​

Security Fundamentals

Lecture 7

jaysa

​

Security Basics

​

Why do we care?

• Hospitals suffering from ransomware attacks (DNI)
• Financial security
• Equifax breach, First American Financial
• Personal information
• Job security!
• According to the Bureau of Labor Statistics, 33% predicted increase in jobs from 2022 to 2032 (most hover at 3%)

Basic Principles

• Security is economics: resource allocation
• Least privilege: minimum needed to perform action
• Defense in depth: layers and layers
• Complete mediation: continuous authentication
• Accounting for human factors: errors

Most important: know your threat model

Understand what is at risk and what you can do to minimize risk

Security Goals and Implementation

1. Confidentiality
1. Ensure only those with approved access can read data
2. Integrity
• Ensure data has not been tampered with
3. Authenticity
• Prove the author/source of data
4. Sysadmin Bonus: Availability
• Ensure the uptime of a service

​

1. Confidentiality

Ensure only those with approved access can read data

• Plaintext:
• Vulnerable data
• What you want to hide from the attacker
• Ciphertext:
• Secured data that is indistinguishable from garble
• What you want the attacker to see
• Key:
• Secret necessary for converting plaintext into ciphertext and vice-versa

​

• Confidentiality

• Encryption: plaintext + key → ciphertext

​

​

​

• Decryption: ciphertext + key → plaintext

​

Encryption

This is a secret!

cxn1!qw?>p%w$sn$

Key

Decryption

cxn1!qw?>p%w$sn$

This is a secret!

Key

• Confidentiality

Symmetric cryptography:

Same key for encrypting and decrypting data

Encryption

cxn1!qw?>p%w$sn$

This is a secret!

Key

This is a secret!

Decryption

Plaintext

Plaintext

Ciphertext

• Confidentiality

Asymmetric cryptography (AKA public key cryptography):

Comes in public-private key pairs where public key is for encryption and private key is for decryption

• Public key: can be distributed to everyone
• Private key: must be kept secret
• Anyone can encrypt data with public key but only the person possessing private key can decrypt data

• Confidentiality

Encryption

cxn1!qw?>p%w$sn$

This is a secret!

Public key

This is a secret!

Decryption

Private key

Asymmetric cryptography

Plaintext

Plaintext

Ciphertext

Quick demo with `age`

2. Integrity

Ensure data has not been tampered with

• Hash function: maps arbitrary-length data to a fixed-length string of bits (known as a hash)
• Hashes act as “summaries” of the input data

​

2. Integrity

Cryptographic hash functions possess properties that make it difficult to find two inputs with the same hash

• Hash-based MACs (Message Authentication Code):
• Tag message with its hash
• The recipient can verify whether the message was modified by re-computing the hash and comparing it with the one they received
• Checksums:
• When a file is downloaded, its hash can be computed and checked against a reference hash. No need to compare bit by bit.

​

2. Integrity

It is difficult to revert a hash to its input

• Password storage: store hashes of passwords instead of plaintext, so in case of server breach, only hashes would be exposed (passwords cannot be recovered from hashes)

​

• Verifying Downloads: use terminal commands (sha256sum) to ensure the integrity of downloads (such as your favorite distribution’s iso!)

Demo with `sha256sum`

​

3. Authentication

Prove the author/source of data

• Asymmetric cryptography (AKA public key cryptography)
• Signature: use private key to sign a file such that anyone with the public key can verify the source of the file
• Since private key must be kept secret, only the party in possession of private key could have signed the data
• file + private key → signature
• signature + public key → verification

​

​

​

Demo with `ssh`

​

4. Availability

Ensure systems and data are available to authorized users when they need it. Mostly applicable to services hosted on servers.

• Filtering: prevent malicious requests from reaching server.
• Load balancers: improve distribution of workloads across multiple resources.
• Redundancies: account for when a component in the system fails.
• Backups: when system goes down, bring it back up to latest state

Questions?

Security Fundamentals

File Security: Permissions and Ownership

Background

• UNIX is a multi-user environment
• If multiple people can login but you have files you want to keep private (e.g., your private keys), you need a permissions and ownership setup to let you and only you access those files�

UNIX Permissions Model

• Each file has 3 “ownerships”:
• owning user
• owning group
• others (everyone else)

​

​

• Each ownership has a separate set of 3 permissions:
• read
• write
• execute

​

ls -l to see file permissions

Permissions

d r w x r - x r - -

Whether file is directory (d) or file (-)

User:

read

write

execute

Other:

read

Group:

read

execute

Modifying Permissions

2 primary ways to modify permissions/file access:

• Change file ownership: chown
• Change file permissions directly: chmod

Changing File Ownership

[sudo] chown [-R] newuser:newgroup [FILES]

​

Changing File Permissions

[sudo] chmod [-R] [permissions] [FILES]

​

Why is this important?

Poor file security is one of the easiest ways to leak information or give an attacker too much privilege on your system.

What happens if you set these permissions on your private key?

​

�

Signatures and Certificates

• You can use signatures to prove the source of some data.
• But how can you prove the signer is trustworthy?
• If I gave you a public key and told you that it belonged to your bank, how do you verify this?
• This is a nontrivial problem. You have to consider things like revocation and mistakes in transmission.

Questions?

Signatures and Certificates, cont.

Enter certificates:

• A certificate is a cryptographically-signed message indicating trust in a public key
• Who signs the certificate? (i.e. who do we trust to tell us someone else is trustworthy?)
• Luckily it’s not turtles all the way down

​

HTTPS

“SSL certificate”: encrypted HTTP request, validated publically

Signatures and Certificates, cont.

• Root certificates: OS’ include a number of root certificates that are the basis of trust over the network. Certificates are signed in a chain leading up to a root; if the chain is valid, the cert at the end is presumed to be trusted.
• Not a foolproof system (*cough* wosign/diginotar *cough*)

BeyondCorp and Zero Trust

• The traditional firewall + privileged intranet model doesn’t really work nowadays: remote workers, PaaS, networked apps
• Google’s done some work talking about a new approach with dynamic policies and more fine-grained access controls.
• Identifying access by user and device info and other heuristics
• Yes, this shit is buzzwordy as hell

Thank you!