CMSC 414 Computer and Network Security Jonathan Katz Introduction and overview What is computer/network security? Why is it important? Course philosophy and goals Course organization and information High-level overview of topics Why security isn’t everything “Security” Most of computer science is concerned with achieving desired behavior Security is concerned with preventing undesired behavior – Different way of thinking! – An enemy/opponent/hacker/adversary may be actively and maliciously trying to circumvent any protective measures you put in place One illustration of the difference Software testing determines whether a given program implements a desired functionality – Test I/O characteristics – Q/A How do you test whether a program does not allow for undesired functionality? – Penetration testing helps, but only up to a point Security is complex Draws on all (?) areas of CS – Theory (especially cryptography) – Networking – Operating systems – Databases – AI/learning theory – Computer architecture/hardware – Programming languages/compilers – HCI, psychology Often not easy to assign topics to one area; the field is inherently interdisciplinary Security is increasingly important Security incidents (reported) Computers are pervasive Electronic banking iPods, cell phones, PDAs Automobiles Appliances, TVs Cameras, picture frames(!) – See http://www.securityfocus.com/news/11499 These can all potentially be attacked Philosophy of this course We are not going to be able to cover everything Main goals – A sampling of many different aspects of security – The “mindset” of security: a new way of thinking – Become familiar with basic crypto, acronyms (RSA, SSL, PGP, etc.), and “buzzwords” – Become an educated security consumer/user – Try to keep it interesting with real-world examples and research papers Grades Somewhat difficult to test on this material – Unfortunately, there will be some memorization – But I hope you find the untested material compelling and worthwhile I am happy to give everyone an “A” – But you will have to demonstrate knowledge of what is covered in class – Homeworks/projects will count for a substantial portion of the grade – Class participation will be taken into account Course Organization Staff Me TA Contact information, office hours, listed on course webpage Course webpage http://www.cs.umd.edu/~jkatz/security/s08 Contains course organization, updated syllabus, various links, etc. – Also links to papers and news articles! – Slides will be posted for convenience, but they are not a substitute for attending lecture Homeworks distributed from the course webpage Check daily for updates, announcements, etc. Newsgroup/wiki? Textbooks and readings Unfortunately, hard to find a good textbook… Required text: – “Network Security…” by Kaufman, Perlman, and Speciner (most recent edition) I will less frequently use: – “Computer Security…” by Stallings and Brown Will supplement with other readings (distributed on class webpage) Class participation and readings Research papers and news articles will be posted on the course webpage – Read these before class and come prepared to discuss Material from these readings is fair game for the exams, even if not covered in class (unless stated otherwise) Please suggest (via email) other papers or relevant news articles! Course requirements Homeworks – About 4-5 throughout the semester – Programming portion will be done with a partner – Details about projects to come… Each student will receive a computer account – Accounts will be assigned in the next class Prerequisites We will cover some (basic) cryptography – I will assume you remember Discrete Math Later we will cover network security – I assume that everyone has taken CMSC 417, or is taking it this semester, or understands the OSI (network layer) model – Please let me know if not Syllabus (very tentative) Syllabus I Introduction… – Is security achievable…? – Is security everything? – Some basic security principles Cryptography – The basics (take CMSC 456 or read my book for more) • If you took 456 with me, you can skip – Cryptography is not the whole solution… – …but it is an important part of the solution – Along the way, we will see why cryptography can’t solve all security problems Syllabus II System security – General principles – Security policies – Access control; confidentiality/integrity – OS security – “Trusted computing” Syllabus III Network security – Identity – Authentication and key exchange protocols – Password and biometric authentication – Anonymity and pseudonymity – Some real-world protocols (IPSec/SSL) – Wireless security Syllabus IV Miscelaneous – E-mail security (PGP) – Web-based security (phishing, spoofing) – Buffer overflows and secure programming – Viruses, worms, and malicious code – Random cool topics… Understanding Security (without really talking about security)* *Or, “let’s get meta” Understanding security Security not limited to computers Why is (computer) security hard? How hard is it? Is security the answer to computer security? Security Learn to think with a “security mindset” in general – What is “the system”? – What is the weakest point of attack? – What threats am I trying to address? – How effective will a given countermeasure be? – What is the trade-off between security, cost, and usability? An example: airline security Ask: what is the cost (economic and otherwise) of current airline security? Ask: do existing rules (e.g., banning liquids) make sense? Ask: are the tradeoffs worth it? – (Why do we not apply the same rules to train travel?) Ask: how would you get a weapon on board a plane? – (I will not give you the answer) – This is a thought experiment only! An example closer to home How would you attack this system? Which of these attacks are worth defending against? One good attack Use public records to get someone’s maiden name The problem is not that the information is public The problem is that we use mothers’ maiden names for authentication Similar issues with SSNs, credit card #s, etc… Note: “the system” here is not just the computer, nor is it just the network… Computer security is not just about computers Remember: what is “the system”? Physical security Social engineering – Bribes for passwords – Malicious code in email attachments “External” means of getting information – Legal records – Trash cans Security as a trade-off It is relatively easy to build a secure database, or a secure computer system, or spam-resistant email – How? The goal is not (usually) “to make the system as secure as possible”… …but instead, “to make the system as secure as possible within certain constraints” (cost, usability, convenience) Password example Cost-benefit analysis Important to evaluate what level of security is necessary/appropriate – Cost of mounting a particular attack vs. value of attack to an adversary – Cost of damages from an attack vs. cost of defending against the attack – Likelihood of a particular attack We may revisit this later in the semester “More” security not always better “No point in putting a higher post in the ground when the enemy can go around it” Need to identify the weakest link Security of a system is only as good as the security at its weakest point… Security is not a “magic bullet” Security is a process, not a product Is security the answer? Given the inherent tradeoffs, it seems that almost all deployed systems will have some vulnerability – “More security” is not a sufficient answer Detection and response – How do you know when you are being attacked? – How quickly can you stop the attack? – Can you prevent the attack from recurring? Recovery – Can be much more important than prevention Security is a process, not a product… Summary “The system” is not just a computer or a network Prevention is not the only goal – Cost-benefit analysis – Detection, response, recovery Nevertheless…in this course, we will focus on computer security, and primarily on prevention – If you want to be a security expert, you need to keep the rest in mind “Trusting trust” (or: why security is hard) “Trusting trust” Whom do you trust? Does one really need to be this paranoid?? – Probably not – Sometimes, yes Shows that security is complex…and essentially impossible Comes back to risk/benefit trade-off Next time: begin cryptography