Introduction to computer and network security. Session 1 : Introduction and definition of main concepts

Transcription

1 Introduction to computer and network security Session 1 : Introduction and definition of main concepts Jean Leneutre jean.leneutre@telecom-paristech.fr Tél.: Page 1

2 I- Introduction Context Security trends in the US Picture taken from "CSI/FBI , Computer crime and security survey", Page 2

3 I- Introduction Context Security trends in the US Picture taken from "CSI/FBI 2008, Computer crime and security survey", Page 3

4 I- Introduction Context Common computer exploits Common exploits ( Cross-site scripting Buffer overflow SQL injection PHP remote file inclusion Directory traversal Information leak DoS caused by Malformed input Symbolic link following Format string vulnerability Cryptographic error Page 4

5 I- Introduction Context Evolution of security (1/2) q q q q q Security in the military domain (communications) Jamming Confidentiality of messages through the use of cryptology (Enigma machine) System security MULTICS: "computer security by design" "Orange Book" (TCSEC, DoD, 1983) Distributed system security Kerberos (Athena project ) Advances in cryptology DES (symmetric, 1976), then RSA (asymmetric, 1977) Network security Public Key Infrastructures (PKIs) Security protocols (IPSEC in 1995, SSL in 1996, ) and architecture (firewalls, VPNs, IDSs, ) Page 5

6 I- Introduction Context Evolution of security (2/2) q Introduction of trusted modules/devices Smartcards q Content security DRM (Digital Right Management), Steganography (Watermarking) q Security nowadays Identity Federation, "Single-Sign-On" (SSO) Evolution of cryptology (AES, elliptical curves, hash function ) Trusted Computing (TPM) Information privacy (RFID) Cloud Computing security q Security in the future Security of open and mobile systems : vehicular networks (VANETs) Quantum cryptography? Page 6

7 I- Introduction Perimeter of security Security vs. Safety q Security («Sécurité»): Security = Confidentiality + Integrity + Availability Protect information against intentional and non-intentional threats (virus, Trojans, users errors, ) Assets Immaterial entities (contents and services) Material entities linked to the Information System (IS) q Safety («Innocuité») Protect against harmful events Assets Security of humans Tangible possessions Page 7

8 I- Introduction Perimeter of security Security vs. Dependability q Dependability («Sûreté de Fonctionnement») Definition : Dependability = integrity + availability + safety + reliability + maintenability Confidentiality Integrity SECURITY DEPENDABILITY Availability Safety Reliability Maintenability Page 8

9 I - Introduction Perimeter of security Security of information system vs computer security q Information System: An Information System is the set of entities that store, process, manage, and distribute information in an organisation. Entities = personnel, data, hardware, software,.. q Information System Security includes: Computer and network security Physical security (buildings) Page 9

10 I- Introduction Perimeter of security Potential targets q Information System From state institutions, or private enterprises q Networks Home networks LANs Wireless networks: WiFI, WiMax, Bluetooth, RFID q Telecom networks Telephone network Mobile phone networks (GSM, GPRS, UMTS) q Broadcasting networks Television, Satellite networks, localisation networks (GPS) Page 10

11 I- Introduction Security sectors q Different sectors of security in France with their own requirements 1. Restricted sector with classified data («secteur réglementé») «Secret de Défense»: French ministry of Defence, SGDN (Secrétariat Général de la Défense et de la sécurité Nationale), 2. Non restricted but controlled sector Sensitive sectors: companies working with Ministry of Defence (Thales, Dassault, ) 3. Non restricted and non controlled sector (sensitive but non classified data) All the other activity sectors Page 11

12 I- Introduction Objectives of the course q Introduction of the fundamental concepts of Information Security + Presentation of the main vulnerabilities/attacks (lecture 1 & practical session 1) q Introduction to cryptography (lecture 2 & practical session 2) q Presentation of authentification function and mechanisms (lesson 3) q Presentation of Access control models and mechanisms (lesson 4) Reference Book : Dieter Gollman, Computer Security, 2nd edition, Wiley, 2006, ISBN Page 12

13 Outline I- Introduction II- Definitions III- Vulnerabilities and attacks Page 13

14 1. Security properties q Usual definition : Security = set of properties including at least Confidentiality («Confidentialité»): no non-authorized divulgation of information Integrity («Intégrité»): no non-authorized modification of information Availability («Disponibilité»): no non-authorized retention of information or resources q In one sentence No non-authorized actions è Authorized actions are defined in the security policy Page 14

