Soma-notes - User contributions [en]

SystemsSec 2016W Lecture 24

2016-04-07T15:24:30Z

Michaellutaaya: /* Topics & Readings = */

= Topics & Readings =

* Midterms Returned
* Final Exam Question Brainstorming

= Class Notes =

== Format ==

* Expect the final exam to include some of the (possibly tweaked) questions from the midterm along with some of the questions below.

== Possible Questions ==

* Describe m attacks and n defences. For each, say when they would be "suitable". (Potentially give a list of each to choose from.)
* Describe a real-life example of functionality versus security. How did security compromise functionality? What attempt was made to minimize the impact of security? What alternatives would there be to reconcile this conflict?
* Compare and contrast two similar security technologies (attacks or defences), emphasizing their relative strengths and weakness in the context of a specific thereat model. Be sure to describe the threat model and focus on specific implementations.
* Explain the evolution of the reference monitor from Multics to current-day operating systems.
* If you would design your own secure OS, what mechanisms would you include and why.
* Alternately, what security mechanism would you add to the primary OS that you use on a daily basis. What threats(s) would this mechanism address and how effective would this mechanism be in thwarting those threats, given your usage patterns?
* In the far, far dystopian future, users who fail to authenticate successfully to their home security system are fatally electrocuted. Describe possible attacks, defences, and how it would impact the end user.
* Choose an offensive network security tool. Explain its functionality briefly and analyze its effectiveness in the context of a specific defensive scenario.
* You are the new security officer of a law firm that has a number of clients who require great levels of discretion. As part of your initial audit, you discover that the authentication database was compromised some tie ago. The passwords were hashed "well" (e.g., bcrypt with many rounds). You run a password cracker (e.g., Hashcat) using the default settings for a week using a cluster of 1000 top of the line systems. You crack none of the passwords. You verify that the cracker is working properly. What do you tell management and why? Be sure to make your answer understandable to your bosses...otherwise you're going ot get fired.
* Outline an attack strategy for a particular target. Be sure to consider all phases of the attack (getting in, accomplishing your goal, covering your tracks). Then, outline how you would defend against that attack strategy.
* Aleph One outlined a classic buffer overflow atttack. What is one mechanism that prevents such naive attacks from succeeding on most current systems? How does it stop the attack? What is a way to circumvent that protection (and thus make the attack work again)?

SystemsSec 2016W Lecture 24

2016-04-07T15:24:04Z

Michaellutaaya:

= Topics & Readings = =

* Midterms Returned
* Final Exam Question Brainstorming

= Class Notes =

== Format ==

* Expect the final exam to include some of the (possibly tweaked) questions from the midterm along with some of the questions below.

== Possible Questions ==

* Describe m attacks and n defences. For each, say when they would be "suitable". (Potentially give a list of each to choose from.)
* Describe a real-life example of functionality versus security. How did security compromise functionality? What attempt was made to minimize the impact of security? What alternatives would there be to reconcile this conflict?
* Compare and contrast two similar security technologies (attacks or defences), emphasizing their relative strengths and weakness in the context of a specific thereat model. Be sure to describe the threat model and focus on specific implementations.
* Explain the evolution of the reference monitor from Multics to current-day operating systems.
* If you would design your own secure OS, what mechanisms would you include and why.
* Alternately, what security mechanism would you add to the primary OS that you use on a daily basis. What threats(s) would this mechanism address and how effective would this mechanism be in thwarting those threats, given your usage patterns?
* In the far, far dystopian future, users who fail to authenticate successfully to their home security system are fatally electrocuted. Describe possible attacks, defences, and how it would impact the end user.
* Choose an offensive network security tool. Explain its functionality briefly and analyze its effectiveness in the context of a specific defensive scenario.
* You are the new security officer of a law firm that has a number of clients who require great levels of discretion. As part of your initial audit, you discover that the authentication database was compromised some tie ago. The passwords were hashed "well" (e.g., bcrypt with many rounds). You run a password cracker (e.g., Hashcat) using the default settings for a week using a cluster of 1000 top of the line systems. You crack none of the passwords. You verify that the cracker is working properly. What do you tell management and why? Be sure to make your answer understandable to your bosses...otherwise you're going ot get fired.
* Outline an attack strategy for a particular target. Be sure to consider all phases of the attack (getting in, accomplishing your goal, covering your tracks). Then, outline how you would defend against that attack strategy.
* Aleph One outlined a classic buffer overflow atttack. What is one mechanism that prevents such naive attacks from succeeding on most current systems? How does it stop the attack? What is a way to circumvent that protection (and thus make the attack work again)?

