Chapter 6:

Security and Protection

 Overview of system security
 Security goals
 Security Attacks
 The Security Problems
 Security measures at OS level
 Security services
 Cryptography as a Security Tool
 Encryption
 Recovery Management

Compiled by: Kassawmar M. February, 2024 1

 Overview of system security
• Security refers to providing a protections of computer system resources such as
CPU, memory, disk, software programs and data in the computer system.
• If a computer program is run by an unauthorized user, then he/she may cause
severe damage to computer or data stored in it.
• So, a computer system must be protected against unauthorized access, malicious
access to system memory, viruses, worms etc.
• Security is consider external environment of the system, and protect it from:
– Unauthorized access by ensuring authentication of system users
– Malicious modification
– Malicious destruction
– Accidental introduction of inconsistency.
• We say that the system is secure if its resources are used and accessed as
intended under all circumstances.
2
 Security vs. Protection
• Some people use the terms “security” and “protection” interchangeably.
Nevertheless, they are different.
• Protection deals with internal threat but security deals with external threat
like firewall, Encryption.
• Protection mechanism for controlling the access to program, process, user
to a resource.
• Security violations can be malicious or accidental.
• It is easier to protect against accidental violations than malicious violations.
• Unfortunately total security can not be achieved.
• Goals of protection:
– Safe sharing of a common logical address space (directory of files) or common
physical address space (memory).
– Fair and reliable resource usage.
3
 Security goals
• We will first discuss three security goals: confidentiality,
integrity and availability.

Figure 1 Taxonomy of security goals

4
 Cont.…
Confidentiality
• Confidentiality, keeping information secret from unauthorized access, is
probably the most common aspect of information security: we need to
protect confidential information.
• An organization needs to guard against those malicious actions that
endanger the confidentiality of its information.
Integrity
• Unauthorized users should not be able to modify any data without the
owner’s permission.
• Information needs to be changed constantly. In a bank, when a customer
deposits or withdraws money, the balance of their account needs to be
changed.
• Integrity means that changes should be done only by authorized users and
through authorized mechanisms. 5
 Cont…
Availability
• The third component of information security is availability. The
information created and stored by an organization needs to be
available to authorized users and applications.
• Nobody can disturb the system to make it unusable.
• Information is useless if it is not available. Information needs to be
changed constantly, which means that it must be accessible to those
authorized to access it.
• Unavailability of information is just as harmful to an organization
as a lack of confidentiality or integrity.
• Imagine what would happen to a bank if the customers could not
access their accounts for transactions. 6
 Security Attacks
• The three goals of security (CIA)—can be threatened by security attacks.
• It is an action that compromise or expose security of information owned by an
organization is called security attack or security threat.
• Attack is an attempt to break security.
• The following figure relates the taxonomy of attack types to security goals.

Fig. Taxonomy of attack with relation to security goal 7

 Cont..
Attacks threatening confidentiality
• In general, two types of attack threaten the confidentiality of
information: snooping and traffic analysis.
• Snooping refers to unauthorized access to or interception of data.
• Traffic analysis refers other types of information collected by an
intruder by monitoring online traffic.
Attacks threatening integrity
• The integrity of data can be threatened by several kinds of
attack like modification, masquerading, replaying and
repudiation.

8
 Cont…
• Modification- means the attacker intercepts the message and change it.
• Masquerading- happens when the attacker impersonates somebody else.
• Replaying- means the attacker obtains a copy of a message sent by a user and
later tries to reply it.
• Repudiation- means that the sender of the message might later deny that she
has sent the message: the receiver of the message might later deny that he
has received the message.
Attacks threatening availability
• Denial of service (DoS) is very common attack. It may slow down or totally
interrupt the service of a system.
• The attacker can use several strategies to achieve this.
• They might make the system so busy that it collapses, or they might intercept
messages sent in one direction and make the sending system believe that one
of the parties involved in the communication or message has lost the
9
message and that it should be resent.
 Security Problem
 Intruder or attacker or cracker: attempt to breach the security
 Threat: potential of security violation such as discovery of
vulnerability
 Form of malicious access/ Security violation
• Breach of confidentiality- unauthorized reading of data
• Breach of integrity- unauthorized modification of data
• Breach of availability- unauthorized destruction of data
• Theft of service- unauthorized use of resources
• Denial of service (DOS)- prevention of legitimate use of the system

10
 Cont…
• Four levels of security measures must be taken.
– Physical:- Data center, server and connected terminals

– Human:- Careful screening of users to reduce the chance of unauthorized access.

– Network:- No one should intercept the data on the network.

o Intercepted communications, interruptions, DOS.

