Dr. Jelena Mirkovic
University of Southern California
Information Sciences Institute
 If
you wish to enroll and do not have D
clearance yet, send an email to
CSci530@usc.edu with:
oYour name
oWhich prerequisites you have completed
oA phone number
oRequest to receive a D clearance
I
will let you know within a day or two
 http://ccss.usc.edu/530
oSyllabus
oAssignments
oNews
oLecture notes (also on DEN)
 Keep checking it!
 http://ccss.usc.edu/530L
o1 of the 4 units
oInstructor is David Morgan
oInstruction 4 – 4:50 Fridays in RTH105
 WebCast via DEN
 Hands on work in the lab – exercising the
theoretical knowledge from class
 Some labs will be done remotely using DETER
testbed
 Four
reports, due as noted online
 Each discusses a paper of your choice from a
few top security conferences/journals
oSummary of the paper and its critique
oYour ideas on the topic
o2-4 pages, submitted via DEN
oYou can submit reports early if you like
 One report from each student will be chosen
for presentation in class
 Total 20% of your grade, 4% each
4
quizzes
oDone before each DETER exercise
oRepeated after the exercise
oYou MUST take each quiz
 Total 5% of your grade
 Class
e-mail: csci530@usc.edu (TA and inst)
 Instructor
oDr. Jelena Mirkovic
oOffice hours Fri 12:30-1:30pm or by appt
in SAL 234
oContact via email (on class web page)
 TA
oMelina Demertzi
oOffice hours Tu and We 10-11 am
oContact via email (on class web page)
 Grading:
oPaper reports/presentations: 20%
oLab: 20%
oQuizzes: 5%
oParticipation: 5%
oMidterm Exam: 20%
oFinal Exam: 30%
 Grades assigned using an absolute curve:
A
A-
B+
B
B-
C+
C
C-
D+
D
D
93
90
86
83
80
76
73
70
66
63
60
 DEN
system will host the class discussion
board
oTo gain access and log in
https://mapp.usc.edu/
oContact webclass@usc.edu if you have
difficulty with the system
oI will check the discussion board once daily
but if you want a reliable response from me
email me directly
 Class
participation is important
oAsk and answer questions in class
oAsk, answer, participate on-line
 Class participation carries 5% of your grade
oIf I don’t remember you from class, I look in the
web discussion forum to check participation
 Did you ask good questions
 Did you provide good answers
 Did you make good points in discussions
oFor DEN students, discussion board is the
primary means of class participation
 You can also call into the class if you like
 What
is and is not OK
oI encourage you to work with others to learn the
material but everyone must DO their work ALONE
oDo not to turn in the work of others
oDo not give others your work to use as their own
oDo not plagiarize from others (published or not)
oDo not try to deceive the instructors
 See
the Web site
oMore guidelines on academic integrity
oLinks to university resources
oDon’t just assume you know what is acceptable.
 No
o
o
o
o
o
o
o
o
o
one should be able to:
Break into my house
Attack me
Steal my TV
Use my house to throw water balloons on
people
Damage my furniture
Pretend to be my friend Bob and fool me
Waste my time with irrelevant things
Prevent me from going to my favorite
restaurant
Destroy my road, bridge, city ..
 No
o
o
o
o
o
o
o
I
o
o
one should be able to:
Break into my computer
Attack my computer
Steal my information
Use my computer to attack others
Damage my computer or data
Use my resources without my permission
Mess with my physical world
want to talk to Alice
Pretend to be Alice or myself or our computers
Prevent me from communicating with Alice
 An
o
isolated computer has a security risk?
Computer security aims to protect a single,
connected, machine
 Networking
= communication at all times
and in all scenarios!!!
o
Network security aims to protect the
communication and all its participants
Computer security
 Security
Network security
= robustness or fault tolerance?
