Professional Documents
Culture Documents
Afaleia Ypologiston
Afaleia Ypologiston
, 2007
:
.
1 ........................................................................ 4
1.1 ........................................................................................ 4
1.2 , ............................................................. 8
1.3 ............................................................................. 14
1.4 .......................... 17
1.5 ............................................................................... 22
1.6 ....................................................... 24
2 & ........................................30
2.1 ...................................................................................... 30
2.2 ................................................... 33
2.2.1 ....................................................................................... 34
2.2.2 .............................................. 43
2.3 ..................................................... 47
2.3.1 ............................................................................... 47
2.3.2 .......................................................... 52
2.3.2.1 (Fingerprint)............................................. 52
2.3.2.2 (Iris Recognition)........................................... 53
2.3.2.3 (Retina)...................................... 54
2.3.2.4 (Facial Recognition) ............................... 55
2.3.2.5 (Voice Recognition) ..................................... 56
2.3.2.6 .......................................................................... 59
2.3.3 ................................................. 59
2.3.3.1 ................................................................ 59
2.3.3.2 ........................... 61
2.3.4 .............................. 61
3 ....................................................................65
3.1 ...................................................................................... 65
3.2 « » DAC............................................................. 68
3.2.1 Windows (NTFS) ............... 72
3.2.2 Unix......................... 74
3.2.3 DAC.................. 76
3.3 « ’ » MAC............................................................ 77
3.3.1 Bell-LaPadula .............................................................. 78
3.3.2 Biba ............................................................................. 79
3.4 (RBAC) ....................................... 80
4 .........................................................84
4.1 (Malware) ........................................................... 84
4.1.1 & .... 85
4.1.2 « » ............................................................................... 88
4.1.3 (Worms) ......................................................................... 93
4.1.4 (Trojan Horses). ....................................................... 96
4.1.5 Spyware – Adware Hoax............................................................ 97
4.1.6 ..................................................... 99
4.2 ............................................................................103
4.2.1 Antivirus ..................................................................104
4.2.2 Firewall .....................................................108
4.2.3 (Vulnerability Scanners)..............................112
4.2.4 (Intrusion Detection Systems)....113
4.2.5 (Backup).........................................115
5 ........................................................................118
5.1 (Mobile Code) ............................................................118
5.2 Cookies.......................................................................................123
5.3 (e-Mail Security)....................126
5.4 TCP/IP.............................................................................130
5.4.1 DNS (Domain Name System)....................132
5.4.2 (Packet Sniffing) .............................................136
5.4.3 (IP Spoofing).....................................138
5.4.4 ..................................................140
5.5 .................................................................................146
5.5.1 To SSL .......................................................................146
5.5.2 IPSEC..........................................................................147
5.5.3 Firewalls .........................................................................150
6 ....................................................................157
6.1 .....................................................................................157
6.2 ..............................................................................161
6.3 Hash (One-way ash functions) ....................163
6.4 ......165
6.4.1 (MAC) .................................168
6.5 ...............................................................................170
- ..............................................................................172
3
1
1.1
« » ,
.
,
».
( ):
,
.
, .
.
.
.
.
.
,
,
. ,
. ,
, ,
.
–
(Information and Communication Technology Security – ICT Security)
:
1. ,
,
, ,
, ,
.
2. ,
,
,
, ,
.
3. ,
, .
4
.
, :
, ,
1. ( ) ,
2. (
) .
,
(e-crime, computer crime). [Forester
and Morrison, 1994] :
«
»
( )
,
, ,
. :
5
•
.
« » (hackers,
crackers )
-Internet & .
, ,
( ,
Internet, , ).
.
( )
(Information theory),
(linear algebra), (number theory) .,
.
& .
( . & ).
(non-technical)
. ,
,
(Cyber Ethics).
( )
’ ’ ( ,
)
1980 (
– 4).
,
Web,
. ( ) :
6
, . (Viruses), (Worms),
(Trojan Horses), Spyware, Adware,
.
(Hacking).
(Social Engineering)
(Denial Of Service).
.
(Spoofing / Masquerading). « »
,
.
- .
(confidentiality) (integrity) -
(spam).
,
.
. , ,
,
.
9
7
1.2 ,
.
.
(Asset).
.
, :
- (Physical Assets): , , ,
,
- (Data Assets): ( , )
- (Software Assets): ,
, .
(Impact or Value).
. :
,
, .
,
.
:
- :
,
.
,
- :
. ,
,
.
- :
.
,
(Denial-of-Service attack)
,
sms, ).
8
- :
.
,
,
.
(Threat).
(impact) .
. :
: , , , , ,
, ,
: , ,
, , ,
, , , , ,
: ,
, ,
.
(
– .
) (
– . ).
1. . ,
o Footprinting – . IP
, e-mail , ,
,
o Scanning & enumerating - ,
,
o Hacking -
).
9
: (Viruses), (Worms), (Trojan
Horses), spyware/adware .
(Social Engineers):
2. . , « »
-
.
-
.
(Vulnerability).
. ,
, .
,
.
« »( . –« »
.),
( . « » -
permissions ).
18
(attacks)
( )
10
, ,
.
.
:
- - . , , , ..
- – . hackers, crackers, vandals,..
( ),
), , ,
. ,
,
,
. , :
(Interception)
- .
( . -
), ( . sniffing,
, (password files),
, PIN, password
), ( .
, )
( . -traffic
analysis).
(Confidentiality) .
(Interruption)
- , , .
, , ,
(DOS attacks)
( , ,
, ),
( .),
( . , –
file system) ( .
).
(Availability) .
(Modification)
-
.
11
( .
.
,
), ( .
),
, ,
/ .
(Integrity) .
(Fabrication)
- ( ) .
(Spoofing),
(Phishing), (Man in the Middle),
(replay attacks)
.
20
(Interception)
(Interruption)
, ,
(Modification)
(Fabrication)
)
( .
), ( .
, ),
( . , IP/DNS
spoofing, , Phishing,
). (Integrity)
.
:
,
.
12
:
• (Passive): « »
.
« » ( )
, .
• (Active):
, , .
.
;
:
• (Privacy). .
- (Anonymity):
, , )
.
- / (Confidentiality, Secrecy).
( ).
• (Authenticity, Authentication). ,
:
- (Identification) (Entity
Authentication): «
;»
- (Authorization) :
«
;»
- (Non-Repudiation): ( )
: «
;» « »
.
:
, ;
13
• (Integrity).
. ,
.
: , , .
, , ,
.
• (Availability).
[ / / / / ]
.
1.3
( ).
(Security Policy) ,
.
, « »
.
.
,
.
29
…;
…
A. ; (Attacker model)
1. Derek is a 19-year old. He's looking for a low-risk
opportunity to steal something like a video recorder which he
can sell.
2. Charlie is a 40-year old inadequate with seven convictions for
burglary. He's spent seventeen of the last twenty-ve years in
prison. Although not very intelligent he is cunning and
experienced; he has picked up a lot of `lore' during his spells
inside. He steals from small shops and prosperous looking
suburban houses, and takes whatever he thinks he can sell to
local fences. Ross Anderson, Security Engineering, 2001
[Anderson 2001] .
Derek, Charlie, Bruno Abdurrahman
.
14
:
Charlie,
Bruno Abdurrachman.
30
…;
…
A. ; (Attacker model)
3. Bruno is a `gentleman criminal'. His business is mostly
stealing art. As a cover, he runs a small art gallery. He has a
(forged) university degree in art history on the wall, and one
conviction for robbery eighteen years ago. After two years in
jail, he changed his name and moved to a different part of
the country. He has done occasional `black bag' jobs for
intelligence agencies who know his past. He'd like to get into
computer crime, but the most he's done so far is stripping
$100,000 worth of memory chips from a university's PCs
back in the mid-1990s time when there was a memory famine.
Ross Anderson, Security Engineering, 2001
(Amateurs)
hacker, Derek,
[Anderson 2001]. (amateurs)
,
( )
.
(elite) hackers ( . port scanning, sniffing, toolkits
, trojans, -
cracking, ).
( .«
;») .
– insiders) .
(Hackers, Crackers)
Hacker, ,
( )
. , hacker
( ) , ,
Internet,
) ( ) .
15
( , ,
).
, ,
.
hacker, Charlie [Anderson 2001].
31
…;
…
A. ; (Attacker model)
4. Abdurrahman heads a cell of a dozen militants, most with
military training. They have infantry weapons and explosives,
with PhD-grade technical support provided by a disreputable
country. Abdurrahman himself came third out of a class of
280 at the military academy of that country but was not
promoted because he's from the wrong ethnic group. He
thinks of himself as a good man rather than a bad man. His
mission is to steal plutonium..
:
;
Ross Anderson, Security Engineering, 2001
, Crackers
, ,
, ,
hackers. ( )
crackers. hacker cracker
.
(Career Criminals)
(career criminals)
hackers (Social Engineer).
( . , ,
, ).
( . phishing). H « »
, ..
Anderson, ,
Bruno.
: [Anderson 2001],
Abdurrahman .
16
1.4
. , , ;
: (access control)
.
:
(Organizational Security)
. , ,
( . ) ,
(False Reject) ,
.
(Security Policy)
.
: ,
( .
- phishing).
:
.
37
…;
…
B. ,
, ;
17
. ;
,
, .
, , :
• . « » (tamper-resistant smartcards)
–
.
,
,
) .
• ( .).
.
(permissions) . ( Unix Windows),
(log files) ., (Domains) .
Windows 2000 .
• .
.
