Lecture 23: Network Threats

Today's presentation by Troy covered the WEP (Wired-Equivalent Privacy) cryptosystem for wireless networks. The system used a flawed encryption method and revealed too much information in the packets it creates. Cracking the cryptosystem requires the use of thousands of snooped packets, but this can be collected in little time, and after the collection period, key cracking takes very litle time.

Today's lecture covered network security.

Networks and particularly internet-based networks are particularly vulnerable to attacks. Networks afford anonymity of attackers, plenty of points of attack, easier access, and potentially more security holes if computers with different security systems or OSes are part of the network. The protocol used in a network can also be a weak point if it has vulnerabilities.

There are many aspects to possible attackson a network. All attacks first need some sort of information gathering. Reconnaissance on the vulnerabilities of a network is generally easy. Port scans gather the ports which a computer is listening to. People involved in the network are generally good sources of information if a little social engineering is used.

Eavesdropping on a network tends to be simple. Wired connections can usually be wiretapped stealthily. Wireless connections are even easier to eavesdrop.

Impersonation attacks involve pretending to be some member of a network. This involves either obtaining a password or exploiting vulnerabilities in rights management systems.

Spoofing attacks involve a weaker form of impersonation, but is applicable to more than just users. For example, a phishing attack involves the attacker spoofing a website to look just like another website, with a convincing address to add to the illusion. Spoofing attacks also cover session hijacks and man-in-the-middle attacks.

Session hijacking is a spoofing attack where an attacker hijacks a TCP connection or HTTP session and inserts malicious data or obtains private information. Man-in-the-middle attacks are similar, but instead of masquerading as an endpoint, the attacker becomes an intermediate node, possibly masquerading as both endpoints at once. It may also allow the attacker to alter packets as they move around the network.

Attackers may also attack the topology of the network by poisoning DNS caches, creating "evil twins", or creating "black holes" which attract packets and drops them.

In some cases, the existence of communication alone can be an important information, and traffic flow analysis tries to detect these covert conversations.

Websites have their own sets of vulnerabilities, mostly involving the interaction with a server trying to generate web pages. Some exploits include modified state information, cross-site scripting, buffer overflows, etc. Some vulnerabilities involve the server asking the client to run a certain piece of code (for example, Java applets), and this can be exploited by attackers to harm the user.

(Distributed) Denial of Service attacks a network's availability. This can be done by disrupting physical connections, flooding connection attempts via SYN flooding, ping floods via smurf attacks, etc. Attackers may use botnets to perform these attacks, since they tend to require huge amounts of resources.

All of these attacks are doable with easy-to-get, convenient programs.

Lecture 21 : Trusted Operating System

Lecture # 21 on Monday, April 14th began with a presentation by Gabriel about Non-Malicious Program errors. These are the classic errors that have enabled many recent security breaches. He referred three types of Non-Malicious program errors: Buffer Overflows, Incomplete Mediation & Time-of-Check to Time-of-Use Errors. After mentioning importance of stack, basic ways how buffer can be overflowed were also explained with the help of basic little program. EBP is the address at the beginning of the stack. He explained stack overrun attack with the help of basic algorithm. He concluded the presentation after mentioning some methods to prevent buffer overflow, those are: Non-executable stack, Static Analysis, Dynamic runtime protection, & Use safer versions.
Then, Dr. Gunes gave us an overview of Lecture # 20 during which he talked about trusted operating system design and different security design principles. He highlighted an idea,” after designing a trusted OS how it will complicate the things further”. On one hand he stated an ordinary operating system functions & its security features however on other hand he mentioned a trusted operating system functions and its security features. Further, he mentioned, the kernel is a part of an OS that performs lowest level functions whereas the security kernel is responsible for enforcing security mechanisms for the entire OS. The kernel generally performs 6 functions and those are coverage, separation, unity, modifiability, compactness, and verifiability.
Then, Dr. Gunes moved on to lecture # 21 topics & started with the term reference monitor which is the portion of a security kernel that controls the accesses to objects, in short it acts as a gate keeper. Hardware, processes, primitive files, protected memory & inter-process communication are the system elements on which security enforcement depends. He remarked that a piece of hardware is harder to tamper with, compared to a software. Next, he explained a typical division into TCB & non-TCB sections with the help of a diagram & then he described four basic interactions which TCB monitors & those are: process activation, execution domain switching, memory protection & I/O operation.
Further, he described a combined security kernel/operating system architecture as well as separate security kernel architecture. Physical, temporal, cryptographic & logical are the four ways to separate one process from others. Then, he drew our attention to the concept of virtualization, virtual machine as well as the layered OS design with modules operating in different layers. There are 3 ways to assure that a model, design, & implementations are correct & those are: testing, verification, & validation.
Furthermore, Dr. Gunes moved on to a new chapter & he started with the term security policies. He noted that Military security policy is a hierarchical policy & he emphasized an idea of compartments & sensitivity levels also. He went through classification & clearance concepts. Finally, Dr. Gunes concluded the lecture after describing 4 different security models in brief & those are: Lattice model, Bell-La Padula model, Harrison Ruzzo Ullman model & Take Grant model.

