UNIVERSITY of WISCONSIN-MADISON Computer Sciences Depar tment CS 537 A. Ar paci-Dusseau Intro to Oper ating Systems Spr ing 2000 Questions ans w ered in these notes:
•Ho w does one increase le vel of secur ity?
•What is pub lic k e y encr yption?
•What is pr iv ate k e y encr yption?
•Ho w is each used f or secur ity?
•Ho w is each used f or authentication? Reading f or topic: Chapter 19 & 20
Secur ity Solutions and Encr yption
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.2Regaining Secur ity Ma y be impossib le to secure system once penetr ated •Not all possib le to tell that secur ity violation occurred Villain can remo ve all tr aces from log fi les
•Hooks could ha ve been left around f or the imposter to regain control
•Cannot restore system from bac kup tapes Attac k could ha ve occurred ear lier than suspected Only solution
•Remo ve all files from disk and reinstall all softw are
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.3
Wh y Less a Prob lem with Humans? Humans do not easily f orget e vents •Computer memor y is v olatile
•Ma y lea ve no tr ace of past e vents Humans usually kno w who the y are inter acting with
•Anon ymity occurs easily on computers
•Cannot tell who is doing what
•Assume person logged as tr ue self Do not usually tr ust personal proper ty to ne w acquaintances
•More tr usting of computers
•An y prog ram y ou r un could modify an y of y our files
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.4
Secur ity Solutions Logging •Record all impor tant e vents and uses of pr ivilege in an indelib le fi le Wr ite-once disk
•Examples Attempts to specify an incorrect pass w ord All logins All super-user actions
•Can be used to catch imposters dur ing initial attempts and f ailures
•Ev en better to get humans in volv ed at k e y steps One of the solutions f or Electronic Funds T ransf er (EFT) P er iodically chec k logs f or str ange e vents
•Dr a wbac k: Can leak pass w ords into logs
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.5
More Secur ity Solutions Caller identifi cation •Telephone: tr aditional f or callers to be anon ymous , b ut not receiv ers V er y diffi cult to catch electronic thie ves
•Need a change of polic y to eliminate caller anon ymity
•Solution: Callbac k Pr inciple of minim um pr ivilege (need-to-kno w):
•Each piece has access to minim um inf or mation, f or minim um time
•Example File system cannot touch memor y map , memor y manager cannot touch disk b loc ks
•Reduces chances of accidental or intentional damage
•Impossib le to pro vide absolute inf or mation containment Co ver t channels
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.6
Encr yption Goals •Secure comm unication: No one can ea vesdrop
•A uthentication : Estab lish identify of source; inf o cannot be modifi ed Mechanism: Con ver t data to f or m that does not mak e sense
•Initial readab le te xt that needs protection: clear te xt
•Encr ypt the clear te xt so that it does not mak e sense: cipher te xt Controlled b y function or n umber :
encryption key Encr ypted te xt can be stored in readab le fi le or tr ansmitted o ver unprotected channels
•To mak e sense of cipher te xt, decr ypt it bac k into clear te xt P erf or med with secret function or n umber : decr
yption key Based on f actor ing v er y large n umbers (product of tw o pr imes)
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.7
Necessar y Conditions Encr yption function cannot be easily in ver ted •Cannot disco ver clear te xt unless kno w decr yption k e y K e ys m ust be protected
•If encr yption and decr yption k e ys are identical, cannot leak either k e y Encr yption and decr yption m ust be done in saf e place
•Otherwise , could snoop clear te xt
•Tr usted computing base (TCB) Softw are and hardw are that m ust beha ve correctly
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.8
Pub lic K e y Encr yption Tw o k e ys f or e ver y user : Pub lic and pr iv ate k e y •Ev er yone kno ws all pub lic k e ys
•Only host kno ws the pr iv ate k e y (secret k e y) Requirements
•Cannot der iv e one from kno wing the other
•Pub lic and pr iv ate k e ys are in verses of the other Encode with pr iv ate k e y of A --> Decode with pub lic k e y of A {Message}
SA Encode with pub lic k e y of A --> Decode with pr iv ate k e y of A {Message}
PA
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.9
A uthentication with Pub lic K e ys A uthentication •Reliab ly identify the sender of a message
•Example: A sends to B; B m ust kno w A sent message A->B: {Message}
SA B: Can decode {Message}
SA with P A No one else b ut A could ha ve encoded a v alid message P ositiv e Identifi cation
•Example: “I ag ree to pa y Mar y $100 per y ear f or dur ation of m y lif e”
•If message can be decr ypted with your pub lic ke y, then wr itten b y you An yone can v er ify author of message
•Electronic signature: Can be legally binding
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.1
Secur ity & A uthentication with Pub lic K e ys Secure comm unication •Ensure that no one can snoop on messages
•Example: A sends to B A->B : {Message}
PB B: Can decode {Message}
PBwith SB No one else b ut B can decode {Message}
PB •An yone can send such a message to B Combine abo ve str ategies f or both secur ity and authentication
•Example: A sends a message to B that only B can read; B kno ws that only A could ha ve created message A->B : {{Message}
PB}
SA B: Can decode {{Message}
PB}
SAwith P A to {Message}
PB B: Can decode {Message}
PBwith SB to get Message
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.1
Example with Pub lic Encr yption Ho w to encr ypt a message giv en the f ollo wing requirements? •All comm unication channels are insecure
•There are three par ties in volv ed P: the or iginal sender of the message S: an inter mediar y receiv er of the message E: the fi nal receiv er of the message
•Only E can read the message
•E m ust kno w that the message w as wr itten b y P
•The message m ust pass through S bef ore getting to E
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.1
P otential Limitations of Encr yption Ea vesdroppers can repla y messages •Repla ying old messages ma y confuse par ties Ev en though ea vesdropper does not kno w what the y are repla ying...