( . PGP),
( . SS ), antivirus,
firewalls, anti-spyware, (Vulnerability
Scanners), (IDS),
(Logging and Audit systems), ( .
DRM)
• .
,
.
39
…;
…
C. ;
18
. (prevention), (detection),
(recovery) ;
• .
, . ,
.
, firewall
( ) ( ) .
., ,
, , antivirus,
(vulnerability scanners)
.
• .
, 100% .
, .
(alarm systems)
. ,
(Intrusion
Detection Systems) (logging &
audit systems). IDS,
( )
, IDS , ,
( . firewalls).
• .
. ,
.
(backup)
.
(survivability) (Continuity)
: ( )
(backup), ,
(redundancy) (fault-tolerant systems)
RAID, hot swapping, UPS,
, load balancing .
19
40
…;
…
D. (prevention),
(detection), (recovery) ;
(Security Cost).
. ,
,
.
,
. .
, password,
, ,
. -
, ’ )
, ) )
.
(trade-off) ( & ),
.
: ,
,
(Risk Analysis)
.
20
38
(Infosec goal)
,
<<
>>
.
,
( . Domain Server ),
. ,
(Domains), (login)
(Domain Server),
. server,
. server proxy
(Web),
Web.
: ( ) ,
.
. ( ) ,
.
(Peer to Peer),
.
, .
.
(Logical Access Control)
21
,
.
.
. ,
. Internet
, ,
, .
, , ,
.
« » ( )
« »
. ,
,
(phishing)
(Social Engineering).
1.5
( , ),
, ,
,
.
( ).
.
,
, ).
:
• ,
• ,
•
22
.
. ( , )
,
. ,
,
(risk analysis),
,
,
. :
1.
• , ,
)
( , , )
•
2.
• ISO, BSI,
NIST, Open
Forum .
•
• .
3.
• , ,
(
,
)
23
•
• :
-
-
-
- .
1.6
(subjects)
. ,
’ .
: , ,
( ) .
: (
) .
:
(subjects) .
( .
,
)
, ,
.
’ .
(Anderson, 2001):
PIN ( )
.
PIN .
PIN ATM,
. :
.
. ,
PIN ,
.
,
.
24
: -
90 :
remote control 16-bit,
(password).
(grabbers) ( )
, « » . :
. , « »
,
( ). :
, 16 32 bit.
(grabbers).
,
) . ,
, .
,
,
. O A ( . ,
) (
), ={ , }
,
, .
. : ,
, , )
, )
.
25
51
(Identification)
A : ,{ }
A= . 16-bit )
=
= )
} = .
: ,
, .
,
(Number used ONCE - nonce). , (replay attacks)
(
).
: ,
( . _2)
( . _1). : « »
grabber (session) . ,
. ,
« » ( )
, ( )
.
: :
« »
;» (counter):
: , +1, +2…. .
: , ,
, ;
, « »
grabber
. N+3.
26
(Challenge-Response)
« -
» (challenge-response). H (Verifier)
, ,
( . )
, .
:
, (symmetric).
6 ( .
).
53
: Challenge-
Response ( / )
(replay attacks)
. ,
. ,
27
. (replay attack)
IFF . ,
:
1) . (SA)
2) (ANG) ,
.
3) ANG
(SAAF) .
4) SAAF (challenge)
ANG.
5) ANG N
(SAMS) .
6) SAMS N SA.
7) SA [ ]
8) SAMS ANG
9) ANG SAAF
[N]
Challenge N
Retransmit
1 challenge N
Secret key K
Response correct!
Namibia Angola
http://www.cs.utexas.edu/~shmat/courses/cs378_spring05/03auth.ppt
28
:
(Man in the Middle attacks).
1
2
4 3
6
5
(Digital Signatures),
. ,
, S ( o A
site S, ). To site S
.
, site S, A,
T A
. site S
, , .
1) ( , )
, .
2) ( .
),
( . ,
). , ,
[ , customer, porn_site], .
29
2 &
2.1
( . , , ,
, .), .
« »,
, ,
, ,
) .
: (trade-off)
, ,
1.
B, A,
2. « » A,
.
http://www.cs.uwf.edu/~rdavid/CEN4540/sec3.ppt
X X
X X
(smartcards) X
X X
X X
X X
Antivirus, Anti-Spyware,.. X X X
& (IDS/IPS) X X X
– . ,
. , , passwords, PINs,
30
, .)
– , , .) B, oA :
• .. , , ,
, , ,
• .. ,
,
• .. ( .
- spam, , phishing)
. worm
.
• .. ( . ,
, ) .
,
, . ,
)
) )
.
:
. ; !
•
• , .
•
(Access Control)
: Host-to-Host
Network-Based Authentication
Internet IP
(IP-based authentication)
Internet DNS
(name-based authentication).
).
challenge-response
. Kerberos),
. SSL, Ssh, DNSSec),…
31
.
: 1) SYK, 2) SYH, 3)
SYA.
,
.
(“Something ou now”)
Passwords, PIN, ,…
(“Something ou ave”)
PDA, USB flash, (smart or magnetic)
(“Something ou re”)
: , , ,…
: SYK...
1. (
): Passwords, PINs,…
( ).
.
2. – (challenge-response)
3. (one-time passwords)
4.
2 4
( . Password generators – ). ,
SYK ( .
PIN) SYH (
).
32
.
:
. ,
( . ),
SYK, SYH, SYA,
.
SYK ( - user name - password).
PIN
PIN
2.2
. :
server.
(incoming
33
mail server) e-mail
(outgoing mail server)
• SIM ,
(ATM): PIN (Personal Identification Number).
« » . (
)
, :
, , ,
, . , .
, . ,
,
.
: ( . phone banking)
.
2.2.1
. :«
)
( , – random),
) ; ,
.
:
SYK, ( , , PIN). H
S.
S « »
.
: ,
, S;
(repudiation)
.
• « »
• « »
34
• : « » ,
( ,
, )
: , ,
« »
:
• ( – .«
», – . «
PIN », –
phishing - M ).
(Phishing). To approved-
password.zip .
webmaster@ionio.gr , , .
« » ,
1.
2. .
: , o
« – SYK» « –
SYH», SYH ( .
, , , )
35
« »
,
1. « »
2. ,
.
:
12 . .
,
.
, ,
.
: « »
( . e-banking,
e-mail ),
»
( . forum, , web mail, newsgroups, )
(case study)
H :
phishing . ,
. , . . 1/1000,
mail 1.000.000 ,
1000 . , Internet,
36
(security awareness).
.
.
( . PIN
, ATM )
(design errors).
.
,
( .
),
. ,
.
, POS ,
. ,
WC (
).
« » -WC- .
.
. -
(default) , )
, ) .
.
, , .
router, dial-up, voice mail, ..
:
PIN . PIN
.
, PIN 4
, PIN,
1 104 ( )1 100. « » « »,
. , PIN
,
. ,
.
: ,
( ) 4X10 : PIN
2256. 4 ( . Blue)
37
2 , 2 , 5 6 .
« » .
; ,
SYK SYH. , ,
4x10 40-50
(Anderson 2001). ’ , « »
PIN 1 3000 (
4
10 / 3 3000) 1 ~15 ( 45/3=15).
) -
PIN 2256
4 . blue)
. )
1 2 3 4 5 6 7 8 9 0
a b F z P D N m v E
o L i k L U E Y t C
I r t w U E B n g E
L j o s B e A o S H
To
:
1. ( ) .
.
.
2. .
. ,
( . : Microsoft) ,
.
. « microsoft.com,
»).
(insiders)
(outsiders). , ( , )
« »
) (
).
38
.
3. . .
( ,
, ).
DOS DDOS ( . zombie
BotNet).
. , : )
» )
« »
.
,
( )
.
Online ( )
Offline ( )
Online
O Mallory (log-in)
)
(username), . footprinting
HTTP, Telnet, Pop, FTP, SMB
:
online . , ,
(lockout)
( . 3)
1.
- Spyware .
, spyware
. e-mail « ».
39
( : Anderson 2001). o
PDP-10 TENEX
.
.
. « »
( ) .
(Interface):
(
) .
2. (eavesdropping, interception)
( . routers, servers ). ,
(LAN), ( ,
),
« » ). ,
) .
, Secure Socket Layer (SSL)
,
Internet. ,
(Telnet, rcp .) -
( . OpenSSH)
host . ,
( . IPSEC, WPA .),
.
- (fabrication).
(Man in the Middle attacks) – 1
Web spoofing,
» ( .
phishing . )
, . .
3. (password storage)
, (password
file), , ,
(server). To ,
(dictionary attack)
( . password crackers) .
. « »
, ,
« » ( )
.
(dictionary
attack), . ( .
L0phtcrack) :
40
,
.
Offline
O Mallory
(« »)
.
/etc/passwd, SAM file)
H o
Mallory
, .
administrator
Mallory
(cracking software)
: pwdump, L0phtCrack,
John Ripper, Crack …
(dictionary attack):
(hashed)
(password file).
(word lists -dictionaries)
. , , ,
, « »
. , ,
(password cracker)
« » « »
. (
hash)
, .
hash
1 hash -1
2 hash -2
3 hash -3 ,,
4 hash -4
… …
… …
… …
… …
… …
n hash -n
http://www.csse.monash.edu.au/courseware/cse2500/ppt/Authentication.ppt
41
:
. , hash (hash function)
,
. hash, ( )
(one way). , (
)
.
« » .
(brute force).
brute force,
. ,
« » .
2.2.2, ,
«brute force». ,
, brute force
. brute force
(update)
.
( )
.
[a,b] 2,
:
3, =
26 ( .