15 1. Security properties q Confidentiality No non-authorized divulgation of information Only authorized entities are able to observe information Access operations: read, print, list a directory, Examples: confidentiality of a text, confidentiality of a network flow, Attacks: eavesdropping, password cracking, cryptanalysis of a ciphering algorithm, Secrecy / Privacy («Intimité») Confidentiality of personal information in the latter case Page 15

16 1. Security properties q Integrity No non-authorized modification of information Only authorized entities are able to modify information Access operations: write, delete, creation, change status, Examples: integrity of a message, integrity of a program, integrity of a database, Attacks: insertion of a virus, modification of an access control list, Several meanings depending on the context No modification: integrity of communications (detection and correction of modifications due to transmission errors or intentional manipulation) Modifications must satisfy some properties: integrity of relations in a database (consistency), integrity of a variable in a program, Modifications must only be performed by trusted entities (human, process) Page 16

17 1. Security properties q Availability No retention of information or resources Authorized entities can obtain information or use a resource Access type: execute, download, Example: availability of a server, availability of a network Attacks: jamming attack in a wireless network, Denial of Service (DoS) caused by a flooding attack on a server, Several aspects Presence of information or usability of services Ability to answer to a request, Ability to answer to a request in bounded time, Fairness in resource allocation Usually in security Availability = no Denial of Service Page 17

18 1. Security properties q Interdependencies between confidentiality, integrity & availability Confidentiality Integrity Availability Mutual exclusion Example: a strong confidentiality protection based on robust cryptographic mechanisms may impact availability Causality relation Example: integrity must be a pre-requisite to ensure confidentiality An attacker may bypass read access control mechanisms to files by modifying an access control table used by the OS Page 18

19 1. Security properties q Other security properties Accountability («Imputabilité»): to be able to determine who is responsible for any action against the security policy Requires Auditability: to be able to trace the events impacting security during a given period Requires user Identification/Authentication Non-repudiation: to be able to provide a proof that an action has been performed by a given entity Impossibility for an entity to deny the reception or emission of a message Requires use of digital signatures and time-stamps Page 19

20 1. Security properties q Properties related to dependability Reliability («Fiabilité») Capacity of a system to provide a correct service Characterized by the probability that a component or the system works on a time interval [0,t] Metrics: Mean Time Between Failures (MTBF) Maintenability («Maintenabilité») Capacity of a system to work again after a fault Metrics: Mean Time To Repair (MTTR) Page 20

21 1. Security properties q How to assess security? Quantitative approach Use the number of vulnerabilities already detected and the time required for detection to predict the discovery time for next vulnerability Measure the attack surface of a system (number of interfaces, number of dangerous instructions used in a code, ) è Quantitative approaches rarely used to assess security Qualitative approach Risk analysis: assess risks that threats assets è Methods: EBIOS (DCSSI), MEHARI (CLUSIF), CRAMM, OCTAVE, Page 21

22 2. Asset, vulnerability, threat and risk q Asset («Actif» ou «Bien»): everything which has a value Medium assets or entities Hardware, Software, Include also locations (server room) and humans (system administrator) Essential assets q Asset valuation Information example: a list of names Function processing information example: a ciphering algorithm Supposing the asset is compromised Medium asset: financial cost Essential assets: Impact (loss of reputation, loss of competitive advantage, ) Page 22

23 2. Asset, vulnerability, threat and risk q Vulnerability Security flaw in a component of the system (medium asset) Problem in the requirements, functional specification, design, implementation or during the deployment Examples : Program with known flaws (no verification of buffer size) Account providing privileges, with password set at default value Principle of the weakest link in a chain (Principe du maillon faible) : vulnerability level of a system = vulnerability level of its weakest component (easier to exploit for the attacker) Vulnerability analysis: find the vulnerabilities in a system Vulnerability databases: CERTs (Computer Emergency Response Teams, SANS ( Vulnerability scanner: tool automating the identification of vulnerabilites using a vulnerabilities database (example: Nessus) Page 23

24 2. Asset, vulnerability, threat and risk q Source of a threat Type Human origin (user or hacker), natural origin (river, ) Non intentional cause or intentional cause (attacker) Internal vs. external Attacker model or Attacker potential (in case of an intentional origin) Motivation Expertise (technical skills, ) Available resources (financial resources, time, exploits ) Page 24

25 2. Asset, vulnerability, threat and risk q Threat (Menace) Method used by the source of the attack Intentional threat = attack Non intentional threat = errors Exemples : Eavesdropping, River flooding, Buffer overflow attack, Page 25

26 2. Asset, vulnerability, threat and risk q Attack types Passive attack: Attack only requiring interception Active attack: Attack requiring interruption or modification or forging q Steps during an attack: Information gathering Identification of vulnerabilities Implementation and execution of the attack Page 26