•Solution: Sequence n umbers (nonces) or timestamps in messages Ho w do y ou tr ust pub lic k e y?
•Y ou hear : “Andrea’ s pub lic k e y is K” Prob lem: Who said this?
•Solution: A uthentication Ser ver that e ver yone tr usts Ev er yone kno ws pub lic k e y of authentication ser ver : P AS AS -> A: {Pub lic k e y of B is PB}
SAS A can decode and kno w that only AS could ha ve sent PB F ail-Secure: Secure if par t of system f ails
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.1
Tr aditional Encr yption Another prob lem: Slo w encoding and decoding •200 Kbits/sec in hardw are
•.5 Kbits/sec/MIPS in softw are Alter nativ e: Single pr iv ate k e y f or better speed
•1200 Kbits/sec in hardw are
•400 Kbits/sec/MIPS in softw are Example: Data Encr yption Standard (DES)
•Associate pr iv ate k e y with session betw een tw o users Prob lem: Ho w do y ou e xchange pr iv ate session k e y?
•Cannot send pr iv ate k e y unencr ypted o ver channel!
•Solution #1: Use pub lic k e y encr yption to e xchange session k e y
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.1
Exchanging Session K e ys A uthentication ser ver : Kno ws pr iv ate k e ys of all users Example •A w ants to talk securely with B , B m ust authenticate A is sender Simplifi ed algor ithm (without w orr ying about repla y attac ks)
•A asks authentication ser ver f or a session k e y with B No encr yption needed
•A uthentication ser ver replies with ne w con versation k e y CK AS->A: {CK, {A,CK}
KB}
KA If decr ypted message mak es sense , only AS could ha ve sent message Only A can decr ypt message and get CK
•A sends message to B telling it the k e y A->B: {A,CK}
KB No one could modify message to change name of sender
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.1
Secure Signatures with Pr iv ate K e ys Prob lem: Ho w do I kno w if binar y fi le w as modifi ed in tr ansit? •If not w orr ied about ea vesdropping, f aster to not encr ypt entire fi le Solution: Secure chec ksum or char acter istic v alue
•Also called Message Digests or Digital fi nger pr int
•Function(Message) = large integer (e .g., 1024 bits) Diffi cult to fi nd another message that maps to same integer Example: A sends fi le to B
•A calculates chec ksum of fi le; ask authentication ser ver to encr ypt
•A sends message and encr ypted chec ksum to B A->B: fi le , {CK}
KAS •B receiv es fi le and computes chec ksum
•B asks AS to decode CK so it can compare tw o B->AS: {CK}
KAS AS->B: {CK}
KB A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.1
Impro ving Encr yption Saf ety Ho w saf e is encr yption? •DES 56 bit k e y --> 2
56 possib le k e ys
•Cr ac k b y guessing with man y machines --> RSA Challenge Solutions
•Upg rade encr yption as computers become more po w erful
•Remo ve kno wn patter ns from the clear te xt Example: Y our name Compress clear te xt bef ore encr yption
•Do not send large amounts of inf or mation with the same k e y Change k e ys frequently Implication f or digital signatures o ver lif etime?
A.Arpaci-DusseauCS 537:Operating Systemsencryption.fm.1