), :
2 26 26 = 676
3 26 26 26 = 17576
96 ( .
: 52, : 10,
: 34),
8 96^8 = 7213895789838336
42
: (Schneier, 2000). ,
(brute force) ,
. ,
, ,
« » . L0phtcrack ,
Windows NT.
(« ») Pentium II 400 Mhz, L0phtcrack
7- ( ) 5.5 ,
7- ( )
480 .
2.2.2
• 8
• :
- (A-Z)
- (a-z)
- (0-9)
- (!, @, #, %, : .)
•
• ( )
• …
password
6 ., & .)
(passphrase)
“It’s 12 noon and I am hungry” I’S12&IAH
): « 8 .
. 1 …»
,
,
. ,
,
43
:( ) ( )
.
–
[1]
30%
– cracking software)
2 10%
; …….
M$8ni3y0tmd@
« »
,
:
(8) .
.
, , ,
( . "123456").
, ,
, ( .
"X34JAN"
"X34FEB" ).
44
:
-
-
-
- ( , )
(180) .
. ,
(5)
.
- (10) .
- (90)
password filter) ,
. :
• (
)
• ( ) passwords
• (
)
• …
: (cracking),
.
( .)
(shadow) : UNIX,
(password file) /etc/passwd.
45
,
(world readable) .
( ).
, ( )
.
(shadow).
(
Online): To IDS/IPS ,
online .
, ( .
),
,
(DOS),
,
. ,
:
, .
(
),
. manos01 ,
manos02 .
http://www.albany.edu/~goel/classes/spring2005/msi416/password.ppt
46
.– Salting
salting
. :
1) O .T (salt:
[1 – 4096])
salt, hash.
To , salt.
2) : .
, salt ,
. ,
hash,
salt. (hashed) .
,
.
: (password file)
.
( salt ),
hash [ 1, salt], [ 2,
salt]….[ , salt]. , (« »)
, .
« » passwords ,
( ) 4096
( ,
4096 salt).
salting .
: hash ( 6).
(hashed)
salt, .
dictionary attack ( brute force).
2.3
2.3.1
.
. ,
,
,
(physical security) .
: (Identity Verification):
,
» (matching). :
47
;
: (Identification):
, « ».
:
.
,
. ,
(identity verification) ,
SYA (Something You Are).
( ) :
•
,
• ( . - )
,
• ( ).
: ,
.
. ,
. , ,
.
.
:
, .
,
. ,
,
( ) .
, .
: (lossy):
,
.
48
:
:
( ) ,
(server), (workstation)
.
: « » ,
. ,
.
(background) ,
, . ,
,
: ( . ,
, )
( . , , ).
( . , )
.
49
FAR –
FRR –
[2]
(tradeoff)
100%
.
( , , , ,
, , )
. , ( ) 100%
, ,
( – False Rejection).
, « »,
. ,
( -
False Acceptance).
FRR FAR .
(security threshold)
FAR FRR,
. ,
: ,
, .
• ,
, FAR
.
, .
.
50
• ,
, FRR ,
. ,
FRR.
http://www.csse.monash.edu.au/courseware/cse2500/ppt/Authentication.ppt
d
Non-matching
prints
Matching
Threshold
Matching
prints
. ,
.
, ,
( ) .
(fingerprint)
: &
:
(optical readers)
(Silicon chip)
(ultrasonic)
51
2.3.2
2.3.2.1 (Fingerprint)
.
60
.
:
.
.
(readers) :
• ( – optical):
( LED)
.
• (Silicon): To
(pixels) -
pixels ( )
( 500 dpi).
pixels.
(chips) ,
( . , ).
Minutiae
www.cis.rit.edu
52
• (ultrasonic):
(
). ( )
.
,
( «Minutiae»)
, ( )
. 30 ,
1 .
8-10 ,
.
:H
, &
. ,
( , ).
:
, , , ,
. ,
, .
200 ), .
(accurate) :H
DNA.
H &
2 : 1:1052
(replay attacks):
10-40 . (IR)
http://www.globalsecurity.org/security/systems/eye_scan.htm
53
: (
) .
, .
:
, (replay
attacks) – . .
:
. ,
, ,
.
:
.
. ,
, ( .
).
(Retina)
laser)
&
(identity verification)
2.3.2.3 (Retina)
. . ,
( , laser) /
.
.
,
. ,
54
.
.
:
( , . ).
( 400 ),
(<100 B),
, .
: ,
.
.
,
,
, laser ).
:
,
.
(Hand Geometry)
Accuracy Moderate
Acceptability Moderate
: http://www.montgomerycollege.edu/faculty/~cchiang/public_html/nist.ppt
, , )
,
:
: »
FAR 3% - FRR 10%
(identity verification)
: ,
.
: ,
.
55
( . , , ,
).
,
.
: ,
, .
:
. ). ( . )
( . , , , , ).
,
:
, ( .
).
( . , , ).
(facial recognition)
»( )
:
, ,
:
&
FAR . )
(life detector)
)
( – speaker recognition)
.
( .
56
),
.
: H
, .
). , ,
.
:
,
( :
,
17 cm)
(Speaker recognition)
www.eie.polyu.edu.hk/ ~mwmak/SpeakerVerSys.htm
(speech recognition)
,
»)
)
FRR)
, , ,
: ,
« ».
, ( )
. ( .
). ,
, .
57
:
( . ) ( ,
, ).
:
, .
(challenge-response):
( . ).
, ( )
.
(Palmprint)
http://biometrics.cse.msu.edu/
(Hand vein)
http://www.cedar.buffalo.edu/~govind/CSE666/presentations/cse666/hand_vein.ppt
DNA
http://perso.wanadoo.fr/fingerchip/biometrics/types/ear.htm
(nail bed)
(body odor)
http://www.nail-id.com/
58
2.3.2.6
• –
. .
• - o
( )
.
:
’
. .
• . ,
,
.
. .
• DNA. .H
DNA ,
.
( ,
10 ).
• .
. .
• . .
2.3.3
2.3.3.1
(
. 3-10 ) .
.
(dynamics)
.
, ,
, .
. ( )
, .
59
:
, , …
: , , z)
, ,…
: »
&
. ,
(
)
.
,
- .
: – ,
. ,
( )
, .
Accuracy High Moderate Moderate Very High Very High Low Low
Security Level High Moderate Moderate Very High Very High Moderate Moderate
Intrusiveness Touching 12+ inches Touching 12+ inches 1-2 inches Remote Touching
User Time 2-3 seconds 3-6 seconds 2-3 seconds 3-6 seconds 5-9 seconds 4-7 seconds 4-6 seconds
Potential Dryness, Dirt, Lighting, Hair, Hand Injury, Poor Lighting Glasses Noise, Colds Changing
Age, Race Age, Glasses Age Signatures
Interference
http://www.montgomerycollege.edu/faculty/~cchiang/public_html/nist.ppt
60
2.3.3.2
(keystroke dynamics) –
(
)
(log-in) ,
( & ).
, hardware.
) vs ..
1
Affordability >>
Accuracy >>
http://www.csse.monash.edu.au/courseware/cse2500/ppt/Authentication.ppt
2.3.4
: 1
. ,
: , , , , ,
.
61
:
–
;
(Universality)
To ,
»
&
, &
,
FAR FRR
, ( .
» « » )
(security threshold)
. ,
,
. ,
,
.
, ,
: :
,
).
.
, PIN password. ,
, /
, . ,
(replay attack) « »
.
(challenge-response)
,
, ( . –
).
62
. ,
( . SSL
)
. « »
,
.
( .
), . ,
,
« » (reader)
.
« »
.
(smartcards).
(tamper-resistant)
(template)
, ( )
.
..
passwords
(replay attacks)
(liveness detection)
challenge-response
, ,
: Internet
(tamper-resistant smartcards)
Tamper-resistance: ,
).
:
, .
. ,
.
. ,
.
63
:
;
PC…
…
;
;
: (
PIN)
.
64
3
3.1
.
» (passive) ,
.
»
( . ),
« »
.
. ( )
« » (active)
/ . ,
(write)
.
:H
, -
( . , ),
(
).
. , ,
. (fault-
tolerance) .
( ) ,
, .
(Authorization). 2( )
, ( .),
«
;». ,
, ;
,
;
, (Authorization)
.
: ,
. .
. ,
65
, . .,
, ,
‘ . ,
,
,
. , ,
,
, , (services)
, , , hardware
.
.T
( ).
,
. :
), ( ), .
: , ,
( . ).
&
(Authorization)
(objects) , , ,
, hardware,.)
(Subjects)
, ,
, hosts..)
, , ..
Web, …
: ,
(user names).
.
.
66
.
,
, (
; ;)
/ .
.
op on o op
s Reference
o
s monitor
s? op
s
o?
s?
.
MAC, DAC, RBAC.
(Reference Monitor).
. ( – kernel),
, , .
,
-
,
.
67
(clearance) . ,
MAC ( )
,
( . , , ,
).
, (kernel)
3.2 « » DAC
,
- (owner)
.
( ).
» ,
. , , ).
. T
DAC
, , )
.
68
»
Discretionary Access Control (DAC)
) )
a) ..
b) ..
,
. , , )
a) ..
b) ..
. (
)
.
, .
DAC –
1: (passwords biometrics)
2:
) ;
[i,j] i
j r – read, x – execute, w, write, o- own
file1 file2 program1 file3
User2 rx x - -
Program1 rx r r w
User 3 rx r r r
(Access Control Matrix)
– 50.000
300 50.000 X 300 = 15.000.000 .
