1 / 50

Computer System Security CSE 5339/7339

Computer System Security CSE 5339/7339. Lecture 14 October 5, 2004. Contents. A3  in Electronic Signatures (Cont.) Operating Systems Security Protection Authentication Access Control Padmaraj’s presentation. Digital Signature Using RSA.

presley
Download Presentation

Computer System Security CSE 5339/7339

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer System SecurityCSE 5339/7339 Lecture 14 October 5, 2004

  2. Contents • A3  in • Electronic Signatures (Cont.) • Operating Systems Security • Protection • Authentication • Access Control • Padmaraj’s presentation

  3. Digital Signature Using RSA • The RSA public-key cryptosystem can be used to create a digital signature for a message m. • The signer must have an RSA public/private key pair.

  4. RSA Review • C = Pe mod n • P = Cd mod n • P = Cd mod n = (Pe)d mod n = (Pd)e mod n

  5. Key Choice (RSA Review) • We start by selecting n to be a very large integer (product of two large primes p and q) • Next a large integer e is chosen so that e is relatively prime to (p-1) * (q-1). • Finally, select d such that e * d = 1 mod (p-1) * (q-1)

  6. Example (RSA Review) • Select primes p=11, q=3. • n = p* q = 11*3 = 33 • Choose e = 3Check gcd(e, p-1) = gcd(3, 10) = 1 (i.e. 3 and 10 have no common factors except 1),and check gcd(e, q-1) = gcd(3, 2) = 1therefore gcd(e, (p-1)(q-1)) = gcd(3, 20) = 1 • Compute d such that e* d = 1 (mod (p-1)*(q-1))d = 7 • Public key = (n, e) = (33, 3)Private key = (n, d) = (33, 7).

  7. Message Signature Generation (Signer) Redundancy Function Formatted Message Encrypt Private Key Signature

  8. Signature Verification Signature Public Key Decrypt Formatted Message Verify Message

  9. Example (generate signature S) -- Signer end d = 53 e = 413 n = 629 m = 250 Assume that R(X) = X S = R(m)e mod n S = 25053 mod 629 = 411

  10. Example (verify signature with message recovery) Public key (e) = 413 n = 629 S = 411 R(m) = Se mod n R(m) = 411413 mod 629 = 250 The verifier then checks that R(m) has the proper redundancy created by R (none in this case) and recover the message: m = R-1(m) = 250

  11. Creating a forged signature Choose a random number between 0 and n-1 for S S = 323 Use the signer’s public key to decrypt S R(m) = 323413 mod 629 = 85 Invert R(m) to m: m = 85 Note that a valid signature (323) has been created for a random message (85) without the knowledge of the signer’s private key. The choice of a poor redundancy function can make RSA vulnerable to forgery.

  12. Selecting a Good Redundancy Function • A good redundancy function should make forging signatures much harder.

  13. Example (generate signature S) -- Signer end d = 53 e = 413 n = 629 m = 7 Assume that R(X) = XX S = R(m)e mod n S = 7753 mod 629 = 25

  14. Example (verify signature with message recovery) Public key (e) = 413 n = 629 S = 25 R(m) = Se mod n R(m) = 25413 mod 629 = 77 The verifier then checks that R(m) is of the form XX for some message X. It is, and we recover the message: m = R-1(m) = 7

  15. Forging signature (revisited) Choose a random number between 0 and n-1 for S S = 323 Use the signer’s public key to decrypt S R(m) = 323413 mod 629 = 85 However, 85 is not a legal value for R(m), so S = 323 is not a valid signature

  16. Simple Scenario of Digital Signature

  17. Getting a Message Digest from a document Hash Message Digest

  18. Generating Signature Message Digest Signature Encrypt using private key

  19. Appending Signature to document Append Signature

  20. Verifying Signature Hash Message Digest Message Digest Decrypt using public key

  21. Operating System Security (Chapter 4) • Protection in General Purpose OS • Authorization/Authentication • Access Control

  22. Memory and Address Protection Bare Machine 0 user memory n

  23. Memory and Address Protection (cont.) Resident Monitor 0 user Monitor Fence register memory n

  24. Address Protection for a resident monitor Fence register 0 memory CPU address Address >= fence true false error n

  25. Other Issues • Multiprogramming • Multiple users • Relocation • Segmentation, paging, combined

  26. Segmentation Segment Table limit base 0 memory CPU (s,d) < true + false n error

  27. paging Page Table f 0 memory CPU p d f d Logical address Physical address n

  28. User Authentication • Knowledge-based techniques (passwords) • Token-based techniques (smart cards) • Biometric techniques (fingerprint) • Two-factor (Card + PIN)

