1 / 10

Host Security Review and Physical Keys

Host Security Review and Physical Keys. Cyber Security Spring ‘05. First portion of course. Access control Discretionary ACL’s in Windows Mandatory access control through type enforcement in SELinux Least privilege Set UID in Unix/Linux Explicit privilege manipulation on Windows

dylan-barry
Download Presentation

Host Security Review and Physical Keys

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Host Security Reviewand Physical Keys Cyber Security Spring ‘05

  2. First portion of course • Access control • Discretionary ACL’s in Windows • Mandatory access control through type enforcement in SELinux • Least privilege • Set UID in Unix/Linux • Explicit privilege manipulation on Windows • Impersonation on Windows

  3. Secure Coding • Considered at three levels • Design: e.g., analyze communication algorithms against common attacks like man in the middle • Implementation: e.g., run buffer overflow checking tools. • Operation: e.g., Turn off unnecessary services • Echoes most good software engineering practices or common sense • Checklists can help remind us of these things

  4. User Identity • Overview of directories • Unifies information needed by many applications in an enterprise • Source of certificates used by PKI • Not a complete panacea, • Overview of network AAA servers • Integrate authentication with network security enforcement devices • Evolved from Dial up technology • Limited cross device authentication • Xauth mechanism configured on enforcing device can be used to use AAA server for IPSec client authentication • Can redirect authentication to other sources • Will examine in greater detail during the network portion of the course

  5. Physical Key Paper • Analysis of master keyed physical locks from a CS perspective. • “Cryptology and Physical Security: Rights Amplification in Master-Keyed Mechanical Locks”, Matt Blaze, http://webtools.uiuc.edu/survey/NonSecureSurvey?id=9931496

  6. Pin Tumbler Keys • Most common type of keys • Key cylinder is held in place by a number of pins • P which ranges from 4 to 7 • In a single keyed lock each pin is cut in one of D locations • D ranges from 4 to 10 • The key is correspondingly cut. Inserting the right key pushes up the pins so the cut part matches the cylinder. • P^D possible keys

  7. Master Keys • In many environments, there is a master key that opens all doors • Or there can be a hierarchy of master keys • The master key that opens all locks is called the Total Master Key (TMK) • In a master key scenario, each pin is cut in two places • One set of cuts occur in all locks in the installation

  8. The problem • Create a master key from an ordinary key and lock in the system • Assume your have access to key blanks and appropriate key cutting devices • And some privacy

  9. The key insight • Cross keys • While the design intended only keys that match the master cutting or the specific cutting, keys with a combination of both cuttings will work on your example lock • You can test each bit in isolation • Moving from a P^D problem to a P*D problem.

  10. The algorithm • Take a blank, and cut P-1 of the bits to the bitting of the custom key. • For the P’th bit, create D-1 keys that try all cuts except the one of the custom key • Or just start with shallowest cut and re-cut the same physical key • The one that works has the correct cut for that bit on the TMK • Do the same thing for all P bits • Don’t do this at home….

More Related