.
« »
: ) (user groups)
69
(RBAC)
, )
( - ACLs) (
- Capability Lists).
DAC –
(ACLs)
…
(Scalability)
:
(ACL)
(Capabilities)
: «
;»
« ;»
DAC – (Groups)
(group)
,
(user group)
,
S1 S2 S3 S4 S5
G1 G2 G3
O1 O2 O3 O4 O5 O6
70
DAC .
(identity) (user
group) :
( Guest,
Administrators, )
,
. « »
.
. .
. DAC
. .
( ,
),
. ,
( )
, . .
: DAC
, .
: «
;»
.
(User Group).
.
(Access Control Matrix) .
DAC –
Plotter – Print
Printer1 – Print
Printer2 – No Access
Accounting.xls – Full Control
Accounting.doc – Read, Write
Payroll.xls – No Access
Clipart – Full Control
71
,
,
.
(group policies) Windows 2000 Windows 2003. ,
,
, ,
.
(Windows) – Windows
NTFS,
(partition) , (ACL).
(user groups) (
) ,
. NTFS
(partition), ( )
(format) NTFS.
NTFS:
• (Read): ,
• (Write):
• (Modify): , , ,
• (Full Control) – , ,
(owner)
( )
(folders) . ,
NTFS
,
( « » -
).
72
DAC –
(ACL) Windows XP Professional (NTFS)
(multi-user)
.
: « » (cumulative).
. (Deny)
.
, .
(Read) ,
,
.
- : Windows NT/2000/XP
( . )
web (
).
. ,
(RBAC)
.
73
DAC
(Deny) NTFS
http://securitytf.cs.kuleuven.ac.be/teaching/ClassicAccessControlTechniques.ppt
3.2.2 Unix
( Unix).
UNIX . Unix,
(ACLs). ,
(permissions)
( ),
(group), (world).
, 10
. (
«-» , «d» ). ,
3 3
, ,
).
(-) (r), (w)
(x).
• – Read ( ):
• – Write ( ): ( & )
• – eXecute ( ): (
).
(directories).
74
• – Read ( ):
( . ls)
• – Write ( ):
( . , ).
DAC -
(ACL) Unix
1 : .
2–4 : (owner).
5–7 : (group).
8 – 10 : Ta (world).
:
, .
, ,
.
• - eXecute ( ):
( ):
• ,
. ,
. ls, (
cd)
.
• ,
( cd)
( .
),
( , ,
). ,
75
& (r-x) ,
).
3.2.3 DAC
DAC ,
Web-based
,
.
, DAC
,
( , ).
, .
,
,
, DAC .
DAC ,
.
, »
.
(Trojan Horse)
.
DAC -
(Trojan horse attack)
(NCSC, 1987):
(ACLs – ).
» Robert (classified)
76
. Robert
Robert. , « » Ivan
Robert. Ivan, o
,
Robert, .
, ( , – wrapping-
): Robert
, trojan ( Robert)
Robert Ivan. Robert
, .
3.3 « ’ » MAC
« ’ » (MAC).
,
( ) (Multi Level Security -
MLS). ,
( ) . ,
MAC :
1. .
(classification security labels).
(sensitivity)
– µ µ
.
2. .
(classification security label).
µ .
, (labels)
.
MAC
. µ
,
( . DAC,
).
µ .
77
3.3.1 Bell-LaPadula
MAC µ
.H « ’ »
Bell LaPadula. ,
-
.
).
. :
• ,
, ,
,
.
• ,
,
,
, .
»
Mandatory Access Control (MAC)
Bell-LaPadula
(confidentiality)
1.
2.
*- )
Biba
(integrity)
1.
,
2.
: (o
Bell-LaPadula)
.
( - trojan)
, ,
.
,
,
.
78
Bell-Lapadula ,
.
3.3.2 Biba
To Biba.
.
. ,
. .
. :
1. ,
,
, ,
.
2. ,
, ,
,
.
: Biba
.
« » (download) Internet
(virus). ,
’ . , o
( )
( : )
. Biba (1 )
. ,
(2 ).
: 2 .
,
.
,
.
79
»
Mandatory Access Control (MAC)
–trojan»
(Bell-LaPadula)
(Biba)
Internet)
3.4 (RBAC)
« ». ,
(roles):
.
:
DAC uniform
Athos palace
RBAC Porthos
Aramis Musketeer uniform
D'Artagnan
weapons
http://my.fit.edu/~tgillett/swe5900/week1/Access%20Control%20Concepts.ppt
• .
, ,
80
, .
, ,
.
• (
).
.
.
: ,
, (least privilege),
:
. Web,
. WEB, .
, . ActiveX,
« » ( )
WEB.
»
Role-based Access Control (RBAC)
, »
, ,
,
, »
,
»( )
-
DAC,
,
( )
. ’ ,
: . DAC,
O (user group)
. RBAC,
81
,
.
RBAC
:
• MAC:
,
. DAC,
.O
,
. RBAC
,
(least privilege).
• DAC.
,
.
.
,
( ).
, ,
.
( ,
). ,
DAC,
:
, .
Role 1 Server 1
Role 2 Server 2
Server 3
Role 3
http://cs.uccs.edu/~frsn/docs/RoleBasedAccesscontrol.ppt
82
. RBAC,
. ,
.
,
.
,
.
: “ ” “ ” /
. . ,
, .
83
4
4.1 (Malware)
( )
, .
( ) ,
: ( . ,
)
( , –
updates ).
(payload). ,
:
• : (« »
).
• :
( . )
1998: Chernobyl
2000: ILOVEYOU
2003: Slammer, Blaster,…
… 2006: Botnets, Wikipedia attack, Myspace/XSS, Storm worm
. ,
, .
, :
1. ,
, .
84
, . KLM\Software\Microsoft\
Windows\CurrentVersion\Run,
2.
,
3.
. ,
Antivirus . C:\WINDOWS\SYSTEM32\
DRIVERS\ETC\hosts « » IP
Web,
« » .
4.1.1 &
(virus).
.
(
– Worm) ( .
USB flash disk ).
O Fred Cohen, to 1985 (F. Cohen, “Computer Viruses”, ASP Press, 1985)
«….
… ».
: , ,
. ,
( ).
(Worm). , ,
,
( . - WAN) Internet
(IRC chat, e-mail, newsgroups, ).
(Trojan Horses).
, ( ’ )
, .
, Trojan (backdoor) ,
’ . trojans
,
.
Spyware – Adware. -
(
85
), -
(spyware), (adware).
,
(
Web
).
Rootkits. , rootkit
.,
- stealth
, firewalls antivirus. rootkit
,
(backdoors)
.
ots – zombies.
(botnet) ’ ,
(DDOS attacks),
( )
. «bot»,
( ) «robota»
( . IRC bots).
bot «zombie». –
zombies DOS Web,
spam,
(phishing) .
: …
It is estimated that approximately 150 to 200 viruses, Trojans, and other threats
emerge every day.( : McAfee® AVERT® Labs, 2007)
– .
:
86
• .
.
,
( . mail Worm).
• Web ( html).
Web ( )
, 5.
• .
(Instant messengers, Internet telephony, video conferencing,
IRC clients) (newsgroups),
(Peer to Peer)
TCP/IP.
(buffer overflow) Worms
. , ,
, (
). ,
(shared)
(P2P).
. (payload)
:
• , ( : adware)
• , (dialers)
( : trojans, spyware)
• , , ( : , worms)
- ,
- (
) Internet ( P2P)
- .
- (boot sectors),
(FAT), (partition tables).
87
• « » (back door) ( )
( : trojans, rootikits, zombies)
• ( :
worms, bots- zombies)
- ( , )
- (bandwidth)
- ,
DDOS (Distributed DOS).
4.1.2 « »
– .
.
« » .
,
( memory-resident),
» .
,
( –
antivirus), ( ) .
.
.
, ( .
e-mail
).
http://oncampus.richmond.edu/~dszajda/classes/cs395_computer_security/Fall_2004/slides/MaliciousLogic.ppt
88
.( : McAfee Inc. AVERT library). Vienna
, .
Vienna .com.
Vienna, .com
( ).
, ,
.
»- (parasitic, file-infecting)
H
http://oncampus.richmond.edu/~dszajda/classes/cs395_computer_security/Fall_2004/slides/MaliciousLogic.ppt
integrate A V A V A V A V A
Pre-pend Append Overwrite
: To Jerusalem (1987)
(logic bomb).
, . 18.00, 13 .
, ( ) DDOS
. Jerusalem ,
, 13.
: .
.
– boot sector.
(boot sector) (partition).
.
« » . boot sector
MBR (Master Boot Record)
.
& :
. .
89
: ,
.
boot sector
.
: Boot Sector
(bootable). ,
BIOS USB,
.
– (Multi-partite, Hybrid).
. ,
boot sector .
« »
.O
: , .
.
, ,
.
:
. ,
) ,
, ) e-mail
,
multipartite ( trojan worm).
spyware & adware, virus Trojan, virus worm .
90
, .
.
, FAT . FAT ,
, ( )
. . FAT
, .
« »
, .
, .
,
.
stealth:
,
: DIR-II). « » ,
rootkit.
O Melissa (1999)
http://www.heise.de/ct/99/08/017/bild.gif
91
- .
(macros).
, . VBA (Visual Basic for
Applications)
. Word, Excel, PowerPoint, Access)
. ,
Word ,
: ) , )
Arial, ) 14.
.
: .
,
. ,
. ,
,
: PC MAC.
: .
( .
Auto-open). ,
.
:
(templates)
.