Computer Systems Security (Winter 2016)

2016-04-07T14:30:29Z

Michaellutaaya: /* Lectures and Exams */

==Course Outline==

[[Computer Systems Security: Winter 2016 Course Outline|Here]] is the course outline.

==Hacking Opportunities==

The [[SystemsSec 2016W Hacking Opportunities|Hacking Opportunities]] page lists potential hacking opportunities that you can attempt for your hacking journal. If you attempt but do not successfully accomplish one of them, be sure to document what you tried. As you learn more, you may come back to them and try again.

==Resources==

===Readings===

* For the first part of the course we will be reading selections from Trent Jaeger's [http://www.morganclaypool.com/doi/abs/10.2200/S00126ED1V01Y200808SPT001 Operating Systems Security] textbook. You can download the PDF [http://www.morganclaypool.com.proxy.library.carleton.ca/doi/abs/10.2200/S00126ED1V01Y200808SPT001 through Carleton's library]. In the reading assignments this text will be referred to as "Jaeger".
* An excellent but dated text on browser security is Michal Zalewski's [https://code.google.com/p/browsersec/wiki/Main Browser Security Handbook].

===Other Courses===

* Dan Boneh ran an excellent course at Stanford in Spring 2015 on [https://crypto.stanford.edu/cs155/ Computer and Network Security]. This course has many interesting readings that we will not be covering. Also, the assignments are very good sources for hacking opportunities.
* The assignments from the Winter 2015 run of COMP 4108 [https://ccsl.carleton.ca/~dmccarney/COMP4108/ are available]. They are a reasonable start for several hacking opportunities.

==Lectures and Exams==

<table style="width: 100%;" border="1" cellpadding="4" cellspacing="0">
<tr valign="top">
<th>
Date
</th>
<th>
Topic
</th>
<th>
Readings
</th>
</tr>
<tr>
<td>
Jan. 7

</td>
<td>
[[SystemsSec 2016W Lecture 1|Introduction]]

</td>
<td>Jaeger, Chapter 1 (Introduction)</td></tr>
<tr>
<td>
Jan. 12

</td>
<td>
[[SystemsSec 2016W Lecture 2|Access Control, Security Hacking 101]]

</td>
<td>Jaeger, Chapter 2 (Access Control Fundamentals)</td></tr>
<tr>
<td>
Jan. 14

</td>
<td>
[[SystemsSec 2016W Lecture 3|Multics, UNIX, and Windows]]

</td>
<td>Jaeger, Chapter 3 (Multics) and Chapter 4 (UNIX & Windows) </td></tr>
<tr>
<td>
Jan. 19

</td>
<td>
[[SystemsSec 2016W Lecture 4|Secure OSs, theory and practice]]

</td>
<td>Jaeger, Chapter 6 (Security Kernels) and Chapter 7 (Securing Commercial Operating Systems)</td></tr>
<tr>
<td>
Jan. 21

</td>
<td>
[[SystemsSec 2016W Lecture 5|LSM, SELinux, & Capabilities]]

</td>
<td>Jaeger, Chapter 9 (LSM & SELinux) and Chapter 10 (Secure Capability Systems)</td></tr>
<tr>
<td>
Jan. 26

</td>
<td>
[[SystemsSec 2016W Lecture 6|Secure Virtual Machines, Systems Assurance]]

</td>
<td>Jaeger, Chapter 11 (Secure Virtual Machine Systems) and Chapter 12 (System Assurance)</td></tr>
<tr>
<td>
Jan. 28

</td>
<td>
[[SystemsSec 2016W Lecture 7|Lecture 7]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 2

</td>
<td>
[[SystemsSec 2016W Lecture 8|Lecture 8]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 4

