CSE331: Introduction to Networks and Security Lecture 36

advertisement
CSE331:
Introduction to Networks
and Security
Lecture 36
Fall 2002
Announcements
• Homework 3 Due Today
• Project 4 Due Monday
• Review Session on Monday
• Final Exam Location
– Moore 212
– Tues. 17 Dec.
– 8:30 – 10:30 AM
CSE331 Fall 2002
2
Recap
• Denial of Service Attacks
– Availability
– Asymmetric consumption of resources
• Today:
– Denial of Service Prevention & Response
– Digital Rights Management
CSE331 Fall 2002
3
Prevention & Response 1
• Implement router filters
– Lessen exposure to certain denial-of-service
attacks.
– Aid in preventing internal users from effectively
launching denial-of-service attacks.
• Disable any unused or unneeded network
services
– Limits the ability of an intruder to take advantage
of those services to execute a denial-of-service
attack.
CSE331 Fall 2002
4
Prevention & Response 2
• Enable quota systems on the operating
system
– Disk quotas for all accounts
– Partition file system to separate critical functions
from other data
• Observe the system performance
– Establish baselines for ordinary activity.
– Use the baseline to gauge unusual levels of disk
activity, CPU usage, or network traffic.
CSE331 Fall 2002
5
Prevention & Response 3
• Invest in and maintain "hot spares“
– Machines that can be placed into service quickly
in the event that a similar machine is disabled.
• Invest in redundant and fault-tolerant network
configurations.
• Establish and maintain regular backup
schedules
– particularly for important configuration information
CSE331 Fall 2002
6
Digital Rights Management
• Restrict the use of digital information to
protect copyright holders
• DRM attempts to control
–
–
–
–
–
File access (# of views, length of views)
Altering
Sharing
Copying
Printing or otherwise exporting
CSE331 Fall 2002
7
DRM Approach 1: Containment
• Encrypt the data
• Viewing the data:
– Proprietary software
– Proprietary hardware
• Weaknesses
– Copy the viewing software
– Hardware is inflexible (and fallible)
– Reverse engineer viewing software to expose
unencrypted data
– Only takes one good hacker to create a bootleg
CSE331 Fall 2002
8
DRM Approach 2: Marking
• Steganography: (covered writing)
– The process of secretly embedding information
into a data source in such a way its very existence
is concealed.
• Digital watermarking:
– A short sequence of information embedded in a
way that is difficult to erase.
CSE331 Fall 2002
9
Watermarking Basic Idea
• Pictures, Video, and Sound
– Human perception is imperfect
– There are a lot of “least significant bits”
– Modifying the least significant bits doesn’t change
the picture much
(R,G,B) = (182,54,89)
(R,G,B) = (182,54,90)
• Encode a signal in the least significant bits.
CSE331 Fall 2002
10
Watermarking Example
Original Image
CSE331 Fall 2002
Watermarked Image
11
Properties of Watermarks
• Desirable properties
–
–
–
–
–
Imperceptible
Robust (withstands modifications to the image)
High capacity
Efficient
Hard to remove (some schemes involve
cryptographic operations)
• Drawbacks
– Hard to make tamper proof
– Can distort image/sound
CSE331 Fall 2002
12
DRM Examples
• DVD players/recorders
– Keyed to a geographic region
– DVD burners may refuse to record watermarked
material
• Secure Digital Music Initiative
– www.sdmi.org
CSE331 Fall 2002
13
But… SDMI hasn’t panned out
• Ed Felton of Princeton
– “In September 2000, SDMI issued a public challenge to help
them choose among four proposed watermarking
technologies. During the three-week challenge, researchers
could download samples of watermarked music, and were
invited to attempt to remove the secret copyright
watermarks.”
– During the challenge period, our team … successfully
defeated all four of the watermarking challenges, by
rendering the watermarks undetectable without significantly
degrading the audio quality of the samples. Our success on
these challenges was confirmed by SDMI's email server.
http://www.cs.princeton.edu/sip/sdmi.
CSE331 Fall 2002
14
Identity Theft
• Steal Personal Information:
–
–
–
–
–
Social Security Numbers
Telephone Numbers
Address Information
Date of Birth
Credit card number
• Use it to:
– Open a credit card account
– Change the mailing address on your credit card
account
– Establish cell phone service
– Open a bank account
CSE331 Fall 2002
15
For Future Reference…
• Trust in Cyberspace
– National Academy Report on directions in Network
Information Systems Security
– Complete contents are on the web (for free)
– http://bob.nap.edu/html/trust/
• CERT
– http://www.cert.org/
CSE331 Fall 2002
16
Download