: (
: Melissa e-mail,
Word .
:
» ILOVEYOU
: worm
IRC client ( )
: : McAfee
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Win32DLL=WINDOWS\Win32DLL.vbs )
: JPG, JPEG, MP3, MP2, VBS, JS,,…
.. .vbs
: 45 . email (2000)
92
4.1.3 (Worms)
vil.nai.com/vil/ content/v_131868.htm
- Worms. Worm
, .
–
,
.
( . e-mail, IRC,
LAN P2P), ,
,
.
Worms, Scanning Worms,
( . Code Red, Slammer, Blaster )
: worm
, ,
, .
.
ANNAKOURNIKOVA.JPG.VBS (2001),
http://www.f-secure.co.jp/v-descs/v-descs2/onthefly.htm
93
: worms ,
, ,
.
www.ciac.org/ciac/ bulletins/l-117.shtml
250.000 -9 : CERT)
: DDOS www.whitehouse.gov
: . (buffer overflow)
: (DOS),
.
.
(input) ,
.
»
, EIP
HE
: (DoS)
1.
+ http://www.usenix.org/events/sec03/tech/full_pa
pers/cowan/cowan_html/pointguard-1.gif
2. EIP
3.
: (privileged)
return
address write to A: my_address
value2
value1|
value2| value1
buffer for
my_address
variable A
94
, , ,
, , .
(input) (
& )
. . « »
, (overwriting)
EIP (stack),
.
,
. EIP
, ( DOS).
: o Blaster. , worm
DCOM RPC
Windows XP Windows 2000.
(HOST) 135 (TCP) – ,
.
« » (remote shell) 4444 .
HOST «tftp get»
. tftp (trivial file transfer
service) 69 (TCP) HOST, msblast.exe.
, (registry) msblast.exe
. :
, HOST
.
:
Blaster (worm) – 2003
http://www.upenn.edu/computing/virus/03/w32.blaster.worm.html
95
RPC.
Blaster. H Blaster
Internet
(patch) Microsoft.
,
,
RPC, .
,
: CERT):
• O H/Y
• (Task Manager) Windows,
msblast.exe
• RPC,
• firewall ,
(port) 135/TCP
• ,
Microsoft
: antivirus (update)
( msblast.exe) ,
(patch) windows ,
(
).
» Slammer.. (2003)
H
, .
96
, (
) .
,
.
(Trojan Horses)
: »
http://cse.stanford.edu/class/sophomore-college/projects-01/distributed-computing/assets/images/trojan-horse.gif
: : backdoors
Tini
»
,
(telnet) 7777
Netbus, Netcat
Back Orifice 2000,
Subseven
: .
: ,
.
( . , ). ,
. ’
( )
spyware, adware, dialers, Rootkits, (
– multipartite ).
(Spyware Adware)
.
,
(spyware) ( ) .
(trojans),
.
: spyware / adware :
• freeware, shareware
• (trojan)
97
• ( . ActiveX)
Web.
Spyware - Adware
http://en.wikipedia.org/wiki/Image:Benedelman-spyware-blogspot-2a.png
Spyware:
. (
) , (Usernames),
(passwords), TAN (Transaction Authorization Number), ,
, .
keylogger
( ) . e-mail .
spyware adware
Internet,
.
: dialer
spyware. , ,
98
browser hijacking), Web,
( ) (web spoofing), .
Hoax -
http://securityresponse.symantec.com/avcenter/venc/data/watching.hoax.html
Subject: FW: VIRUS
IMPORTANT, URGENT - ALL SEEING EYE VIRUS! PASS THIS ON TO
ANYONE YOU HAVE AN E-MAIL ADDRESS FOR. If you receive an email
titled "We Are Watching You!" DO NOT OPEN IT! It will erase everything on
your hard drive. This information was announced yesterday morning from IBM,
FBI and Microsoft states that this is a very dangerous and malicious virus,
much worse than the "I Love You," virus and that there is NO remedy for it at
this time.
Some very sick individual has succeeded in using the reformat function from
Norton Utilities causing it to completely erase all documents on the hard drive.
It has been designed to work with Netscape Navigator and Microsoft Internet
Explorer. It destroys Macintosh and IBM compatible computers. This is a new,
very malicious virus and not many people on your address book will know about
it. Pass this warning along to EVERYONE in it and please share it with all your
online friendsASAP so that this threat may be stopped.
(Hoax). « »
.
: ) (bandwidth)
, ) e-mail ,
E (DOS)
(mail servers), .
, Hoax
command.com.
.
4.1.6
Internet. Internet ,
90 ,
. 1999 Melissa
. , ,
Worm. T worms
, chat, instant
messaging, P2P ( ) .
99
wav,
.
(scripting languages). ,
,
.
(scripting language)
server ( . PHP, ASP, ) client.
(mobile code):
Javascript, Java Applets ActiveX.
, ,
.
.
. ,
(components) .
.
. Windows, (dll –dynamic
link libraries) (
UNIX: – shared libraries).
. ( )
.
plug-in Internet
, .
Internet
, : (Code
Isolation – . Java), ( .
ActiveX), . 5.
Schneier,
(Schneier 2001)
100
.
.
, Stealth,
.
( ) Stealth. stealth
, .
stealth Brain ( .
antivirus , Brain
« » antivirus).
( ) : antivirus
« » ,
« » .
Stealth. antivirus
(integrity checking) .
, antivirus
( .
Internet (patch) ).
stealth (memory resident)
’
( . patch). ’
« » anti-virus
.
Stealth. « » ,
« » ,
(Kernel) .( : Hacker Defender).
, rootkit :
• (registry): rootkit
( . « »
, : firewall-service.exe»)
101
–
Stealth
Stealth
(Rootkits)
Rootkits. (Administrator)
.
spyware, backdoors, bots, FTP servers .
Kernel API
:
» . ,
(
),
. system crash).
Stealth – .
antivirus .
(definition files).
-1
http://www.cc.gatech.edu/classes/AY2003/cs6265_fall/Polymorph_final.ppt
102
.
« » antivirus. ,
, antivirus
, . ,
. ,
« », .
( . « » -
). : ,
(pseudorandom number
generator), « »
.
: (Mutation Engines)
. Internet (
: Trident Polymorphic Engine)
Antivirus,
AntiSpyware
Firewalls
Patch, Updates
•
(Disaster
• Recovery)
• Fault Tolerance
…
4.2
1, «
»
, , .
(prevention),
(detection), (recovery) .
2
, 3
.
, , , /
( , , ).
, ,
103
.
.
. , Internet
,
.
4.2.1 Antivirus
Antivirus.
: . antivirus
. , ,
. ,
(LAN, Internet).
.
.
.
antivirus
, (
)
. « » (matching), antivirus
.
) (delete), )
(isolation, quarantine) (repair, clean)
.
Antivirus
Antivirus
user Application
Service
mode
kernel signature
Antivirus
mode Filter driver
database
File System
Driver
http://download.microsoft.com/documents/uk/technet/learning/downloads/security/Understanding_Malware_Spyware_Viruses_and_Rootkits.ppt
104
, , : antivirus
.
, -
Web). , antivirus
stealth/rootkits.
antivirus
heuristic scanning, behavior blocking integrity checking
.
.
( . –
false alarm).
( ) ( ) Antivirus
• Interface & .
, . ,
. ,
antivirus
(
).
• . antivirus
(real-time
protection). antivirus
(background),
,
.
• ,
,
antivirus
(virus definitions).
),
.
• . antivirus
(
).
.
• . antivirus (scheduling)
,
.
• : boot sector,
. ,
antivirus
105
.
boot sector ( ) ,
(overwrite) .
• (event logging).
Antivirus.
• (heuristic) . ( )
. ,
( )
, .
Office,
, ,
, . H
(proactive), « »
.
• (integrity checks). ,
,
(checksum). To
: bit
.
, hash
( 6-« »).
, antivirus
. ,
) ’ ( .
), )
.
• (behaviour blocking).
« » (sandbox)
Java.
’ ,
. ’
« - »( .
, , )
antivirus
( ) . « »
, (
).
, ) « »
, )
» , ) .
« » (reactive) antivirus
» .
106
: Avast Antivirus
• . antivirus
. ,
( )
, « »
P2P,
(chat, –
instant messaging), Web, . ,
antivirus
firewall, (IDS),
( ) spyware-adware.
Antivirus –
http://www3.uwm.edu/security/
(logic
bombs) ,
(ports)
spyware – adware
107
: antivirus .
.
( )
antivirus. ,
,
, antivirus
– . , antivirus
/
,
( . firewalls).
antivirus
firewalls,
(IDS), Spyware-Adware, ,
backup ..
4.2.2 Firewall
”.
,
, ,
(firewalls).
. firewall
. ,
.
.
firewall,
.
firewalls TCP/IP,
packet filters ( ) application
gateways ( ).
108
: Kerio
1.
(packet filter rules)
.
2. ,
. packet-filter firewall IP,
TCP, UDP .
• IP , IP
• (Port) ,
• ( & )
3. .
, .
4. « » ,
.
5. ,
.
6. ,
• :
• :
109
: , firewall
. firewalls,
, , « »
firewall. firewall « »
.
: Kerio
: , firewalls
( ),
) ( )
(Internet).
: Kerio
110
Application Gateways. firewalls application gateways
« »
TCP/IP. ,
)
( . HTTP, DNS, SMTP, ).
application gateway .
application gateways «
& ».
: , firewall
:
• ( service)
•
(
« »
)
•
(
antivirus).