– Operating system:-The system must protect itself from accidental or purposeful

security beaches.

o Protection mechanisms, debugging

• In this chapter, we only see security in OS level. 11

 Security measures at OS level
• User authentication:-Verifying the user’s authentication
• Program threats:-Misuse of programs
• System threats:-Worms and viruses
• Intrusion detection:-Detect attempted intrusions or
successful intrusions and initiate appropriate responses to the
intrusions.
• Cryptography:-Ensuring protection of data over network

12
 Authentication
• Authentication refers to identifying each user of the system and associating
the executing programs with those users.
• It is the responsibility of the OS to create a protection system which ensures
that a user who is running a particular program is authentic.
• OS generally identifies/authenticates users using the following three ways:
– Username / Password − User need to enter a registered username and password
with OS to login into the system.
– User card/key − User need to punch card in card slot, or enter key generated by
key generator in option provided by operating system to login into the system.
– User attribute – fingerprint/ eye retina pattern/ signature − User need to
pass his/her attribute via designated input device used by operating system to
login into the system.
– Implementing security measures and processes.

13
 Cont…
One Time passwords
• One-time passwords provide additional security along with normal authentication.
• In One-Time Password system, a unique password is required every time user tries
to login into the system.
• It is a password that is valid for only one login session or transaction . It avoid
several shortcomings of traditional (static) password-based authentication.
• One-time password is implemented in various ways.
– Random numbers − Users are provided cards having numbers printed along with
corresponding alphabets. System asks for numbers corresponding to few alphabets
randomly chosen.
– Secret key − User are provided a hardware device which can create a secret id mapped
with user id. System asks for such secret id which is to be generated every time prior to
login.
– Network password − Some commercial applications send one-time passwords to user
on registered mobile/ email which is required to be entered prior to login. 14
 Cont…
• Biometrics
– Palm and hand readers: finger length, finger width and line
patterns.
– Fingerprint readers.
– Eye retina pattern, face
• Two factor authentication scheme
– Password plus fingerprint scan or secret key plus password.

15
 Program Threats
 OS’s processes and kernel do the designated task as instructed. If a user program
made these process do malicious tasks, then it is known as Program Threats.
 One of the common examples of program threat is a program installed in a
computer which can store and send user credentials via network to some hacker.
 Following is the list of some well-known program threats.
• Trojan Horse − Such program traps user login credentials and stores them to send to
malicious user who can later on login to computer and can access system resources.
o Exploits mechanisms for allowing programs written by users to be executed by other users.
• Trap Door − If a program which is designed to work as required, have a security hole
in its code and perform illegal action without knowledge of user then it is called to
have a trap door.
o The designer of the code might leave a hole in the software that only she is capable of
using.
o Specific user identifier or password that circumvents normal security procedures.
16
 Cont…
• Logic Bomb − Logic bomb is a situation when a program misbehaves only
when certain conditions met otherwise it works as a genuine program. It is
harder to detect.
• Virus − Virus as name suggest can replicate themselves on computer
system. They are highly dangerous and can modify/delete user files, crash
systems. A virus is generally a small code embedded in a program. As user
accesses the program, the virus starts getting embedded in other files/
programs and can make system unusable for user.
• Stack and Buffer Overflow
o The main function of a buffer is to temporarily store data. Each buffer has a capacity
of data it can hold.
o During a buffer overflow attack, the buffer or other temporary data stores are
overflowing with data.
o When the buffer overflows, the program attempting to write the data may overwrite
other memory locations containing important information.
o Threat actors look for buffer overflow vulnerabilities, which they can exploit to inject
scripts that help them hijack the system or crash it. 17
 System Threats
• System threats refers to misuse of system services and
network connections to put user in trouble.
• System threats creates an environment that operating system
resources/ user files are misused.

• Following is the list of some well-known system threats.

o Worms

o Internet worm Read more about these system threats

o Viruses
18
 Threat Monitoring
• Check for suspicious patterns of activity – i.e., several
incorrect password attempts may signal password guessing.

• Audit log – records the time, user, and type of all accesses to
an object; useful for recovery from a violation and developing
better security measures.

• Scan the system periodically for security holes; done when the
computer is relatively unused.