</td>
<td>
[[SystemsSec 2016W Lecture 9|Defensive Security Technologies / Hacking Opportunities]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 9

</td>
<td>
[[SystemsSec 2016W Lecture 10|Security Research, Hashes, and Secure Protocols]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 11

</td>
<td>
[[SystemsSec 2016W Lecture 11|Modeling a potential attack/ Midterm FAQ]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 23

</td>
<td>
[[SystemsSec 2016W Lecture 12|Midterm Review]]

</td>
<td></td></tr>
<tr>
<td>
Feb. 25

</td>
<td>
Midterm (in class)

</td>
<td></td></tr>
<tr>
<td>
Mar. 1

</td>
<td>
[[SystemsSec 2016W Lecture 13|Buffer Overflow/Memory Corruption Attacks]]

</td>
<td>Aleph One (aka Elias Levy), [http://www.phrack.com/issues/49/14.html#article Smashing The Stack For Fun And Profit] (Phrack 49, 1996)</td></tr>
<tr>
<td>
Mar. 3

</td>
<td>
[[SystemsSec 2016W Lecture 14|Buffer Overflow/Memory Corruption Defenses]]

</td>
<td>
Wikipedia, [https://en.wikipedia.org/wiki/Buffer_overflow_protection Buffer Overflow Protection] 
Crispin Cowan et al., [https://www.usenix.org/legacy/publications/library/proceedings/sec98/cowan.html StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks] (USENIX Security, 1998)
</td>
</tr>
<tr>
<td>
Mar. 8

</td>
<td>
[[SystemsSec 2016W Lecture 15|Bypassing ASLR and Buffer Overflow Exploits using return-into-libc]]

</td>
<td>Hovav Shacham et al., [http://dx.doi.org/10.1145/1030083.1030124 On the effectiveness of address-space randomization] (ACM CCS, 2004) [http://dl.acm.org.proxy.library.carleton.ca/ft_gateway.cfm?id=1030124&ftid=285463&dwn=1&CFID=588127386&CFTOKEN=74533951 (proxy)] 
Hovav Shachem [http://dx.doi.org/10.1145/1315245.1315313 The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)] (ACM CCS 2007) [http://dl.acm.org.proxy.library.carleton.ca/ft_gateway.cfm?id=1315313&ftid=476749&dwn=1&CFID=588127386&CFTOKEN=74533951 (proxy)]</td></tr>
<tr>
<td>
Mar. 10

</td>
<td>
[[SystemsSec 2016W Lecture 16|Lecture 16]]

</td>
<td>Bellovin and Cheswick, [http://dx.doi.org/10.1109/35.312843 Network Firewalls] (IEEE Communications Magazine, 1994) [http://ieeexplore.ieee.org.proxy.library.carleton.ca/stamp/stamp.jsp?tp=&arnumber=312843 (proxy)]</td></tr>
<tr>
<td>
Mar. 15

</td>
<td>
[[SystemsSec 2016W Lecture 17|Lecture 17]]

</td>
<td>Dingledine, Mathewson, and Syverson, [https://www.usenix.org/legacy/events/sec04/tech/dingledine.html Tor: The Second-Generation Onion Router] (USENIX Security 2004) Albert Kwon et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kwon Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services] (USENIX Security 2015) (background)[https://www.torproject.org/about/overview.html.en Tor: Overview]</td></tr>
<tr>
<td>
Mar. 17

</td>
<td>
[[SystemsSec 2016W Lecture 18|Lecture 18]]

</td>
<td>Blase Ur et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/ur Measuring Real-World Accuracies and Biases in Modeling Password Guessability] (USENIX Security 2015) 
Nikolaos Karapanos et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/karapanos Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound] (USENIX Security 2015)</td></tr>
<tr>
<td>
Mar. 22

</td>
<td>
[[SystemsSec 2016W Lecture 19|Lecture 19]]

</td>
<td>Giancarlo Pellegrino et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/pellegrino In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services] (USENIX Security 2015) Ramya Jayaram Masti et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/masti Thermal Covert Channels on Multi-core Platforms] (USENIX Security 2015)</td></tr>
<tr>
<td>
Mar. 24