27 2. Asset, vulnerability, threat and risk q Threat scenario Scenario with a likelihood, grouping a threat, its source, a vulnerability exploited by the threat, and a medium asset. Example: A hacker perform a buffer overflow attack exploiting a non verification of input size in a system program (moderatly likely) Page 27

28 2. Asset, vulnerability, threat and risk q Risk Likelihood of a threat scenario + importance of the impact Risk assessment using a table Impact Threat Risk management Reducing, transferring or taking the risk Residual risk: risk still existing after the risk processing Risk analysis methods: Ebios, Mehari, Cramm, Octave, Page 28

29 2. Asset, vulnerability, threat and risk Owner applies Counter-measures protects reduces may induce Risk Vulnerability linked to Asset loss produces Impact exploits Loss rating: LR Attack uses Source of attack Threat scenario Likelihood: L Page 29

30 3. Security policy, measure, function, mechanism q Security objective Define the security properties required for a given essential asset (information) Example: confidentiality of the specification of the new software q Security measure or counter-measure Physical, organisational or technical measure Technical counter-measures: security function and mechanisms in order to satisfy security objectives Reduce vulnerabilities or the impact and thus risks May induce new vulnerabilities Page 30

31 3. Security policy, measure, function, mechanism q Prevention: measures to avoid an incident Training of non expert users to security Dissuasion Watermarking (insert copyright statement in an electronic image) Protection Cryptography (art of secret): hide information to third parties Steganography (art of dissimulation): hide information in another content (hide both information and its existence) Acces control (filtering using a firewall) Misinformation (of attacker) Use deception techniques to counter or slow down attacker (Honeypots) Before the incident Page 31

32 3. Security policy, measure, function, mechanism q Detection: measures to detect the incident Intrusion detection (IDS) q Correction : measures to mitigate the consequences of an incident Confinement: quarantine isolation, modification of filtering rules (IPS, Intrusion Prevention System) Ensure availability during an attack (load balancing) Beginning of the incident During the incident q Recovery: measures to recover the losses after the incident Understand the incident and search evidence: Computer Forensics Repair the damages (restore the resources in their initial state) Fix the vulnerabilities to prevent future similar attacks Legal action against cyber-criminals, against a third party After the incident Page 32

33 3. Security policy, measure, function, mechanism q Security Policy (Politique de sécurité) Set of laws, rules and usages that specify how assets must be managed, and protected inside an organization Specifies the authorizations, forbidden actions and obligations of subjects that access to the SIs Includes organisational, physical and technical aspects of security Page 33

34 II- Terminologie de la sécurité 3. Security policy, measure, function, mechanism q Security function Technical measure providing a security objective Example : classes of security functions introduced in Common Criteria (CC) FIA: Identification and Authentication FTA: Target of Evaluation Access FAU: Security Audit FPR: Privacy FCO: Communication security FDP: Protection of user datas and others (11 classes) Page 34

35 3. Security policy, measure, function, mechanism q Identification : declaration of an identity by an entity Example: entering your login q Authentication (Entity authentication): process that checks the identity Verifies that a user is indeed the person he pretends to be Example : verification of password entered after the login Pre-requisite for access control Functionalities associated to authentication Identity management: add new identities, remove, Ensure integrity of authentication credentials / information Allow authorized users to access to information requiredto check users identity Limit the number of online successive attempts to establish a false identity Reuse of authentication (single-sign-on) Page 35

36 3. Security policy, measure, function, mechanism q Access Control: Function controlling that subjects (users and processes) can only access to information and resources, if they have the corresponding authorizations Functionalities associated to access control q Flow Control: functions that manage the authorization specifications Function that controls the information flows between objects Page 36

37 3. Security policy, measure, function, mechanism q q Audit Function ensuring that information concerning events potentially impacting security is recorded, so that a further examination is able to determine whether there has been a security problem Acountability Function ensuring that actions from a user (or user s process) are recorded so that it is possible in the future to determine who was responsible for a given event q Privacy Function ensuring the privacy of the data and actions of a user May be in conflict with other functions (audit and accountability) Page 37

38 3. Security policy, measure, function, mechanism q Security mechanism Algorithm or protocol implemented via hardware or software to provide a security function Ensure that the system does not accept non-authorized actions Example: authentication mechanisms One-time password protocol HOTP Challenge response protocol KERBEROS Security mechanism must also be secured Page 38

39 3. Security policy, measure, function, mechanism Owner defines defines objectives on Security Policy Attacker threats Assets Security Functions enforced by Implemented with Security Mechanisms Système sécurisé Page 39