19
 Cont…
• Check for:
– Short or easy-to-guess passwords
– Unauthorized set-uid programs
– Unauthorized programs in system directories
– Unexpected long-running processes
– Improper directory protections
– Improper protections on system data files
– Dangerous entries in the program search path (Trojan
horse)

20
 Intrusion Detection
• Detect attempts to intrude into computer systems.
• Wide variety of techniques
– The time of detection
– The type of inputs examined to detect intrusion activity
– The range of response capabilities.
o Alerting the administrator, killing the intrusion process, false resource is exposed to the attacker
(but the resource appears to be real to the attacker) to gain more information about the attacker.
• The solutions are known as intrusion detection systems.
• Detection methods:
– Auditing and logging.
o Install logging tool and analyze the external accesses.
– Tripwire (UNIX software that checks if certain files and directories have been altered – i.e.
password files)
o Integrity checking tool for UNIX.
o It operates on the premise that a large class of intrusions results in anomalous modification of
system directories and files.
o It first enumerates the directories and files to be monitored for changes and deletions or additions.
Later it checks for modifications by comparing signatures.
• System call monitoring
– Detects when a process is deviating from expected system call behavior.
21
 Security services
• Standards have been defined for security services to achieve
security goals and prevent security attacks.

• The following figure shows the taxonomy of the five common

services.

Fig. Security services 22

 Cryptography as a Security Tool
• Within a given computer the transmittal of messages is safe, reliable and
secure, because the OS knows exactly where each one is coming from
and where it is going.
• However, on a network, things aren't so straightforward – The e-mail
sender may spoof their identity, and outgoing packets are delivered to a
lot of other computers besides their final destination, which brings up
two big questions of security:
– Trust - How can the system be sure that the messages received are
really from the source that they say they are, and can that source be
trusted?
– Confidentiality - How can one ensure that the messages one is
sending are received only by the intended recipient?

23
 Cont…
• Cryptography can help with both of these problems, through a system
of secrets and keys.
• Cryptography: Schemes for encryption and decryption; It comes from
the Greek words for secret writing.
• Cryptography has five ingredients
– Plaintext: the original message that is fed into the algorithm as input
– Encryption algorithm: performs various substitutions and transformations
on the plaintext
o Encryption: The process by which plaintext is converted into ciphertext
– Secret Key: is also input to the algorithm; the exact substitutions and
transformations performed by the algorithm depend on the key
o Larger key size means greater security but may decrease encryption or
decryption speed.
24
 Cont…
– Ciphertext: the scrambled message produced as output. It
depends on the plaintext and the secret key; for a given
message, two different keys will produce two different
ciphertexts.

– Decryption algorithm: the encryption algorithm run in reverse.

It takes the ciphertext and the same secret key (in symmetric
key cryptography) and produces the original plaintext.

oDecryption: Recovering plaintext from the ciphertext.

25
 Cont…
Encryption
• The basic idea of encryption is to encode a message so that
only the desired recipient can decode and read it.

• Encryption is an entire field of study or course by itself. So,

only some of the more significant computer encryption
schemes will be covered here.

26
 Cont…
• Encryption is useful to protect messages from intruders
– Eavesdropping (listening/spying the message)
• It is an issue of confidentiality
• An intruder may try to read the message
• If it is well encrypted, the intruder will not know the content
• However, just the fact the intruder knows that there is communication may be a
threat (Traffic analysis)
– Modification
• Modifying a plaintext is easy, but modifying encrypted messages is difficult
• It is an issue of integrity
– Insertion of Messages
• Inserting new message into a ciphertext is difficult
• It is an issue of integrity
27
 Basic process of Encryption
1. The sender first creates a message, m in plaintext.
2. The message is then entered into an encryption algorithm, E, along with the
encryption key, Ke.
3. The encryption algorithm generates the ciphertext, c, = E(Ke)(m). For any
key k, E(k) is an algorithm for generating ciphertext from a message, and
both E and E(k) should be efficiently computable functions.
4. The ciphertext can then be sent over an unsecure network, where it may be
received by attackers.
5. The recipient enters the ciphertext into a decryption algorithm, D, along
with the decryption key, Kd.
6. The decryption algorithm re-generates the plaintext message, m, = D(Kd)(c).
For any key k, D(k) is an algorithm for generating a clear text message from a
ciphertext, and both D and D(k) should be efficiently computable functions.
7. The receiver reads the sender encrypted message.
28
Fig. Basic processes of Encryption 29
 Cont…

Figure 2. Relationship between the plaintext and the ciphertext.