Lab assignment on Trusted Computing

I have uploaded the second lab assignment. The deadline is Tuesday, Apr 27 at 11:00 am.

You may post questions or comments under this blog entry.

Lecture 20 Trusted Operating System

The lecture began today with a presentation by Spencer Dawson on Rainbow Tables and there use to crack passwords. A rainbow table is a lookup table that offers a time-memory tradeoff used in recovering the plain text password from a password hash. The table contains a hash for all possible inputs up to a character limit. These tables have both advantages and limitations. The advantages include the fact that they are built once, and used many times, they make looking for a password faster as the lookup becomes a table search problem, and they are perfect for cracking weak hashes. The limitations on these tables are that they are generated always in the worst case time complexity. They are very large, a table for 8 characters is 134.6 GB, and they become infeasible when passwords are salted.

After the presentation, we continued with a lecture on Trusted Operating Systems. The operating system is a complex system, that is very difficult design and this complexity added with the securities issues makes it a very difficult design problem. By following the path of listing requirements, designing, and then testing the creation of the system can be done. There are several security design principles. These principles include privileges, permissions, separation of privileges, and ease of use. The feature normally included in an ordinary OS include authentication of users, protection of memory, File I/O and location and access control to general objects. Security features in ordinary OS include enforcement of sharing, fair service, and protection of OS protection data. There are more features that are included in an trusted OS including, identifcation and authentication, mandatory access control, object reuse protection, trusted path, accountability and audit, and intrusion detection.

The kernel is part of the OS that performs lowest level functions and the security kernel is responsible for security mechanisms for the entire OS. The kernel is responsible for 6 functions coverage, separation, unity, modifiability, compactness, and verifiability.

Lecture 19: User Authentication (Apr 7)

Lecture 19 began with a presentation of the effects of quantum cryptography on the future of computer security. The discussion was twofold. First the use of photons for data to transfer allows a method of providing complete security against man in the middle attacks (BB84 Protocol). The second topic discussed was the use of quantum computers to defeat security measures that would be infeasible with modern systems (shores algorithm).

Finally Dr. Gunes continued the class with last week’s lecture on Access Control. This portion of the lecture reviewed the benefits and drawbacks of ACL, ACM, and capabilities methods of restricting access control.

This week’s topic, User Authentication, was about how electronic systems identify and authenticate users. Identifying users is a difficult task for machines. Machines can use a variety of features for identification including what a person knows, has, or even a person’s physical features. Each of which has its own disadvantages. We also discussed the additional difficulties of remote logins, and the practice of combining multiple authentication methods for enhanced security.

Lecture 17: Operating Systems Security (Mar 31)

This lecture consisted of two parts: the first of which was a presentation by Evander Jo on code obscurity; the latter half of the lecture was a lecture from Dr. Gunes on operating systems security.

In Jo's presentation, the idea (and issue) of security through obscurity was presented. Essentially, obscurity is similar to stenography but different in that does not necessarily aim to hide information within a message, but rather it aims to confuse the interpretation of a message. A highly used tactic from exploit developers is to obfuscate their code upon completion of an exploit for some arbitrary vulnerability. This will defer the analysis of their code (from security professionals) and therefore allow exploit developers breathing room with respect to the discovery and analysis time of their code. However, when trying to apply security through obscurity, the issue comes from the test of time. It is not desirable to place trust on a system's security when it is based off of obfuscation—because it is only a matter of time until someone correctly interprets the obfuscated code.

In the presentation on operating systems security, Dr. Gunes first provided a brief history and discussion on operating systems. Next, it was outline of what an operating system is exactly trying to protect. Such resources included memory and address protection in that different users should be able to access the same system without compromise or intervention from other users within that system. With that, several protection techniques were discussed to allow for sharing of resources but at the same time separation of these same resources. One such technique was the inclusion of base and bound addresses in which users were supplied a base address and top-level address in memory that only they had access to. However, the issue here is with the efficiency of partitioning. That is, some users may require more space than other users. Later on, other present-day operating system techniques were discussed such as segmentation and paging. The lecture concluded with a brief overview of the Intel x86 architecture.