: Kerio
, firewall
» « »
firewall. ,
111
web ( . cookies, pop-up,
, – IDS).
: Kerio
- .
(packet header)- ( .
, (protocol numbers)
(port numbers).
,
.
(stateful packet inspection). , .
SYN (Sequence
Number, TCP) .
,
, (hackers)
. , ,
. scanner « »
( ) (epxloits).
, ( .
Windows XP Professional SP2) ( )..
(remotely):
(sites), ( .
symantec.com), ,
.
112
Vulnerability Scanners ( )
: Baseline Security Analyzer
scanner ( )
.
» , ( )
. ,
( )
(Intrusion Detection System).
: « » (preventive) ,
scanner ,
.
: scanner , ( ,
« » , . 80-web, 25-mail )
(remote access).
(back door) root-kit.
,
. ,
100% .
( ) (hardware),
(insiders)
.
113
: Snort
http://www.linuxsoft.cz/screenshot_img/1971-a.jpg
, IDS
(logging and audit) « »
( ). » (host-based) IDS
« » ( .
, ( ), port
scans, , DOS),
(NIDS) IDS, firewall
(port scans,
DOS ). IDS :
1. (Misuse Detection). ,
IDS ( )
,
» .
IDS
« » antivirus.
.
114
-
-
-
-
.
: , « » (heuristic)
, .
(false positives) (false negatives)
. = ).
: , IDS
.
(alarm & monitoring systems)
« » .
(reactive) IDS
. ,
firewall (
) ( ) « »
. IDS
(Intrusion Prevention System / IPS).
4.2.5 (Backup)
( . ,
, ),
.
(backup data). (original)
, .
115
: Windows backup
, :
- ( .,
) , .
, ,
, (hacking) ,
, (cracking).
: Norton Ghost
116
- ,
, , ,
( . ).
:
. , ) ( . CD-R, DVD-R, ).
(remote backup).
(backup software). To
.
(backup policy).
,
,
.
117
5
5.1 (Mobile Code)
.
html,
(client) – . Javascript, ActiveX, Applets, VBscript,
( . ASP, PHP, CGI ),
. Web, ,
,
,
, .
. Web
( )
. ,
( . ).
(scripts) – JavaScript,
VBScript, Java applets, ActiveX, SWF
(flash) Office.
: ,
Internet Explorer MAC
Firefox PC. ,
, .
Java applets
Java . Java
.
(Java Virtual Machine, JVM),
. Java
. applet java, ,
,
. Web Java applets (interpreted)
( . Internet Explorer, Netscape, Opera, Firefox)
(client). applets
web-based , animations, & , ,
, .
. applet « » (sandbox)
( ) . , applet
( ) ,
, .
Java, « »
(Security Manager).
Reference Monitor : Security Manager
» applet
118
( . ,
, ) ,
applet. , applet « » site
applets.
: applets
, ActiveX,
. applets
(sandbox), . ,
,
(Public
Key Infrastructure) Internet.
- Applets
http://detective.internet2.edu/applet/detective-certificate-warning.jpg
http://www.augustana.ca/~mohrj/courses/common/csc120/slides/Ch04/images/applet-in-browser.png
ActiveX
. Web, ActiveX ,
Web ( applets,
ActiveX
– . ), .
, ActiveX
Word Excel ,
.
119
& . ActiveX
. , applets, ActiveX
, « »
. ,
Authenticode, ActiveX
Web, ,
( 6).
’ ActiveX (
),
,
. ,
( DAC).
ActiveX (
, . signed applets)
.
.
, ,
–
.
– ActiveX
http://www.researchtechs.com
http://www4.dogus.edu.tr/bim/bil_kay/prog_dil/activex/06axu13a.gif
JavaScript
120
. , JavaScript
(forms) Web
. ,
), ,
Javascript. , JavaScript
( .
pop-up) . , Javascript
« » ,
,
( . ).
, Cross-Site Scripting (XSS),
.
: worm Nimda ( 4)
html Web server ,
JavaScript: Web,
« » eml ( Outlook Express)
worm.
!!
.
Web.
,
. Internet Explorer ,
: Internet (
), (zone) (High) ,
(Custom)
ActiveX.
121
(JavaScript, applets ).
, :
• ,
Web,
•
.
4, ’
.
- ActiveX
122
:
.
. « » Internet Explorer).
5.2 Cookies
Cookies. cookie
( . JavaScript CGI)
.
cookie ( ) ( ) .
.
( .
,
),
. (persistent) cookies
« » ( , )
. ,
cookie web server
. ( ) cookies :
1. , (counter)
( cookies)
2. ( ) , web server
» password ,
( . web mail
)
3. , ,
« ».
cookie ( ) « »
. ,
Web. .
(« »)
,
.
4. ( )
.
, ’ ( .
customisation – ) .
123
»
( -personalization).
(persistent) cookies.
5. ( ,
, )– cookies.
“cookies” –
cookie HTTP
»
server
. cookies
, ,
Web. Web,
,
,
.
domain. , .
( )
domains banners,
.
124
cookies .
cookies .H cookies
(cookie theft). « »
cookie
, . personalization,
( ).
, . Web
mail cookie,
.
Cookie Poisoning. , « » -
cookie, server
. cookie poisoning.
, cookie
,
.
Cookies
125
Cookies
(e-
mail) . o e-mail
Internet, , -
( ) . ,
e-mail .
:
: e-mail
.
: To
.
:
« ».
:
. ,
Internet ( , e-mail),
.
e-mail.
, ,
(mail servers). O
,
126
(username – ),
(password) « » .
, « » ,
:
. , ,
. , worm
(address book)
, Internet.
. SMTP POP,
mail server
. , ,
( ) ,
( ) ( ).
(outgoing mail server) Internet
, ( )
(routers)
(incoming mail server) e-mail .
:
• . mail
servers routers ,
. hardware) « » ( .
– sniffing).
( . ,
).
, (
) .
• .
.
.
mail server e-mail,
( . client mail server
POP – Post Office Protocol). ,
• , ,
.
• e-mail
(backup policy).
web mail
, web server
.
. ,
127
, ,
(hacking) mail server.
.H
, ,
. (spoofing),
(phishing), (spamming),
Worm,
,
, e-mail .
, PGP.
1. Alice Bob, ,
( )
.
2. H Alice M ( ) KS
.
3. Alice KS
Bob, eB. Bob Alice.
4. Alice ,
, Bob, Internet.
5. O Bob dB
,
KS.
6. O Bob KS
M. O
.
128
PGP:
+ (concatenation) - (deconcatenation)
m
KS
KS(.) S
eB Bob dB Bob
eB(.) eB
dB(.) dB
1. Alice Bob, ,
( hash )
.
2. H Alice hash M
hash.
3. Alice hash
dA
.
4. Alice M, hash
Bob, Internet.
5. O Bob Alice, eA
hash.
6. O Bob hash M,
hash . ,
.
129
H PGP (Pretty Good Privacy)
+ (concatenation) – (deconcatenation)
m
(.) (one way hash)
dA(.) . ) dA
KS(.) S
e (.) e
: ,
.
,
Advanced Encryption Algorithm (AES), 256 bit.
5.4 TCP/IP
,
. ,
, :
.
;
. ,
.
« » ,
. « » ,
,
, « » .
130
TCP/IP (
)
(layered approach),
.
,
,
, :
1.
2.
.
« »
. - ,
-
. ,
.
( ) TCP/IP
Internet.
« » Internet,
TCP (Transmission Control Protocol) IP (Internet Protocol).
TCP/IP.
,
(Application Layer), ,
(
, Web, e-mail)
..
(transparent) .
131
,
TCP/IP.
DNS
http://gaia.cs.umass.edu/security/slides/SK-DNSSEC.ppt
Question: www.cnn.com
dns.cs.umass.edu
www.cnn.com A ? .
lab.cs.umass.edu 1 2
ask .com server
www.cnn.com A ?
stub the ip address of .com server
resolver xxx.xxx.xxx.xxx
resolver www.cnn.com A ? 3
.com
ask cnn.com server
the ip address of cnn.com server
5
add to cache 4
www.cnn.com A ?
xxx.xxx.xxx.xxx
www.cnn.com cnn.com
, o
lab.cs.umass.edu www.cnn.com.
, Internet ,
IP. DNS
www.cnn.com IP.
2. dns.cs.umass.edu IP www.cnn.com,
root servers
DNS ( DNS). root server
, resolver (authoritative) DNS server
domain .com.
: DNS server IP
host, (cache)
: ( DNS –
132
IP) . , (reset)
, .
DNS. To DNS
. (host) “ ” (address
lookup queries) DNS server, domain
IP. host DNS
,
. DNS, host )
DNS server ) DNS server « »
(honest). .
1. ( IP) host,
DNS server,
» (cracker). ,
DNS server cracker,
.H IP
cracker ( . phishing attacks
), (
-DOS).
: , o cracker :
- host « »
cracker ( .
IP primary DNS server TCP/IP).
- (router) : ,
, DHCP
host
DNS server . cracker
DHCP hosts
cracker. H
DHCP spoofing.
:
DNS, DNS server domains sub-
domains DNS server
. « » ,
.
133
DNS
domain
, DNS servers
. domain
IP, “ ” (address lookup query)
DNS server. hosts DNS
servers, servers
. host
server) IP domain ( ,
). “ ”
(reverse lookup query). , host/servers
: .
, o host ( DNS server)
IP domain (reverse lookup).
, , ,
server . hosts
IP, IP
hosts, DNS servers.
cracker
DNS servers domain.
DNS. To
DNSSEC, DNS Security.
