Operating Systems Implementation Introduction 2

COMP3300 Protection is a problem that considers how to provide

controlled access to programs and data in the computer system.
Protection is a strictly internal issue. Whereas, security involves
Security both internal and external issues. These are essentially
management problems.
Information stored in a system must be secured from:
Department of Computer Science
unauthorised access,
The Australian National University
malicious destruction,
Eric McCreath malicious alteration, and
accidental introduction of inconsistency.
2004

Introduction 3 Authentication 4

Security measures must address both: The authentication problem involves determining if the identity
physical, and of a user is the person they say they are.

human consideration. Authentication is based on one or more of the three items:

a user's possession(key card),
Maintaining a secure system within a corporation is vital. Loss,
alteration, or theft of data within a corporation may seriously a user's knowledge(user id and password), or
impair the ability of the corporation to function. a user's attribute(fingerprint, retina pattern, or signature).
The most common of these approaches is the use of passwords.
 Passwords
Passwords authenticate the user by having the user provide their
id and password. If the password matches the one stored in the
system then the system assumes that the user is legitimate.
Passwords are extremely common as they are easy to use,
understandable, and require no additional hardware.
However, passwords are vulnerable as it is difficult to keep a
password secret. Passwords can be compromised by:
being guessed,
accidentally exposed, or
illegally transferred.
Encrypted Passwords
It may be difficult to keep passwords secret on a system.
Encryption is often used to keep passwords to address this
problem. A function f is used that is simple to compute but
extremely difficult to invert(these are known as one way
functions). Given a password w, rather than storing w on the
system, an encrypted version f(w) may be stored. Whenever a
password is checked it is encrypted using f and checked against
f(w). Hence, knowing the value of f(w) does not help determine
w.
Old versions of UNIX allowed encrypted passwords to be
public.
5 Passwords 6
Short passwords may be guessed by enumeration. System
administrators will often place restrictions(such as a minimum
length, requiring upper and lower case characters, not being a
dictionary word) on the kinds of passwords. This makes them
difficult to guess by enumeration. However, it also makes
passwords more difficult to remember!
Some systems also age passwords forcing users to regularly
change their password.
7 One-time Passwords 8
Passwords may be obtained by shoulder surfing. This is when
someone looks over your shoulder to get you password.
Also passwords are vulnerable to sniffing. This is when an
intruder watches the data on the network as it is being
transfered.
One approach to address these problems is one-time passwords,
this is where a password is only used a single time. Hence, if an
intruder obtains a password it is of no value as a different
password is used in the next transaction.
One variation of one time passwords is to use a code book or
one-time pad. This approach uses a list of single-use passwords.
These are only used once and then crossed off the list.
 One-time Passwords 9 One-time Passwords 10

Paired passwords may be used where the computer randomly Another approach is to use a function that combines a seed with
selects a challenge and the user must correctly respond. a secret.
This approach may be generalized to use an algorithm as a
password. Computer

Computer seed
User User
challenge : 22 seed

f(seed,secret) f(seed,secret)

response : 34 = ?? generated
password

Program Threats 11 Logic Bomb 12

Often users will execute programs written by other users. This
provides an opportunity for misuse which may undermine the
security of the system. These types of threats are known as
program threats. The most common program threats are:
logic bombs,
Trojan horses, and
trap doors.
Logic Bombs are sections of code embedded into legitimate
program that are set to 'go off' when particular conditions are
meet. These pre-date viruses.
An example may be an employee may set the logic bomb to go
off if his ID is removed from the payroll.
 Trojan Horse 13 Trap Doors 14

A Trojan horse is a program that performs a hidden function in
addition to (or completely replacing) its stated and obvious
function.
Two examples of Torjan horses are:
Replacing common utility programs (eg ls with your own
insidious version of ls)
A program that is identical to the user interface for logging in.
When a person 'logs in' the program can capture the victims
password.
A trapdoor is a secret, undocumented entry point into a
program. This allows a predator to circumvent the security
measures. Trapdoors may have been used for debugging when
the system was developed and never removed. However, they
may have also been intentionally placed in the program to
provide away of undermining security of the system.

