- Common criteria [ISO15408]
- An international standard for computer security certification
- Protecting digital assets from threats
- Inability for attackers to achieve:
- Adversarial goal (breaching any of:)
- Confidentiality
- Integrity
- Authenticity
- Availability
- Accountability
- Means of resources of the adversary
- Access to the system
- Adversarial goal (breaching any of:)
- Profits and other benefits
- Political activism, terrorism
- Enjoyment
- Development of science and offensive technology
- Bugs or not caring
- Programming is done with an absence of security considerations
- Economics/business
- customers do not see/care about security
- security measures sometimes reduce usability
- Measuring or/and assessing risks
- Developing strategies and solutions to manage risks:
- reduce/avoid and handle risks
What remains after defences are in place.
- Prevent
- Deter
- Hinder
- Detect
- Monitoring/logging
- Anomaly analysis
- Respond
- Incident management
- Forensics
- Change procedures
- Install new technologies
- Formal analysis of all known attack venues
- Types of nodes
- OR nodes (look like an arrow)
- AND nodes (like an arrow but with a semi-circle inside)
- Labelled with probabilities or cost estimates
- Main goal is at the top
- Create entry barriers for competitors
- Defend against hackers
The system must retain secure should it fall in enemy hands..
- Researchers should disclose vulnerabilities to the system owners and give "reasonable time" to fix them
- Benefits
- Creates incentives for fixing vulnerabilities
- Companies advertise bounties
- Inspired by simplicity and restriction
- Simplicity:
- Makes designs/mechanisms easy to understand
- Less to go wrong with simple designs
- Restriction:
- Minimises power of an entity
- Can only access info it needs
- Can only communicate with other entities when necessary
Principles
- Secure the weakest link
- Security only as strong as weakest link
- Attackers go for weakest point in a system
- Defence in depth
- Defend a system using several independent methods
- Redundancy and layering to not rely on one defence
- Consider: people, technology, operations
- Fail secure
- For a type of failure, access or data are denied
- Grant least privilege
- Every module can only access what it needs
- Separation of privileges
- Split system into pieces, each with limited privileges
- Segregation of duties
- Hard for one person to compromise security
- Economise mechanism
- Avoid overly complicating a system
- Complexity leads to insecurity
- Designer can't keep up
- Harder to analyse security
- Authenticate requests
- Assume that operating environment is hostile
- Put checks to ensure dependencies haven't been compromised/spoofed
- Anticipate command-injection, XSS, etc.
- Control access
- Accesses should be checked
- Up-to-date permission checking (not caching authority granting results)
- Assume secrets not safe
- An attacker will know how the system works
- An attacker can find keys in binaries, use tools at disposal, etc.
- Make security usable
- Annoying security/product will be avoided by users
- Promote privacy
- Only collect personal info required
- Store personal info securely, limit access
- Delete personal data once purpose is served
- Only store encrypted data
- Audit and monitor
- Record what actions were performed and by who
- Disaster recovery and accountability
- Record what actions were performed and by who
- Proportionality principle
- Maximise utility vs maximise security?
- Maximise utility while limiting risks
- to acceptable level
- within reasonable cost
Trusted: Something that could break security policy Trustworthy: Something that will not break security policy
- Encryption key used to encrypt and decrypt
- Typically use a block cipher
- Block modes such as "counter-mode"
- Needs randomness for security
- Takes a message of any size and outputs a hash value of fixed length
- H(x) = H(y) implies x = y with huge probability
- Public key (encrypt) and secret key (decrypt)
- Very difficult to retrieve secret from public
- Allows building encryption without needing key agreement
-
No block modes for public key encryption
- Would be too slow for long messages
-
To encrypt long message m using public key pk:
- Choose random symmetric key, k
- Encrypt m with k: c1 = enc(k, r1, m)
- Encrypt k with pk: c2 = enc(pk, r2, k)
- Send c1, r1, c2
- Public and secret key
- Used for authentication (signatures)
- Signature checking algorithm only returns true if signature used correct secret key
Server has public key pk
- Client->Server: "hello", random rb
- Server->Client: pk, random rs
- Client->Server: random pms, encrypted with pk
- Server sends public key
- Session encryption key established from server public key
- Trusted third party that asserts that a public key belongs to a website
- CA signs certificate to do this
- Browser knows the verification key to verify a public key's signature
- CA verification keys built into browser
-
Physical security
-
Firmware/OS security
-
Application security
-
Protects devices against
- Malicious applications
- Rootkits
Distributed using OS specific applications, designed to exploit the operating system vulnerabilities
- High success rate, masquerading as useful applications
- Often used to install more dangerous malware (e.g. backdoors, rootkits)
{Missing notes}
- Counter based version control
- Blacklist version control
- eFuses (physically blow when firmware is updated)
- Apple nonce based protocol: random unique value generated at every restore, signed by Apple
- Encryption of large data slow with public key encryption
- Steps:
- Encrypt data with symmetric key encryption
- Encrypt symmetric key with public key
- Send both encrypted data
- Does:
- Protect data while resting
- Protect data from apps that don't have access to the keys
- Protect data if stolen or accessed
- Doesn't:
- Prevent data loss
- Make the system more resilient
- {Missing point}
(Stuff about what's encrypted and what's not.. e.g. kernel not encrypted)
- USB stick
- Easy
- Requires USB on system
- Vulnerable to stealing
- TPM
- Difficult to set up
- Transparent
- Protected from stealing
{Missing notes}
{Missing notes}
- Protecting metadata, using public key crypto gives larger attack surface
- Symmetric doesn't have this problem and is more efficient
- Symmetric keys are hard to share
- Use public key exchange protocols to share
We want:
- Content security: data is encrypted
- Metadata security: ownership info, timestamps, access rights, ciphertext length, etc.
- Access pattern security: when accessed, who accesses, how accessed, etc.
We can decrypt emails with key, but can the email provider? Solution: Searchable encryption.
- Generate searchable index (precomputed search)
- Foreach(doc in DB.docs){ foreach(word in doc) { if (word == keyword) { store(doc.id) } } }
- Store index encrypted in the cloud
List keywords associated with documents
- Efficiency:
- As no. of docs increases, so does time
- As no. of keywords increases, so does time
List documents associated with keywords
- Efficiency:
- As no. of keywords increases, so does time
{ Missing notes}