134
DNSSEC
DNS servers . DNSEC
:
1. DNS («
DNS server ;»)
2. («
DNS server;»)
3. (key management)
,
DNS servers.
DNS server ( ).
DNS server
DNS server (resolver) DNS,
.
. , resolver
,
.
DNS server, . S,
resolver R, R ( S) S.
S ; R
S S;
DNSSEC
http://gaia.cs.umass.edu/security/slides/SK-DNSSEC.ppt
Question: www.cnn.com
dns.cs.umass.edu
www.cnn.com A ? . (root)
lab.cs.umass.edu 1 2
ask .com server
www.cnn.com A ?
SIG(the ip address and PK of .com server)
stub by its private key
resolver xxx.xxx.xxx.xxx
resolver www.cnn.com A ? 3
.com
ask cnn.com server
SIG(the ip address and PK of cnn.com server)
5 by its private key
add to cache 4
www.cnn.com A ?
SIG(xxx.xxx.xxx.xxx)
by its private key
www.cnn.com cnn.com
. , server
server- , servers
« » server
135
. . servers
domain .com
(authoritative) server domain. , servers
» root servers. ,
(trust paths),
(Public Key Infrastructure – PKI).
: DNSSEC (secrecy,
confidentiality),
.
& ,
( ) .
TCP/IP
Sniffing
LAN ( . Spoofing
) IP MAC
. )
DDOS, DDOS
(Hijacking)
. TCP Hijacking
. Routing attacks –
http://www-128.ibm.com/developerworks/websphere/library/techarticles/0504_mckegney/images/figure4.gif
. (packet sniffing)
( . )
E .
:
(Hub), ,
(broadcast).
, LAN.
(NIC) LAN MAC
,
.
. Internet, MAC
MAC .
136
TCP/IP
Packet Sniffing ( )
(switched networks)
) -IPsec, SSL, ssh,…
: one-time passwords, challenge-response,
(packet sniffing)
. , ,
. ( . Ethereal, dsniff)
» (insider) hacker
LAN,
.
. ,
( . e-mail).
(Active sniffing)
Packet Sniffing switch -
ARP Spoofing
Arpspoof
Arpredirect
WinARP
Ettercap
Hunt
137
. - bridge – switch),
. ,
, ,
(MAC). ARP Spoofing.
: Internet ( )
.
( « »
), , ,
:
.
,
, hacker.
Case:
(Packet Switching)
, ).
IP spoofing. host
host TCP/IP. ,
:
: O host-
: host (o A )
138
X: host.
– . DOS, .
: host.
IP ( datagram)
, host
.
IP ,
host, . . IP spoofing
( . firewalls)
IP
. « » ,
. , ( )
. (Intranets, Extranets).
IP
host . , « »
http://www.bytefusion.com/products/ens/secex/spoof.gif
: IP spoofing, , (
IP
) : host A
, Z ( ).
IP spoofing ,
(
, ) .
(DOS) smurf SYN
flooding, .
139
0 16 31
1 Versio IH Type of Total Length
2 Identification Flags Fragmentation
3 Time to Live Protocol Header Checksum
4 Source address
5 Destination address
6 Options Padding
Data…
format IP datagram
. IP spoofing
firewall,
IPSEC, (
) IP.
.
(ingress & egress filtering),
firewalls. , )
( interface )
, )
( interface )
( 1),
hosts ( 2).
,
IP spoofing,
. ISPs Internet
, (
).
5.4.4
TCP.
(Transport Layer).
TCP (Transmission Control Protocol) UDP (User Datagram
Protocol). TCP (reliable)
end-to-end . ,
. TCP
PAR (Positive Aknowledgment with Retransmission).
, PAR ,
“ ”
. TCP
modules segment. segment
(checksum)
140
. segment
, (Positive
Acknowledgment) . ,
(discard). (time-out),
segment .
(handshake)
TCP
SYN FLOODING
SYN Flooding
TCP segment ( )
CP (connection-oriented).
end-to-end hosts.
, TCP modules
.
(handshake). TCP segment
bit Flags ( ) 4
segment.
Host A Host B
SYN
SYN, ACK
ACK,
. (three-way handshake)
handshake TCP
(three-way handshake), .
. host A
host B (segment) bit SYN (Synchronize sequence
141
numbers) . B
, (sequence
number) A
.
. host B
ACK (Acknowledgment) SYN bits. To
(ACKnowledgement) ,
. ,
o ,
.
. TCP
client server TCP segment SYN bit .
, server SYN/ACK
client, 32-bit “ ”
(Source Address) IP. client , ACK
server, .
(SYN ) TCP
,
) . , TCP
SYN, .
host- SYN/ACKs
SYN ( host X). , IP
TCP host , TCP
IP (
). , ( )
server ,
. ,
, . ,
time-out ( ),
, server
.
142
’ , host IP
(spoofed),
,
. ,
( handshake),
,
server . ,
, .
TCP/IP ( .
). , IP,
o IP ,
TCP/IP. IPSEC
.
ICMP_ECHO (Ping).
ICMP_ECHO (ping)
TCP/IP. standard format
,
. , firewalls
ICMP_ECHO.
143
Ping ICMP_ECHO host.
host “ ”
). ICMP_ECHO,
(payload). T
(timestamp),
ICMP_ECHOREPLY ,
ICMP_ CHO
(DOS) host / server.
H ping H ping
http://www.erg.abdn.ac.uk/users/gorry/course/images/icmp-eg.gif
Smurf, o « »
ICM_ECHO IP,
. , ICMP_ECHO
IP « » (IP spoofing)
–« ». (
) , ICMP_ECHO-reply.
« ».
144
Smurf attack
Ping (ICMP_ECHO)
IP
B
IP Spoofing
http://www.networkdictionary.com/images/SmurfAttack.gif
http://www.networkdictionary.com/images/SmurfAttack.gif
: -firewall,
IP (broadcast),
.
DDOS
http://www.cs3-inc.com/images/attack.gif http://www.f-secure.com/slapper/slapper_ddos_attack.jpg
(DDOS).
DOS,
( zombies). , « »
( )
( bot rootkit).
145
, worm
LAN - Internet. « » -
zombies DOS .
, . -zombies
(Logical
Bomb). 4
DDOS.
5.5
5.5.1 To SSL
SSL .
( ) .
, SSL
.
(intranets) Internet,
.
To SSL (transparent)
. SSL Web server « »
( ’ port 443) HTTP
(port 80). URL port 443 :
https://www.server.com. client ,
SSL ( « » - SSL handshake).
SSL handshake
. ,
SSL. handshake :
1. client ( ) server
(X.509) .
,
root (
). “ ”
(Certificate Authority).
2. client
MAC.
server
146
server.
client-server server-client ( ).
3.
hash ( ), .
client ( .
: AES, DES,.. – Hash: SHA, MD5 ),
server .( :
server
, .
).
SSL
To SSL
(Diffie-Hellman 1976)
1. O Bob Alice,
2. Bob
3. Alice e
4. Alice C
5. H Alice C d
6. Alice Bob
7. . Bob
5.5.2 IPSEC
IP SECurity ( 3
TCP/IP).
( ) ,
(transparent) . (standard)
firewalls
(LAN), (WAN),
hosts TCP/IP.
( ) IPv4,
IPv6 (Internet Protocol
version 6)
IPSEC (integrity) – « IP
;», (authentication) – «
IP;» (confidentiality) - «
147
IP ;», .
IPSEC :
IPSec .
IP,
:
AH
:
:
:
http://www.isaserver.org/img/upl/IPSec_NAPT_AH1050086915216.gif
AH Header
• - uthentication Header).
,
IP.
o mode (transport tunnel),
IP ( header) . MAC
148
(transport), MAC IP
(tunnel: ).
.
IP. transport,
( “payload” ),
tunnel IP, ,
, . , ESP
(payload) , .
Transport Packet layout
:
:
:
Transport mode:
client-client client-gateway
149
. VPN
Internet
. VPN
(leased lines)
. , , client
VPN server (VPN-enabled),
( . telnet, mail, ,
), IPSEC.
( . OpenSSH, SSL),
,
.
(VPN)
http://www.conta.uom.gr/conta/ekpaideysh/seminaria/M_Telecommunications/29main.htm
: o IPSEC ’ (default)
: Hash ,
(MAC) ,
.
5.5.3 Firewalls
firewall (software)
(hardware) .
firewall (router).
,
. , « »
( , ) . ,
( )
.
150
, ,
, « » .
, firewall
. ,
“ ” (transparent) ,
.
(packet filtering) (Network layer)
(Transport layer) TCP/IP, ,
.
- Firewalls
(Point of entry-exit)
Security Policy
WHO ? WHEN ?
WHAT ? HOW ?
My PC
INTERNET
INTERNET
http://www.cmpe.boun.edu.tr/courses/cmpe526/spring2005/Cmpe526-20050505-GokhanAydin-Firewalls.ppt
Secure Private Network
router-firewall
(port).
router ,
router .
« »
hosts,
router. , .
151
Firewalls
LAN 3 Users
LAN 3 Secure
Servers
LAN 3 DMZ
Internet
LAN 2
http://www.cmpe.boun.edu.tr/courses/cmpe526/spring2005/Cmpe526-20050505-GokhanAydin-Firewalls.ppt Internet
LAN 2
Filter rule Action Source Host Port Destination Port TCP Comment
number Host flags
1 allow 199.232.18.0 * * 25 our mail
2 allow * * 199.232.18.0 * ACK their replies
1 :
- 199.232.18.0
, 25 (mail) host .