 Breaking
o
into my computer
Hackers
 Break a password or sniff it off the network
 Exploit a vulnerability
A vulnerability is a bug in the software that creates
unexpected computer behavior when exploited, such
as enabling access without login, running unauthorized
code or crashing the computer.
An exploit is an input to the buggy program that makes
use of the existing vulnerability.
Use social engineering
 Impersonate someone I trust
Viruses and worms

o
 Attacking
o
my computer
Denial-of-service attacks
A DOS attack aims to disrupt a service by either
exploiting a vulnerability or by sending a lot of
bogus messages to a computer offering a service
o
Viruses and some worms
A virus is a self-replicating program that requires
user action to activate such as clicking on E-mail,
downloading an infected file or inserting an infected
floppy, CD, etc ..
A worm is a self-replicating program that does not
require user action to activate. It propagates itself
over the network, infects any vulnerable machine it
finds and then spreads from it further.
 Stealing
o
o
o
my information
From my computer or from communication
I will use cryptography!
 There are many ways to break ciphers
 There are many ways to divulge partial
information (e.g. who do you talk to)
I would also like to hide who I talk to and when
 I will use anonymization techniques
 Anonymization hinders other security
approaches that build models of normal
traffic patterns
 Using
o
o
o
o
my machine to attack others
E-mail viruses
Worms
Denial-of-service attacks (including reflector
attacks)
Spam, phishing
 Damaging
o
o
o
o
my computer or data
I have to prevent break-ins
I will also use cryptography to detect
tampering
I must replicate data to recover from
tampering
Denial-of-service attacks and worms can
sometimes damage computers
 Taking
up my resources with irrelevant
messages
o
o
o
o
Denial-of-service attacks
Spam mail (takes time to read and fills space)
Malicious mail (may contain a virus)
Viruses and worms
 Messing
o
up with my physical world
Cyber-physical attacks or collateral victims
o
o
o
o
Power systems, traffic control, utilities
Travel agencies
Medical devices
Smart vehicles
 Pretending
computers
o
o
o
to be Alice or myself or our
I want to be sure who I am talking to
(authentication and digital signatures)
It is hard to impersonate a computer in twoway communication, such as TCP
 But it has been done
Plain IP spoofing seems an extremely hard
problem to solve
IP spoofing means putting a fake IP address in the
sender field of IP packets.
 Preventing
Alice
o
o
o
me from communicating with
Alice could be attacked
Routers could be overloaded or tampered with
DNS servers could be attacked
 Confidentiality
(C)
oKeep data secret from non-participants
 Integrity (I)
oAka “authenticity”
oKeep data from being modified
oKeep it functioning properly
 Availability (A)
o Keep the system running and reachable
 No
one should be able to:
oBreak into my computer – A, C, I
oAttack my computer – A, C, I
oSteal my information - C
oUse my computer to attack others – I?
oDamage my computer or data - I
o
o
I
o
o
Use my resources without my permission – A
Mess with my physical world – I, A
want to talk to Alice
Pretend to be Alice or myself or our computers – C, I
Prevent me from communicating with Alice - A
 Policy
oDeciding what confidentiality, integrity and
availability mean
 Mechanism
oImplementing the policy
 Your
security frequently depends on
others
oTragedy of commons
 A good solution must
o Handle the problem to a great extent
o Handle future variations of the problem, too
o Be inexpensive
o Have economic incentive
o Require a few deployment points
o Require non-specific deployment points
 Fighting
o
o
o
o
a live enemy
Security is an adversarial field
No problem is likely to be completely solved
New advances lead to improvement of attack
techniques
Researchers must play a double game
 Attack
patterns change
 Often there is scarce attack data
 Testing security systems requires
reproducing or simulating legitimate and
traffic
o
No agreement about realistic traffic patterns
 No
agreement about metrics
 There is no standardized evaluation
procedure
 Some security problems require a lot of
resources to be reproduced realistically
 Risk
analysis and risk management
o How important it is to enforce a policy
o Which threats matter
o Legislation may play a role
 The role of trust
o Assumptions are necessary
 Human factors
o The weakest link
 Motivation
o Bragging Rights
o Profit (Spam, Scam, Phishing, Extortion)
o Revenge / to inflict damage
o Terrorism, politics
 Risk to the attacker
o Usually small
o Can play a defensive role
 Buggy
code
 Protocol design failures
 Weak crypto
 Social engineering/human factor
 Insider threats
 Poor configuration
 Incorrect policy specification
 Stolen keys or identities
 Misplaced incentives (DoS, spoofing, tragedy
of commons)
 Policy
defines what is allowed and how the
system and security mechanisms should act
 Policy is enforced by mechanism which
interprets and enforces it, e.g.