</td>
<td>
[[SystemsSec 2016W Lecture 20|DDoS and Pinning]]

</td>
<td>Seyed K. Fayaz et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/fayaz Bohatei: Flexible and Elastic DDoS Defense] (USENIX Security 2015) Marten Oltrogge and Yasemin Acar, [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/oltrogge To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections] (USENIX Security 2015)</td></tr>
<tr>
<td>
Mar. 29

</td>
<td>
[[SystemsSec 2016W Lecture 21|Lecture 21]]

</td>
<td>David A. Ramos and Dawson Engler, [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/ramos Under-Constrained Symbolic Execution: Correctness Checking for Real Code] (USENIX Security 2015) Nav Jagpal et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/jagpal Trends and Lessons from Three Years Fighting Malicious Extensions] (USENIX Security 2015)</td></tr>
<tr>
<td>
Mar. 31

</td>
<td>
[[SystemsSec 2016W Lecture 22|Cookie Integrity and XSSI]]

</td>
<td>Xiaofeng Zheng et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/zheng Cookies Lack Integrity: Real-World Implications] (USENIX Security 2015) Sebastian Lekies et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/lekies The Unexpected Dangers of Dynamic JavaScript] (USENIX Security 2015)</td></tr>
<tr>
<td>
Apr. 5

</td>
<td>
[[SystemsSec 2016W Lecture 23|Boxify and Android Permissions]]

</td>
<td>Michael Backes et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/backes Boxify: Full-fledged App Sandboxing for Stock Android] (USENIX Security 2015) Primal Wijesekera et al., [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/wijesekera Android Permissions Remystified: A Field Study on Contextual Integrity] (USENIX Security 2015)</td></tr>
<tr>
<td>
April 7

</td>
<td>
[[SystemsSec 2016W Lecture 24|Final Exam Review]]

</td>
<td></td></tr>
<tr>
<td>
April 18, 10 AM-12 PM

</td>
<td>
Last-Minute Study Session

</td>
<td></td></tr>
<tr>
<td>
April 19, 9 AM

</td>
<td>
Final Exam

</td>
<td></td></tr>
</table>

==Lecture Notes Guidelines==

Part of your participation mark is doing notes for at least one of the lectures. Here are the guidelines for those notes.

The class TA Borke (BorkeObadaObieh at cmail.carleton.ca) will be handling course notes. Please contact her to schedule your class to take notes.

Borke or Anil will set you up with an account on this wiki. You'll enter your initial draft notes here and then work with Borke to make sure they are of sufficient quality. This may require a few rounds of revisions; however, if you follow the guidelines below it shouldn't be too bad.

You should plan on organizing your notes as follows:
* Organize them in at least the following sections: Topics & Readings and Notes.
* The Topics & Readings section lists the main topics covered in the class, e.g. "buffer overflows". Please use an unordered bulleted list (using *'s in wiki markup). In this section also list readings relevant to the lecture that were mentioned in class.
* Put your notes in the Notes section.

Use (nested) lists if appropriate for the notes; however, please have some text that isn't bulleted. Please try to make the notes even if you did not attend lecture; however, you don't need to cover every small bit of information that was covered. In particular the notes do not need to include digressions into topics only tangentially related to the course. Complete sentences are welcome but not required.

==Security Reading Analysis Guidelines==

A security reading analysis is a detailed analysis of a security research paper. In it you analyze the key arguments of the paper and give your informed opinion.

Most security papers can be classified as attack or defense papers. You should analyze them differently.

For attack papers:
* What systems are vulnerable to the attack?
* What is the nature of the vulnerability?
* What is the the exploit? In particular, what is its technical core?
* How reproducible is the exploit?
* Are there likely to be many similar exploits, in the targeted system or other systems?
* How difficult will it be mitigate/fix the vulnerability in targeted systems?

For defense papers:
* What is the security problem the paper addresses? In what kind of threat model(s) does the problem exist?
* How significant is the problem? Specifically, to what degree do existing solutions not work sufficiently well?
* What is the defense? How does it work?
* To what degree will the defense potentially solve the targeted security problem? In particular, how difficult will it be for attackers to adapt to this defense?
* What are the challenges facing deployment of the defense? Are they likely to be overcome?