• There are two forms of encryption systems:

o Symmetric (also called Traditional or Secret-key or Private key or Single
key) cryptosystem
o Asymmetric (also called Public key) cryptosystem
30
 Symmetric Encryption
• In symmetric encryption same key is used to encrypt and decrypt a
message.
• The key has to be kept secret
• The key has to be communicated using a secure channel; major problem
• It is still in use in combination with public key cryptosystems due to
some of its advantages, mainly efficiency
• There are a number of well-known symmetric encryption algorithms that
have been used for computer security:
– Traditional ciphers (Substitution ciphers, Transposition ciphers)
– Modern symmetric-key ciphers (DES, AES)

31
 Cont…

Fig. The general idea of symmetric-key cryptography 32

 Cont…
Traditional ciphers
• Traditional ciphers used two techniques for hiding information from
an intruder: substitution and transposition.
Substitution ciphers
• A substitution cipher replaces one symbol with another. If the
symbols in the plaintext are alphabetic characters, we replace one
character with another.
A substitution cipher replaces one symbol
with another.
• The simplest substitution cipher is a shift cipher (additive
cipher). 33
 Cont…
• Example
• Use the additive cipher with key = 15 to encrypt the message
“hello”.
• Solution
• We apply the encryption algorithm to the plaintext, character by
character:

The ciphertext is therefore “wtaad”. 34

 Cont…
Transposition ciphers
• A transposition cipher does not substitute one symbol for another,
instead it changes the location of the symbols.
– In other words, a transposition cipher reorders (transposes) the
symbols.

A transposition cipher reorders symbols.

35
 Cont…
Example
• Alice needs to send the message “Enemy attacks tonight” to Bob.
Alice and Bob have agreed to divide the text into groups of five
characters and then permute the characters in each group. The
following shows the grouping after adding a bonus character (z) at
the end to make the last group the same size as the others.

• The key used for encryption and decryption is a permutation key,

which shows how the character are permuted. For this message,
assume that Alice and Bob used the following key:

36
 Cont…

• The third character in the plaintext block becomes the first character
in the ciphertext block, the first character in the plaintext block
becomes the second character in the ciphertext block and so on. The
permutation yields:

• Alice sends the ciphertext “eemyntaacttkonshitzg” to Bob. Bob

divides the ciphertext into five-character groups and, using the key
in the reverse order, finds the plaintext.

37
 Cont…
Modern symmetric-key ciphers
• Since traditional ciphers are no longer secure, modern symmetric-
key ciphers have been developed during the last few decades.
• Modern ciphers normally use a combination of substitution,
transposition and some other complex transformations to create a
ciphertext from a plaintext.
• Modern ciphers are bit-oriented (instead of character-oriented). The
plaintext, ciphertext and the key are strings of bits.
• The two examples of modern symmetric-key ciphers are DES and
AES.

38
 Cont…
 The Data Encryption Standard (DES)
• DES is a symmetric-key block cipher published by the National Institute of
Standards and Technology (NIST) in 1977.
• DES has been the most widely used symmetric-key block cipher.
o Messages are broken down into 64-bit chunks, each of which are encrypted
using a 56-bit key through a series of substitutions and transformations.
• DES is known as a block cipher, because it works on blocks of data at a time.
 The Advanced Encryption Standard (AES)
• AES is a symmetric-key block cipher published by the US NIST in 2001 in
response to the shortcoming of DES, for example its small key size.
• It uses key lengths of 128, 192, or 256 bits, and encrypts in blocks of 128 bits using
10 to 14 rounds of transformations on a matrix formed from the block.
• Read more about DES and AES
39
 Asymmetric Encryption
• With asymmetric encryption, the decryption key, Kd, is not the same as the
encryption key, Ke, and more importantly cannot be derived from it, which
means the encryption key can be made publicly available, and only the
decryption key needs to be kept secret.
• Also called Public-key cryptography
• It is a form of cryptosystem in which encryption and decryption are performed
using different keys - one public key (KE) and one private key (KD) - that
form a unique pair.
• Proposed by Diffie and Hellman in 1976
• It is a revolutionary concept since it avoids the need of using a secure channel
to communicate the key.
• It has made cryptography available for the general public and made many of
today’s online applications feasible
40
 Cont…
• Public-key algorithms are based on mathematical functions rather than on
substitution and permutation
• Public-key cryptography is involving the use of two separate keys, in contrast to
symmetric encryption, which uses only one key.
• The use of two keys has profound consequences in the areas of confidentiality,
key distribution, and authentication.
• Properties of Public Key Cryptosystem
– If you have the private key, you can easily decrypt what is encrypted by the
public key.
– Otherwise, it is computationally infeasible to decrypt what has been encrypted
by the public key.
• One of the most widely used asymmetric encryption algorithms is RSA, named
after its developers - Rivest, Shamir, and Adleman.
41
 Cont…

Fig. The general idea behind asymmetric-key cryptography 42

 Recovery Management

• Recovery Management is the process of planning, testing,

and implementing the recovery procedures ad standards
required to restore service in the event of a component
failure;
• either by returning the component to normal operation, or
taking alternative actions to restore service.

43
.

44