2 :
-
25 TCP ACK bit ,
host 199.232.18.0.
152
Outgoing packets Incoming packets
packet filter
:
interface ( ),
. interface .
IP spoofing
)– : 135.12.0.0
Internet packet filtering firewall.
(subnets) 10 11. host
135.12.10.201. T
port.
,
” , 135.12.10.0
port ( ). ,
, ,
.
Screening
Mask=255.255.255.0
Inside router Outside
Network=135.12.10.0
Internet
Inside
Mask=255.255.255.0 Packet claiming to be
Network=135.12.10.0
from 135.12.10.201
“Address spoofer”
packet filter
. :
,
routers, (port)
(packet header), -
(source) - (destination),
. ,
“ ” ,
,
( ). ,
153
SYN (Sequence Number, TCP ) .
Application - State Table
Internet
Internet
• O
.
• H
firewall. firewall TCP/IP
) “ ”
« ».
2. To gateway IP (source)
, ,
154
3. ,
.
4. proxy TELNET gateway
server,
5. proxy
H/Y server, .
Firewalls-
Application Level
Gateway
Telnet
IP . . IP )
IP/TCP/UDP
”. gateway ( proxy)
.
Internet (
). proxy “ ” ,
.
,
. proxy server client .
server client
. (session), proxy
client server
.
: proxy, (log
in) proxy, client host
.
155
pplication Gateways
• gateways ,
, IP
. :
FTP,
“get” “put”.
HTTP
web .
• gateways
proxy client,
.
» .
Firewall
,
firewall
Internet
firewall
Internet ,
client
• gateways ,
hosts
.
DNS IP gateway. ,
firewall NAT (Network Address Translation).
• gateways
(authentication) (logging).
156
6
6.1
, ,
.
:
(cipher).
(Substitution)
(Ceasar cipher)
:
: I CAME I SAW I CONQUERED
: L FDPH L VDZ L FRQTXHUHG
. (Encryption)
,
(confidentiality).
.
.
(Decryption) ,
.
. , (key),
,
.
( )
.
157
Kurose, 2003
:
(encryption algorithm)
(decryption algorithm)
.
,
.
To = = )
: ;
!
(Key Management)
Secure Channel
1
4
2
5 E )
3
158
.
( )
)
lice eB Bob
: C EeB (M )
Bob dB
: M Dd B (C )
Authenticated Channel
1
eB
4
dB
2
5 C EeB (M )
M M
3
)
Bob dB
C Ed B (M )
lice Bob eB
Authenticated Channel
1 eB
2
dB 4 OK
2 M ,C Ed B ( M )
M 3
»
????
: Alice e Bob?
:
,
(non repudiation).
159
.
.
:
,
.
, ,
.
,
( ).
Bob
CA-1
As a Certification Serial #: 5
Authority, I assertthat Subject: Bob
Signature
Signed, CA-1
Certification Authority
X .5 09 C e rtific a te
http://www.e-publishing.af.mil/contentmgmt/PKI%20Tutorial.ppt
:
.
.
( )
( . –
).
(
). ,
. ,
( )
, .
160
)
)
lice eB Bob
: C EeB (M )
Bob dB
: M Dd B (C )
1
eB, CertB
4
dB
2
5 C EeB (M )
M M
3
)
)
Bob dB
C Ed B (M )
lice Bob eB
Authenticated Channel
1 eB, CertB
2
dB 4 OK
2 M ,C Ed B ( M )
M 3
»
?
, Alice o Bob CA.
6.2
.
. ( )
. ,
100-10.000 .
161
. ,
,
.
, .
. ,
SSL PGP.
: , Alice
Bob Bob .
( )
dX
eX
CertX
Hash[M] hash
)
, Bob, CertBob
Bob, E eB (K)
B A EK ( )
: PGP
) Kurose, 2003
+ (concatenation) - (deconcatenation)
m
KS
KS(.) S
eB Bob dB Bob
eB(.) eB
dB(.) dB
162
6.3 Hash (One-way ash functions)
(One Way). ,
, .
f( ). ,
f(X), .
:
. ,
.
, .
Schneier, Bruce. Applied
Cryptography. John Wiley &
Sons, Inc., 2nd edition, 1996.
(One-way) x f (x)
&
;
.
1. & RSA
2.
:
RSA
!! n
163
Menezes, Oorschot, Vanstone,
Handbook of Applied
Cryptography, CRC, 2001
Hash
Hash
1. Compression
H H
(pre
image)
http://en.wikipedia.org/wiki/Hash_algorithm
D R
hash)
2. :
x
H,
H(x)
http://msdn.microsoft.com/library/en-us/dnvs05/html/datastructures_guide2-fig09.gif
Hash. hash, a)
hash: ash( )
,
ash( ). , )
(collision resistant): , ’
hash( )=hash(M’).
Menezes, Oorschot, Vanstone,
Handbook of Applied
Cryptography, CRC, 2001
Hash
Hash Hash
Hash 1. One way:
hash
(collision resistance)
D R ,
hash.
2. Collision-Resistance:
:
http://msdn.microsoft.com/library/en-us/dnvs05/html/datastructures_guide2-fig09.gif hash
: |D| > |R| , ,
hash
(one-way)
hash. ,
( bit) (output) . ,
164
(input) . bit
, , , bit hash.
hash,
. , hash ,
’ hash(M) =
hash(M’). hash MD5, o
SHA (Secure Hash Algorithm) : 256 512 bit.
Hash .
( hash ),
hash .
.
)
)
M Authenticated Channel
2 1 eB, CertB
hash 3
dB 5 OK
3 M , Ed B ( H ( M ))
)
4
»
:
,
Bob )
: PGP
: hash ,
: , ’
hash(M)=hash(M’) ’.
6.4
( )
. ,
165
, Alice, Bob;
Bob :
Alice , Hash ,
. Bob
Alice ;
.
:
, Bob, -Bob
A B
B A Alice, Bob, Ed B (Hash [Alice, Bob])
, (Mallory)
Bob eM Alice.
. Alice Bob.
.
. ,
( ),
. .
.
Alice Bob ,
. –
.
, Bob, CertB
166
A B
B A Alice, Bob, Ed B (Hash [Alice, Bob])
Alice Bob,
).
Bob,
CertB.
Mallory Bob, :
, Bob, CertB
A M
M A ???
,
.
( . ),
(certification authority).
:
X.509
CA-1 ) Bob
Bob
CA-2 CA-1
CA-2
Subject: CA1 Subject: Bob
» Alice,
Public Key: Public Key: 500 widgets
Alice
would cost
$500000.00
http://www.smart.gov/information/polk/polk.ppt
:
CA–1 Bob
lice CA-2
.
. Bob
CA1 Alice (
Alice CA2), Alice
Bob.
(trust path):
167
CA1
CA2, :
Alice Bob,
CA2 ( ).
Bob,
CertB.
.509
H »:
H Alice « CA-2
H CA-2 « CA-1
H CA-1 Bob
: Alice B Bob
1. , Bob
2. ,
Bob
6.4.1 (MAC)
168
Menezes, Oorschot, Vanstone,
Handbook of Applied
Cryptography, CRC, 2001
C: MAC HMAC
1.
hash (n-bit) Hash
: 2. H C(M)
: MAC (n–bit)
H(M,K)
Hash
,
HASH MAC
. )
H Alice MAC
Bob. Bob
MAC(M). Bob C. , Bob
Alice : Alice
, Alice MAC( ).
hash,
. ,
ash , . 256 bit,
’ )= ’) .
: C
?
Secure Channel MAC(M ) MAC(M )
1 K
NAI OXI
(OK)
2
K M K
3 M, C( ) 4 5
Hash Hash
: Hash
, hash (collision resistant)
, MAC
(one-way): A hash , Eve !!!
169
:
.
6.5
:
(dictionary attack). « » « »
bit, ( )
(pseudo-randomness generator). bit
.
.O “ ”
, (btute-force).
, Mallory
.
,
. 8 bits, 28 , 256 .
, 256 ,
50% .
.
128 bit, 2127 ,
. .
: ,
128 bit. ,
1024 bit.
: ,
,
. ( Diffie
Hellman), .
: ( )
. ,
( ).
170
. …
&
8-bit
32 ROM
512 bytes RAM
(tamper-resistance)
(PIN + )
- .
,
.
. ,
(key update). ,
(session).
,
,
.
171
-
[1] Anderson, Ross. Security Engineering: A Guide To Building Dependable
Distributed Systems. John Wiley and Sons Ltd, 2001.
[2] Ferguson, Niels, Schneier, Bruce. Practical Cryptography. John Wiley & Sons,
2003.
[4] Mao, Wenbo. Modern Cryptography: Theory and Practice. Prentice Hall, 2003
[5] Matyas, Vaclav Jr, Riha, Zdenek. Biometric authentication systems. Technical
report, ECOM-MONITOR, 2000.
[7] McClure, Stuart, Scambray, Joel, Kurtz, George. Hacking Exposed, 5th Edition:
Network Security Secrets & Solutions. Osborne/McGraw-Hill, 2005.
[8] Schneier, Bruce. Applied Cryptography. John Wiley & Sons, Inc., 2nd edition,
1996.
[9] Schneier, Bruce. Secrets and Lies: Digital Security in a Networked World. Wiley
Computer Publishing, 2001.
[10] Stinson, Douglas. Cryptography: Theory and Practice. CRC Press, 1995
[12] . . .
,7 . , , 2005.
[13] . . . . .
, . , 2003.
[14] , , ,
http://www.csd.auth.gr/~oswinds/dopsys/week10b.pdf
172