For both kinds of papers, you should give your reaction by addressing questions like the following:
* Did you like the paper?
* Was it easy to understand, or was it hard to read?
* Did you learn much from the paper?
* How surprised were you by the result?

Your analysis should not cover the above questions separately (this would tend to make for a very wordy analysis); instead, use these questions as a guide in writing a short essay (1-2 pages) on the paper in question.

Each analysis will be graded out of 10 as follows:
* U: 3 for demonstrating understanding of the content (preferably without summarizing)
* T: 3 for technical analysis (does it work)
* C: 3 for contextual analysis (does it matter)
* V: 1 for your viewpoint

SystemsSec 2016W Lecture 24

2016-04-07T14:05:31Z

Michaellutaaya: Created page with "Coming soon... = Topics & Readings = = Class Notes ="

Coming soon...

= Topics & Readings =

= Class Notes =

SystemsSec 2016W Lecture 10

2016-02-27T19:14:30Z

Michaellutaaya:

= Topics & Readings =

* Updates
* Computer Security Research
* Secure Hashes
* TLS
* SSH

= Class Notes =

== Updates ==

=== Literature Review Papers ===

* Assignments are being replaced with a literature review paper (a paper in which a collection of papers are analyzed and discussed)
* End of March: submit a small literature review paper (possibly written in a group of 3 to 4 people)
* Multiple grading schemes at end of semester (20% literature review paper, 10% hacking journal and vice-versa)

=== Midterm and Final Exam ===

* Midterm and final will be essay-based; sample questions will be provided to help with studying
* Midterm topics to be announced in a in a future lecture

=== Hacking Journals ===

* During reading week, you will receive a mark for your hacking journals to-date
* After reading week, the course will be mostly focused on research papers
* Going forward, focus of hacking journals should be to go in-depth rather than breadth
* Hacking journals likely to end by mid-March

== Computer Security Research ==

* Unlike other computer science disciplines, computer security revolves around conferences
* Academic conferences and non-academic conferences (e.g., Defcon and Black Hat) have different purposes
* Submitted papers at respectable academic conferences tend to have an acceptance rate of 20% or less
* Big Four Conferences
** IEEE Symposium on Security and Privacy (S&P); formerly known as the Oakland Conference http://www.ieee-security.org/TC/SP-Index.html
** ACM Computer and Communications Security (CCS) http://www.sigsac.org/ccs.html
** USENIX Security Symposium https://www.usenix.org/conference/usenixsecurity15
** ISOC Network and Distributed Systems Security (NDSS) http://www.internetsociety.org/events/ndss-symposium
* Other well-respected conferences:
** SOUPS (Symposium On Usable Privacy and Security) https://cups.cs.cmu.edu/soups/
** ACSAC (Annual Computer Security Applications Conference); caters to application of security in the US military http://www.acsac.org/
** FC (Financial Crypto) http://fc15.ifca.ai/
** NSPW http://www.nspw.org
* Browse conference websites to find interesting topics for your literature review paper
* If working individually, paper should be approximately 10 pages double-spaced.

== Secure Hashes ==

* Generating one can be done on command line (md5sum, sha1sum, sha256sum)
* MD5 represents a 128-bit hash as a 32 digit hexadecimal; usage is discouraged since it has been terribly compromised
* SHA-1 hashes are bit longer but have also been compromised; Google is discouraging SHA-1 for websites and SSL encryption by displaying warnings in Chrome
* SHA-256 is recommended
* A property of any secure hash: a 1-bit change in input must lead to, on average, half of the bits changing in the output
* Generally, it is computationally impossible to reverse a hash unless the hash function is broken in which case, shortcuts can be used.
* Computationally infeasible to break SHA-256 right now
* A birthday-attack is a fast brute force attack on a crypto algo (example: decreasing search space to increase chances of collision)
* Common use of hashes: software distribution (e.g., ISOs, disk images, BitTorrent)
** This allows you to verify that integrity of a download
** Caveat: if someone can alter your download, they can likely alter the publicly listed hash
* Key terminology
** RSN: robust secure network
** AES: block cipher
** SHA256: Hash function

