CSE331: Introduction to Networks and Security Lecture 36 Fall 2002 Announcements • Homework 3 Due Today • Project 4 Due Monday • Review Session on Monday • Final Exam Location – Moore 212 – Tues. 17 Dec. – 8:30 – 10:30 AM CSE331 Fall 2002 2 Recap • Denial of Service Attacks – Availability – Asymmetric consumption of resources • Today: – Denial of Service Prevention & Response – Digital Rights Management CSE331 Fall 2002 3 Prevention & Response 1 • Implement router filters – Lessen exposure to certain denial-of-service attacks. – Aid in preventing internal users from effectively launching denial-of-service attacks. • Disable any unused or unneeded network services – Limits the ability of an intruder to take advantage of those services to execute a denial-of-service attack. CSE331 Fall 2002 4 Prevention & Response 2 • Enable quota systems on the operating system – Disk quotas for all accounts – Partition file system to separate critical functions from other data • Observe the system performance – Establish baselines for ordinary activity. – Use the baseline to gauge unusual levels of disk activity, CPU usage, or network traffic. CSE331 Fall 2002 5 Prevention & Response 3 • Invest in and maintain "hot spares“ – Machines that can be placed into service quickly in the event that a similar machine is disabled. • Invest in redundant and fault-tolerant network configurations. • Establish and maintain regular backup schedules – particularly for important configuration information CSE331 Fall 2002 6 Digital Rights Management • Restrict the use of digital information to protect copyright holders • DRM attempts to control – – – – – File access (# of views, length of views) Altering Sharing Copying Printing or otherwise exporting CSE331 Fall 2002 7 DRM Approach 1: Containment • Encrypt the data • Viewing the data: – Proprietary software – Proprietary hardware • Weaknesses – Copy the viewing software – Hardware is inflexible (and fallible) – Reverse engineer viewing software to expose unencrypted data – Only takes one good hacker to create a bootleg CSE331 Fall 2002 8 DRM Approach 2: Marking • Steganography: (covered writing) – The process of secretly embedding information into a data source in such a way its very existence is concealed. • Digital watermarking: – A short sequence of information embedded in a way that is difficult to erase. CSE331 Fall 2002 9 Watermarking Basic Idea • Pictures, Video, and Sound – Human perception is imperfect – There are a lot of “least significant bits” – Modifying the least significant bits doesn’t change the picture much (R,G,B) = (182,54,89) (R,G,B) = (182,54,90) • Encode a signal in the least significant bits. CSE331 Fall 2002 10 Watermarking Example Original Image CSE331 Fall 2002 Watermarked Image 11 Properties of Watermarks • Desirable properties – – – – – Imperceptible Robust (withstands modifications to the image) High capacity Efficient Hard to remove (some schemes involve cryptographic operations) • Drawbacks – Hard to make tamper proof – Can distort image/sound CSE331 Fall 2002 12 DRM Examples • DVD players/recorders – Keyed to a geographic region – DVD burners may refuse to record watermarked material • Secure Digital Music Initiative – www.sdmi.org CSE331 Fall 2002 13 But… SDMI hasn’t panned out • Ed Felton of Princeton – “In September 2000, SDMI issued a public challenge to help them choose among four proposed watermarking technologies. During the three-week challenge, researchers could download samples of watermarked music, and were invited to attempt to remove the secret copyright watermarks.” – During the challenge period, our team … successfully defeated all four of the watermarking challenges, by rendering the watermarks undetectable without significantly degrading the audio quality of the samples. Our success on these challenges was confirmed by SDMI's email server. http://www.cs.princeton.edu/sip/sdmi. CSE331 Fall 2002 14 Identity Theft • Steal Personal Information: – – – – – Social Security Numbers Telephone Numbers Address Information Date of Birth Credit card number • Use it to: – Open a credit card account – Change the mailing address on your credit card account – Establish cell phone service – Open a bank account CSE331 Fall 2002 15 For Future Reference… • Trust in Cyberspace – National Academy Report on directions in Network Information Systems Security – Complete contents are on the web (for free) – http://bob.nap.edu/html/trust/ • CERT – http://www.cert.org/ CSE331 Fall 2002 16