o Firewalls
o IDS
o Access control lists
 Implemented as
o Software (which must be implemented correctly and
without vulnerabilities)
 Encryption

 Checksums

 Key
management
 Authentication
 Authorization
 Accounting
 Firewalls




VPNs
Intrusion Detection
Intrusion Response
Virus scanners
Policy managers
Trusted hw
 Most
deployment of security services today
handles the easy stuff, implementing security
at a single point in the network, or at a single
layer in the protocol stack:
o Firewalls, VPN’s
o IPSec
o SSL
o Virus scanners
o Intrusion detection
 Unfortunately,
security isn’t that easy. It must
be better integrated with the application.
o At the level at which it must ultimately be specified,
security policies pertain to application level objects,
and identify application level entities (users).
 Security
is made even more difficult to
implement since today’s systems lack a
central point of control.
o Home machines unmanaged
o Networks managed by different organizations.
o A single function touches machines managed by
different parties.
 Clouds
o Who is in control?
 Goal:
Protect private communication in
the public world
 Alice and Bob are shouting messages in a
crowded room
 Everyone can hear what they are saying
but no one can understand (except them)
 We have to scramble the messages so
they look like nonsense or alternatively
like innocent text
 Only Alice and Bob know how to get the
real messages out of the scramble
 Authentication
o
Bob should be able to verify that Alice has
created the message
 Integrity
o
checking
Bob should be able to verify that message has
not been modified
 Non-repudiation
o
Alice cannot deny that she indeed sent the
message
 Exchanging
a secret with someone you
have never met, shouting in a room full
of people
 Proving to someone you know some
secret without giving it away
 Sending secret messages to any m out of
n people so only those m can retrieve
messages and the rest n-m cannot
 Sending a secret message so that it can
be retrieved only if m out of n people
agree to retrieve it
 Alice
could give a message covertly
“Meeting at the old place”
o Doesn’t work for arbitrary messages and
o Doesn’t work if Alice and Bob don’t know
each other
 Alice
could hide her message in some
other text – steganography
 Alice could change the message in a
secret way
o Bob has to learn a new algorithm
o Secret algorithms can be broken by bad guys
Good cryptography assumes knowledge of algorithm
by anyone, secret lies in a key!!!
 Substitute
each letter with a letter which
is 3 letters later in the alphabet
o HELLO becomes KHOOR
 Instead of using number 3 we could use
n [1,25]. n would be our key
 How can we break this cipher? Can you
decipher this:
Bpqa kzgxbwozixpg ammua zmit miag.
Em eivb uwzm!
 We
can also choose a mapping for each
letter:
(H is A, E is M, L is K, O is Y). This
mapping would be our key. This is
monoalphabetic cipher.
o HELLO becomes AMKKY
 How can we break this cipher?
 Symmetric
key crypto: one key
o We will call this secret key or shared key
o Both Alice and Bob know the same key
 Asymmetric key crypto: two keys
o Alice has public key and private key
o Everyone knows Alice’s public key but only
Alice knows her private key
o One can encrypt with public key and decrypt
with private key or vice versa
 Hash
functions: no key
o Output depends on input in non-linear
fashion