CS111 Scribe Notes- Lecture 05/2

CS111 Scribe Notes- Lecture 05/27/10

Lucky Tiffany

NFS Security Problem

For example, there are 2 clients on NFS. They do as follow:

Client A: $ sudo sh

$ cp /bin/mount /nfs/eggert/mount

$ chown root /nfs/eggert/mount

$ chmod u+s /nfs/eggert/mount

$ Ls – l

· -rwsr-xr-x ……..

Client B: $ /nfs/eggert/mount sth sth

We assume all root access people on all clients are trusted. This doesn’t work outside centrally managed cluster.

Therefore, we can do User ID remapping to make your NFS security works.

For example, set UserId 0 for root and UserId 65535 for nobody. The ‘nobody’ will be set so it can’t really do anything. When client say that he’s root, the server won’t trust it. Instead, the server will assign this client to UserId nobody instead thus chown root and chmod will fail.

The problem with this method is it doesn’t hold if client pretend to be anybody (who has some powerful access, say the CEO of a company, or President). Also another problem is suppose client A said Eggert’s UserId is 59, client B said UserId is 193. By doing this, client A and client B can access different files! Therefore, we need authentication that goes beyond UserIds across the wire. One way is to use names, not UserIDs for request (eventhough name string is harder to send across the wire).This approach is used in NFS v.4

Security

What is Security?

Can’t easily be retrofitted
Real-world meaning : defend against attacks via force + fraud
Virtual-world meaning:

According to some main-form of attacks:

1. Attacks against privacy, e.g. attacks to find out personal information such as credit cards, personal data.

2. Attacks against integrity, e.g. attempting to change grade in school database.

3. Attacks against service, e.g. making computer less useful, such as decreasing the performance or making some functions didn’t work.

To solve these attack problems, we can:

Disallow unauthorized access
Allow authorized access (Notice that these 2 goals actually conflict with each other!)
Want this to be easily tested as well

Therefore, in designing system, you want to know the threats first before doing anything else. This approach is called threat modeling and classification. Some possible threats to our system are:

Insider Attacks! E.g. Those people that know the password inside the company, organizations, etc.
Social engineering: pretending to be someone to get password. E.g. pretending to be a computer technician that has been asked to fix some bug and asked for the password.
Network attacks: could be with buffer overrun, and this get worse with time.. E.g conficker estimated that 7 million computers have already been infected by virus from email or drive-by downloads. Another example is denial-of-service attacks.
Device attacks: by using USB, CPROM, or other devices.

Functions for implementing security mechanisms:

Authentication: to make sure the person is really the user. E.g. use password to log in or accessing file
Authorization: given a user, set what capabilities does that user can have. E.g permission on file
Integrity: we want to be able to catch people breaking/changing stuff in your system. Some functions in Unix systems already done this: logs and checksums
Auditing: trying to detect suspicious pattern of activity. In Unix we can also use logs for this purpose.

But we need to remember that for any OS functions, including those to implement the security, have to maintain:

Correctness: make sure your system is correct and working as it’s supposed to be.
Efficiency: want the system to be efficient. If the system is secure but too slow, nobody will want to use it.

Authentication

We need authentication to prevent masquerading – some other person pretends to be a user to gain access. How can we implement authentication?

External authentication – need ‘outside the system’ participants, thus will be more expensive. The external authentication can be:
- Based on what the principal knows: use passwords.
  The downside is password can be guessed or told, thus breaking the authentication - password-guessing. Some possible attacks:
  - Password generator: system guesses password
  - Network snoopers: ‘spy’ on your system by network
  - Make a fraudulent server: Prof. Eggert recommends this method
- Based on what the principal has: some physical objects that’s being carried around, for example car key.
- Based on who the principal is – retinal scans, fingerprints.
Any of these methods can be broken, so it is wise to use multiple methods in the same time.
Internal authentication – from inside the system, will be cheaper, but it also relies on external.

Also with internal authentication, the OS can record who you are (user) efficiently with this methods:

Kept in process descriptor:
- uid, gid -> which user/ group this process belongs to
- euid, egid (effective uid, effective gid)
- eggert runs a setuid program (owned by ‘gene’)
- 47 93
- Euid = 93, uid = 43
- Why need 2? It lets gene do any authorization algorithm it likes
Consulted to OS for access checks. For example, do Open() for any filename, then call kill() rightaway
Have a system call to set UserId; In Linux, we can use setuid function (e.g. setuid(93))

Authentication Building Blocks

Cryptographic hash functions
- Given a key, do a function H(key) = value. It’s almost impossible to guess the value!
- If you try to revert it -- H^-1(value) = {key1, key2, key3, ….keyn}, the operation is expensive
- E.g SHA1(key) = H -- 160 bits long

Symmetric Encryption
- Shared private key K
- Given Message and Key (M, K), getting Encrypted Message {M} is easy
- Given ({M}, K), getting M is easy
- Given {M} getting M is hard
- Given (M, {M}), getting K is hard

Asymmetric encryption
- Public key systems: share the Public key only to anybody
- K -> Private key (not shared), U -> Public Key, M -> Message
- Given (M, U) , getting {M} is easy
- Given ({M}u & K), getting M is easy
- Given ({M}u, U), getting M is hard
- Given U, getting K is hard
- Given ({M}u, U), getting K is hard
HMAC -> assume a shared secret key K
- Send SHA1((K^pad1) con SHA1((K^pad2) con M )) con M
  - ^ = XOR, con = concatenate
  - This is so complicated! Consider this approach: SHA1(KconM)con M – It’s much simpler, but why we can’t use it?
    - If the attacker know SHA1(x), it will be easier to guess SHA1(x con sth), therefore it will be not secure!

Typically multiphase
- A wants to communicate to B. {…}ua is encrypted with A’s public key, {…}ub is encrypted with B’s public key. We combine the encrypted messages with Nonce, which is just a random bit string.
- A sends “ { I’m A }ub “ to B, but to make it more secure we will do “ {NonceA con I’m A }ub “ instead.
- B sends “{I’m B}ua “ to A à “ {NonceA con NonceB con I’m B}ua “
- A sends “ {NonceB con K }ub to B, K is the shared secret key
- We can see this on work on ssh:

Ssh

.ssh/id_rsa.pub

.ssh/id_rsa

.ssh/known_hosts

Virtual networks atop on untrusted network

· Via ssh: problem on setup (O(N²)) used in corporate networks

· IPsec:

Much bigger overhead in network infrastructure
Use internal authentication in virtual network
Use external authentication to setup virtual network

Consider this scenario:

P1 owned by User1, P2 owned by User2. Can User1 communicate to User2 with condition no network access and no common server, and can only use unix system call? Yes! with Covert channels:

We can just set if the process is doing something (could be anything, as long as it’s doing some stuffs) then it is signal ‘1’, and if its not doing anything then the signal is ‘0’. Thus, they can send each other signal with this simple method and able to communicate.