System Threads 15 Worms 16

Operating systems generally provide a mechanism for processes
to spawn other processes. This feature may be misused. The two
most common methods for achieving this are:
worms, and
viruses.
Worms are complete programs that reproduce themselves.
These processes will rapidly spread across the system
significantly degrading the system performance.
An example of a worm is the program unleashed by Morris, a
first-year Cornell graduate student, on November 2, 1988.

Infected system Target

rsh attack
finger attack
worm sendmail attack grappling
hook

worm
 Viruses 17 Threat Monitoring 18

Viruses are fragments of code that embed them-self in
legitimate programs.
Viruses are often spread by programs down-loaded from the
Internet, emails, or by the exchange of disks.
There are a variety of anti-virus programs that are available.
However, they are generally limited in that they can only check
for viruses that are currently known.
The computer system may be examined or monitored for
potential security problems. This is known as threat
monitoring.
Some examples of threat monitoring include:
checking if passwords are repeatedly entered incorrectly,
raid process creation while the user is not logged on,
checking for easy to guess passwords,
unauthorized programs in system directories, and
changes to system programs or protection settings.
These threats may be flagged or addressed automatically.

Firewall 19 Encryption 20

For many organizations the Internet has become an Often the security of information can't be guaranteed either
indispensable resource. This introduces a security nightmare. A when it is stored or transferred. Encryption provides a way of
common solution to this problem is a firewall. Firewalls securing such information.
separate the organizations computers from the untrusted
Internet. Firewalls will limit the types of actions that computers encryption key decryption key
connecting in from the Internet may perform.

clear text Encryption cipher text Decryption clear text

organizations Algorithm Algorithm
computers

Firewall
Internet

demilitarized zone
(DMZ)
 Encryption 21 DES 22

A symmetric key system uses the same key for both encryption plain text (64 bits)
and decryption.
In this case both keys must be kept secret. This approach suffers Initial Transposition
from the key distribution problem. Each iteration
Iteration 0
DES(Data Encryption Standard) is the most popular approach

key 56 bits
(1977 the National Bureau of Standards). Hardware Iteration 1
implementations exist which makes encryption and decryption Ki
fast. DES uses a 56 bit key and will encode 64 bit messages. F( , )
However, by 1999 hardware existed that could crack DES in a Iteration 15
few hours. So new DES variants exist that use larger keys.
Swap

Inverse Transposition

cipher text (64 bits)

Key Distribution Problem 23 A Way Forward 24

The problem with DES is how do you tell the person you are Alice Bob
sending information to the key. This is a classic catch 22
situation!
Diffie, Hellman and Merkle could see there was a way you
could solve this problem. They final came up with what is
known as the Diffie-Hellman-Merkle key exchange scheme.
(around 1976)

Eve

Alice Bob
 Diffie-Hellman-Merkle key exchange 25 Encryption 26

(These details are more just for peoples interest.)

An asymmetric key uses two different keys. A public key and a
Alic Bo private key. Knowing the public key does not help decrypt the
e Both Alice and Bob b cipher text. This approach can be used to address the problem of
know key distribution.
Alice thinks up the numbers 5 and 7. Bob thinks up
a random number, a random number, Diffie in 1973 came up with a great idea that is to use two
say 4. (this is not say 3. (this is not shared) different keys. Rivest, Shamir, Adleman worked out a way of
shared)
54 (mod 7) = 53 (mod 7) = 6
2 6 implementing it(1977).
2
Alice Bob
64 (mod 7) = 1 3
2 (mod 7) = 1
So both Alice and Bob share the same secret key, namely 1.
Even if Eve see all the communication between Alice and Eve
it is difficult to work out the key as the functions ax (mod b)
are one way. That is easy to calculate, but hard to invert.
(Note that, numbers would be a lot bigger.)

Public Keys 27

This idea could also be used to give a message a digital

signature. In this case a message is encrypted with Alice's
private key and then sent to Bob. Now Bob decrypts the
message with Alice's public key and is certain that it is from
Alice.
This works because RSA works in reverse direction.