== TLS ==

* protocol used to talk to web server securely with a secure, encrypted connection
* algorithms: AES is the block cipher used, GCM is the mode, RSA is part of the public key exchange
* Diffie-Hellman: the first public key algorithm that was created; used for key exchange, not authentication;
** example: talking to someone across the world
** in order to have a secure channel to talk with them, you can use block ciphers
** block ciphers require shared keys

== SSH ==

* “known_hosts” file located in your /.ssh folder contain public keys of machines that you can connect to
* “authorized_keys” contains public keys of machines that you have authorized to connect to your machine
* if a public key changes, you’ll get an error
* Large corporations use their own certificates
** provides a secure connection to their proxy
** let’s them monitor activity
* Encryption can very easily be your enemy

Computer Systems Security (Winter 2016)

2016-02-26T16:48:19Z

Michaellutaaya: /* Lectures and Exams */

SystemsSec 2016W Lecture 10

2016-02-10T23:01:17Z

Michaellutaaya: Created page with "= Updates = == Literature Review Papers == * Assignments are being replaced with a literature review paper (a paper in which a collection of papers are analyzed and discusse..."

= Updates =

== Literature Review Papers ==

* Assignments are being replaced with a literature review paper (a paper in which a collection of papers are analyzed and discussed)
* End of March: submit a small literature review paper (possibly written in a group of 3 to 4 people)
* Multiple grading schemes at end of semester (20% literature review paper, 10% hacking journal and vice-versa)

== Midterm and Final Exam ==

* Midterm and final will be essay-based; sample questions will be provided to help with studying
* Midterm topics to be announced in a in a future lecture

== Hacking Journals ==

* During reading week, you will receive a mark for your hacking journals to-date
* After reading week, the course will be mostly focused on research papers
* Going forward, focus of hacking journals should be to go in-depth rather than breadth
* Hacking journals likely to end by mid-March

= Computer Security Research =

* Unlike other computer science disciplines, computer security revolves around conferences
* Academic conferences and non-academic conferences (e.g., Defcon and Black Hat) have different purposes
* Submitted papers at respectable academic conferences tend to have an acceptance rate of 20% or less
* Big Four Conferences
** IEEE Symposium on Security and Privacy (S&P); formerly known as the Oakland Conference http://www.ieee-security.org/TC/SP-Index.html
** ACM Computer and Communications Security (CCS) http://www.sigsac.org/ccs.html
** USENIX Security Symposium https://www.usenix.org/conference/usenixsecurity15
** ISOC Network and Distributed Systems Security (NDSS) http://www.internetsociety.org/events/ndss-symposium
* Other well-respected conferences:
** SOUPS (Symposium On Usable Privacy and Security) https://cups.cs.cmu.edu/soups/
** ACSAC (Annual Computer Security Applications Conference); caters to application of security in the US military http://www.acsac.org/
** FC (Financial Crypto) http://fc15.ifca.ai/
** NSPW http://www.nspw.org
* Browse conference websites to find interesting topics for your literature review paper
* If working individually, paper should be approximately 10 pages double-spaced.

= Secure Hashes =

* Generating one can be done on command line (md5sum, sha1sum, sha256sum)
* MD5 represents a 128-bit hash as a 32 digit hexadecimal; usage is discouraged since it has been terribly compromised
* SHA-1 hashes are bit longer but have also been compromised; Google is discouraging SHA-1 for websites and SSL encryption by displaying warnings in Chrome
* SHA-256 is recommended
* A property of any secure hash: a 1-bit change in input must lead to, on average, half of the bits changing in the output
* Generally, it is computationally impossible to reverse a hash unless the hash function is broken in which case, shortcuts can be used.
* Computationally infeasible to break SHA-256 right now
* A birthday-attack is a fast brute force attack on a crypto algo (example: decreasing search space to increase chances of collision)
* Common use of hashes: software distribution (e.g., ISOs, disk images, BitTorrent)
** This allows you to verify that integrity of a download
** Caveat: if someone can alter your download, they can likely alter the publicly listed hash
* Key terminology
** RSN: robust secure network
** AES: block cipher
** SHA256: Hash function

