

  1. must be unforgeable
  2. must be consulted before any access
  3. implemented with OS/hardware support

Example: file descriptor

• It follows the 3 characteristics:

1. A file descriptor is only valid for one process - if another process steals a file descriptor, it will not be the same entry in that process's file descriptor table
2. file descriptors are an argument for all file functions, e.g. read/write/etc
3. it is implemented by the OS

Two examples to implement a capability:

1. " Pointer " to a table in the OS (like a file descriptor)
   • problem: can't easily send across a network
2. Via hash value ("magic code" that means you know you have access
   • can send this easily across a network
   • can sent the hash to share access/capability

Which software can we trust?

• Trusted software is expensive - auditing, testing, 3rd party checks
• How do you know that software from the internet is good?
• Need some sort of tamper-proof certificate for the software - e.g. a whitelist
  • list of programs to run and its MD5 checksum
  • problem: programs update often, MD5s will have to be updated often
  • list of program sources with their public keys
  • neither way is foolproof, for example, before you have the public key stored for a given source, or it may be changes and result in a false alarm

What can go wrong?

• Human errors - screw-ups in setup - ACLs that are wrong - wrong version of software installed - deliberate misconfiguration (bad guy messed with the settings on setup) - backup restore problems (obsolete data used) - leaked passwords to bad guys (e.g. shoulder surfing)
• computer errors
  • bug in the OS
  • bug in a trusted program (e.g. what if login was bugged?)
  • trojan horses

    example: Ken Thompson's trick

Summary of Ken Thompson's trick

• idea: have a special keyword to universally bypass the login program than one cannot detect and is ubiquitous
• alter login.c to allow all users with a certain name (e.g. "Ken") given root access

  login.c:

  If (strcmp(u, "Ken") == 0)

  return 0;

• compile login.c and send the source code without the above code
• to ensure people don't simply compile the clean version, bug the compiler as well -- even bug it to "fix" itself

  gcc.c:

  if (compiling "login")

  insert above login.c code;

  if (compiling "gcc")

  insert this code;

• distribute the bugged programs, but the clean source code
• even if you use a different gcc compiler than the one Ken Thompson provides, that still means you are trusting someone

Trusted Computing Base (TCB)

Define what you trust and make sure it's safe, but realize that no matter what, you have to trust something.

Recurring Themes in Operating Systems(and computer/network [Apache]/database [Oracle]/etc.) systems

Note that these also apply to other computer systems, e.g. network (Apache), and database (Oracle) systems

• Appropriate levels of abstraction
  • modularity, encapsulation, hide complexity
• Interface specification - a contract between users and implementors
  • crucial for interoperability
  • decide who's in charge -- user, program, 3rd party
  • Interface is not the same as the implementation
  • interfaces with only one implementation should be viewed suspiciously -- e.g. ISO 29500 - Microsoft Word document specification
  • implementation should not be tied to one interface
  • users shouldn't depend on undocumented features
  • Policy vs. Mechanism
  • policy is what you want
  • Mechanism is the "low" level tools used to build it

Something to think about: is Linux Object-Oriented? It was written in C, but what if it was written in C++?