Computer Laboratory

Course material 2010–11


Security II

Lecturer: Professor R.J. Anderson

No. of lectures: 16

Prerequisite courses: Introduction to Security, Discrete Mathematics, Economics and Law, Operating Systems, Digital Communication I, Principles of Communication

This course is a prerequisite for E-Commerce.

Aims

This course aims to give students a thorough understanding of computer security technology. This includes high-level issues such as security policy (modelling what ought to be protected) and engineering (how we can obtain assurance that the protection provided is adequate). It also involves the protection mechanisms supported by modern processors and operating systems; cryptography and its underlying mathematics; electrical engineering issues such as emission security and tamper resistance; and a wide variety of attacks ranging from network exploits through malicious code to protocol failure.

Lectures

  • What is security? Introduction and definitions: different meanings of principal, system, policy, trust. Diversity of applications. Relationship with distributed system issues such as fault-tolerance and naming.

  • Multilevel security. The Bell-LaPadula policy model; similar formulations such as the lattice model, non-interference and non-deducibility. Composability. Real MLS systems and their problems: covert channels, the cascade problem, polyinstantiation, dynamic and non-monotonic labelling. Flexibility, usability and compatibility.

  • Multilateral security policy models. Compartmented systems, Chinese Wall, the BMA policy. Inference security: query controls, trackers, cell suppression, randomization, stateful controls, and active attacks.

  • Banking and bookkeeping systems. Double-entry bookkeeping, the Clark-Wilson policy model. Separation of duties, and its implementation problems. Payment systems and how they fail: SWIFT, ATMs.

  • Monitoring systems. Alarms. Sensor defeats; feature interactions; attacks on communications; attacks on trust. Examples: antivirus software, tachographs, prepayment electricity meters. Seals; electronic postal indicia.

  • Telecommunications security. Attacks on metering, signalling, switching and configuration. Attacks on end systems. Feature interactions. Mobile phone issues: protection issues in GSM, GPRS, 3g. Surveillance technology and practice. Models of attacks on communications systems.

  • Anonymity and peer-to-peer systems. Dining cryptographers; mix-nets. Models of opponents. Surveillance versus service denial. Peer-to-peer systems; resilience and censorship resistance.

  • Hardware engineering issues. Tamper resistance: smartcards, cryptoprocessors. Mechanical and optical probing, fault induction, power analysis, emission security, timing attacks.

  • Software engineering issues. Classes of software vulnerabilities: stack overflows, buffer overflows, namespace and protocol issues, concurrency vulnerabilties. History, examples, exploits, and prevention.

  • Stream ciphers. Historical systems: Caesar, Vigenère, Playfair. Revision of information theory: unicity distance, the one-time-pad, attacks in depth. Shift register based systems: the multiplexer generator, RC4, A5. Attacks on these systems: divide and conquer, fast correlation.

  • Block ciphers. Design of block ciphers: SP-networks and Feistel ciphers. Differential and linear cryptanalysis. AES; Serpent; DES. Revision of the random oracle model: modes of operation. Splicing and collision attacks. Message authentication codes and hash functions.

  • Symmetric cryptographic protocols. Needham-Schroder, Otway-Rees, Kerberos, the wide-mouthed frog. The BAN logic. Applying BAN to verify a payment protocol. API security.

  • Asymmetric cryptosystems. Revision of public-key mathematics: RSA, ElGamal, Diffie-Hellman. Elliptic curve systems, factoring algorithms. Advanced primitives: identity-based schemes; threshold schemes; zero knowledge; blind signatures.

  • Asymmetric cryptographic protocols. Needham-Schroder, Denning-Sacco, TMN. Applications including SSL/TLS, SSH and PGP. The BAN logic applied to public key systems.

  • Rights management and competition. Copyright management systems; accessory control systems; the Trusted Computing architecture. Tensions between security and competition.

  • Security engineering. Why is security management hard? Security economics: the effects of market races, externalities, coordination problems, correlated risks, the patching cycle, and supply chain effects. Problems with certification including the Common Criteria. Behavioural and organisational effects. Interaction with the regulatory environment.

Objectives

At the end of the course students should be able to tackle an information protection problem by drawing up a threat model, formulating a security policy, and designing specific protection mechanisms to implement the policy.

Recommended reading

* Anderson, R. (2008). Security engineering. Wiley (2nd ed.). First edition (2001) available at    http://www.cl.cam.ac.uk/users/rja14/book.html
Stinson, D.R. (2002). Cryptography: theory and practice. Chapman & Hall (2nd ed.).
Schneier, B. (1995). Applied cryptography: protocols, algorithms, and source code in C. Wiley (2nd ed.).

Further reading:

Kahn, D. (1966). The codebreakers: the story of secret writing. Weidenfeld and Nicolson.
Cheswick, W.R., Bellovin, S.M. & Rubin, A.D. (2003). Firewalls and Internet security: repelling the wily hacker. Addison-Wesley (2nd ed.)
Howard, M. & leBlanc, D. (2003). Writing secure code. Microsoft Press (2nd ed.)
Gollmann, D. (2006). Computer security. Wiley (2nd ed.).
Koblitz, N. (1994). A course in number theory and cryptography. Springer-Verlag (2nd ed.).
Neumann, P. (1994). Computer related risks. Addison-Wesley.
Biham, E. & Shamir, A. (1993). Differential cryptanalysis of the data encryption standard. Springer-Verlag.
Leveson, N.G. (1995). Safeware: system safety and computers. Addison-Wesley.
Konheim, A.G. (2007). Computer security and cryptography. Wiley.
de Leeuw, K. & Bergstra, J. (2007). The history of information security. Elsevier.