  29. Passwords • Protected Password table • Unprotected Password table with one way hash functions • Attacks

  30. Access Control Policies • Specification of how each user is authorized to use each resource. • In practice, no computer applies a single policy to manage all of its resources. • Scheduling algorithms for CPU  SJF, RR • Storage  paging, segmentation

  31. ACCESS Control Matrix Every object to be protected is within one or more protection domains O2 Domain 1 O1 Domain 2 Domain 3 O2 O4 O1 O3

  32. ACCESS Rights <O2, {execute}> <O1, {read,write}> Domain 1 Domain 3 Domain 2 <O1, {execute}> <O3, {read}> <O2, {write}> <O4, {print}>

  33. What does that mean? • O1 can be read and written in domain 1 and executed in domain 3, O2 can be executed in domain 1 and written in domain 2, O3 can be read in domain 3, and O4 can be printed in domains 2 and 3. • At any given time, the domain is which a user is operating determines what actions are and are not permitted. • If Matthew is in domain 1, he is permitted to: • Read or write object 1 • Execute object 2

  34. Accesses Control Matrix

  35. Access Control Matrix (cont.) • The matrix designates the protection policy. A mechanism is required to enforce the policy. • The OS stores the matrix in memory • Large and sparse matrix • Ordered triples instead

  36. List of Ordered Triples (Domain 1, Object 1, {read,write}) (Domain 1, Object 2, {execute}) (Domain 2, Object 2, {write}) (Domain 2, Object 4, {print}) (Domain 3, Object 1, {execute}) (Domain 3, Object 3, {read}) (Domain 3, Object 4, {print})

  37. List of Ordered Triples (Cont.) For each attempt by a user in Domain i to perform operation O on object j, the OS consults the list of triples. If it finds a triple (i,j,R) where O is a member of the access rights, R, the operation is allowed to proceed; otherwise it is not. The list must be protected from tampering by users Could be very large Search may become a problem Does not take advantage of special grouping of objects

  38. Access lists Object 1: (<Domain 1, {read,write}>, < Domain 3, {execute}>) Object 2: (< Domain 1, {execute} >, < Domain 2, {write} >) Object 3: (<Domain 3, {read}>) Object 4: (<Domain 2, {print}>, < Domain 3, {print} >) An attempt by a user in Domain i to perform operation O on object j causes the OS to consult the entry of the access list for object j. Object j’s list is searched for Domain i’s entry, and the operation is permitted if there is an access right for O.

  39. Default Object 2: (<Default, {read}>, < Domain 1, {execute} >, < Domain 2, {write} >)

  40. Capability List (Object, rights)  capability Domain 1: (<Object 1, {read,write}>, < Object 2, {execute}>) Domain 2: (< Object 2, {write} >, < Object 4, {print} >) Domain 3: (<Object 1, {execute>, <Object 3, {read}> < Object 4, {print} >) Users are given a copy of the capability list for the domain in which they are operating .

  41. How does it work? Domain 1: (<Object 1, {read,write}>, < Object 2, {execute}>) Domain 2: (< Object 2, {write} >, < Object 4, {print} >) Domain 3: (<Object 1, {execute>, <Object 3, {read}> < Object 4, {print} >) When a user wants to perform some operation O, on object j, it passes its capability for j as one of the parameters of O. For example, a user might request to write to Object 2 and passes its copy of <object 2, {write}>. The OS verifies.

  42. Encrypting Capabilities • OS must ensure that users cannot create their own capabilities or alter capabilities they are given. • OS may encrypt capabilities using a secret key before giving them to users. • The OS decrypts and checks the capability each time it is used.

  43. Harrison, Ruzzo, and Ullman (HRU) Model

  44. HRU Model (cont.) • HRU allows the state of the protraction system to be changed by a well defined set of commands: • Add subject s to M • Add object o to M • Delete subject s from M • Delete object o from M • Add right r to M[s,o] • Delete right r from M[s,o] Owner can change rights of an object

  45. Take Grant Model • Unlimited number of subjects and objects • States and state transitions • Directed graph • Four primitive operations: • take • create • grant • revoke

  46. Take Grant Model (Cont.) S2 read O2 execute Read, write read O1 O3 S1 read execute S3

  47. Create S O S becomes rights

  48. Revoke S O S O becomes r1, r2 r1, r2, r3

  49. Take S2 O S1 read take becomes read S2 O S1 read take

  50. Grant read S2 O S1 grant becomes read S2 O S1 read grant

More Related