= TLS =
* protocol used to talk to web server securely with a secure, encrypted connection
* algorithms: AES is the block cipher used, GCM is the mode, RSA is part of the public key exchange
* Diffie-Hellman: the first public key algorithm that was created; used for key exchange, not authentication;
** example: talking to someone across the world
** in order to have a secure channel to talk with them, you can use block ciphers
** block ciphers require shared keys

= SSH =
* “known_hosts” file located in your /.ssh folder contain public keys of machines that you can connect to
* “authorized_keys” contains public keys of machines that you have authorized to connect to your machine
* if a public key changes, you’ll get an error
* Large corporations use their own certificates
** provides a secure connection to their proxy
** let’s them monitor activity
* Encryption can very easily be your enemy

SystemsSec 2016W Lecture 5

2016-01-21T16:52:16Z

Michaellutaaya: /* Members */

Class discussion: threat models and attacker goals

==Local attacker==

==Administrative attacker==

=== Group 2 ===
==== Members ====
* Kyle T.
* Tarek K.
* Jakub L.
* Stefan C.
* Matt G.
* Remi G.
* Ibrahim M.

==Remote attacker, authenticated==

=== Group 3 ===
====Members====
* Dania Ghazal
* Ankush Varshneya
* Olivier Hamel
* Michael Lutaaya
* Ryan Morfield
* Daniel Vanderveen
* Jess Johnson

====Example Scenario====
'''Targeted System'''
* CIA database - find out who killed Kennedy?
'''Attackers'''
* remote authenticators
* contractors (non CIA)
'''Goals'''
* “exfiltrating data”
* exfiltrate the CIA database to find out who killed Kennedy
'''Means'''
* someone at the CIA left a node.js server running in the background :)
* ssh credentials
* use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
* look around the system for more vulnerable/outdated services to exploit
* generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
* social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
====Attack Strategies====
'''Where are the Accessible Weaknesses?'''
* outdated services
* any service that lets attacker execute a task as another user
'''How Do You Attack Them?'''
* user privilege escalation
* abusing service vulnerabilities

==Physical attacker, authenticated==

==Physical attacker, unauthenticated==

==Remote attacker, unauthenticated==
* Samuel Prashker
* Daniel Lehman
* Roman Chametka
* Derek Aubin
* Gilbert Lavergne-Shank
* Xiusan Zhou

'''Scenarios'''
* '''#1 - DDOS'''
** Scenario
*** Targeted System: Web servers, or any machine connected to a network
*** Attackers: Angry trolls, political warriors
*** Goals: Denials of service, anger your target, hurt their financials, prove a point
*** Means: LOIC, Chinese Botnet with Bitcoin
** Attack strategies
*** Accessible weaknesses
**** Exploitable communication paths (example: ping, login spam)
**** In the case of a router, overpowering a signal by replacing it with your own higher powered signal
*** How do you access them?
**** Over the network
**** Over the air (wireless signals)
* '''#2 - Packet Sniffing'''
** Scenario
*** Targeted System: Phones, servers, any networked device that can be sniffed
*** Attackers: Exfiltrators who want getting data, corrupting data
*** Goals: Exfiltration of data, snooping for data over the air
*** Means: Packet sniffing tools, Wireshark,
** Attack strategies
*** Accessible weaknesses
**** Wireless signals would be easy to monitor
**** Mission security (Msec)
*** How do you access them?
**** Wireless: Network cards, monitoring tools for over the air analysis
**** Wired: Anywhere along the line to be able to hook in a middleman
* '''#3 - Remote program already running on their service/server'''
** Scenario
*** Targeted System: People (social engineering), known exploits (0days)
*** Attackers: Blackhat hackers, whitehat hackers
*** Goals: Exfiltrate, corrupt, deny access, destroy, ransomware, (whitehat only: protect!)
*** Means: Exploitable software, social engineering
** Attack strategies
*** Accessible weaknesses?
**** Stupid people, exploitable equipment known to be accessible to 0days, leveraging bugs
*** How do you access them?
**** Social networks, email, phone calls, deployed payload
** '''Point is you're trying to get someone to install software for you, or exploit software to inject the payload on the targeted system'''