Week 4

Question 1

Say there is an apache server where it spins off processes for each new user to access a given website, and that process has access to the full database of the site along with the disk.

Is this a safe design? Why or why not.

Answer 1

This is problematic because if an adversary finds and exploits a bug, the attacker gets access to the entire address space of the apache process and it inherits all the permissions of that process, so ability to see databases and disks.

Instead, we design sites/systems like government, with separation of powers.

Question 2

What does separation of powers mean in systems?

Answer 2

It means breaking up the different components of the site so that not all of them can be comprimised.

Maybe it should be the case that the login function should only have access to passwords and nothing else. This limits the kinds of resources that people can access. Maybe video segments of the site should only have access to video databases.

Question 3

What is Access Control?

Answer 3

This is when we implement technical mechanisms to prevent one entity from accessing resources that they don’t have permission to access.

Question 4

What is the goal of privilege separation?

Answer 4

To separate functionality from data.

You can separate types of data, you can separate data based on types of uses, you can separate programs based on which parts of a program are more likely to be buggy so that the buggy program doesn’t jeopardize the rest of the program and its data.

You can also separate based on what parts of the program are most likely to experience an attack.

Question 5

What is Unix?

Answer 5

The predecessor of linux. The first OS to support multiple users.

The goal was time sharing. It was designed with the idea of closed communication between programs. Programs should be able to talk to each other and pass inputs to and from each other.

Question 6

What is the threat model for a system where programs can talk to each other?

Answer 6

The adversary here is other users.

We share the machine with others, so we need to make sure their programs are not buggty or malicious and cause problems for other things.

We need to make sure that other users can’t mess with your files, so there must be integrity and confidentiality in the data. Also, no one else should be able to crash your program when it’s running.

Question 7

How does Unix reason?

Answer 7

It reasons in terms of Processes, NOT users.

Question 8

In Unix, what are the following things?

1. Principal
2. Subjects
3. Resources

Answer 8

1. Principal: the user which is represented by UID.
2. Subjects: the processes.
3. Resources: whatever is on the machine.

Question 9

How does Unix separatye/isolate processes?

Answer 9

It checks the UID. This controls most of the privileges that a process has. Superuser 0 (or root) will bypass most of the permission checks that Unix will perform.

A process is also associated with a group or groups, and has a GID/GIDs.

Question 10

When can processes in Unix talk to each other?

Answer 10

If they have the same UID they can signal, wait for, exit, get the status of, debug, and ptrace each other.

The child of a parent inherits the UID. It will have its own process ID though. It can change the UID if it has permission to do so.

Question 11

What is one element of access that having the same a UID may not allow?

Answer 11

Memory access. Even if two processes have the same UID, they can’t access each other’s memory usually. This is allowed in some cases like in debugging and memory mapping, but it’s usually not possible.

Question 12

How are a process’ UID and GID set?

Answer 12

When a process is born under the user ID 0, the superuser can lwoer its privilege using setuid(uid) and setgid(gid).

Remember that a process can have more than one GID.

Non-superuser processes cannot change their UIDs.

When you fork or exec, you inherit the userID of your parent.

Question 13

What is the Least Privilege Principle?

Answer 13

It states that a component should only have access to what it needs and only for as long as it needs it.

Think of a login process that needs access to all usernames and passwords to validate a login. Once login is done, it should give up its privilege.

Question 14

What happens at a login in Unix?

Answer 14

1. The app is run by superuser since it needs login to be able to check our password against a file that only superuser has access to.
2. Superuser opens etc/shadow file that can only be opened by superuser. It contains all passwords of users. It only shows the hashes.
3. The pogram then needs to find the user’s UID in etc/passwd.
4. It then needs to find the user’s GID in etc/group. This shows which groups the user belongs to.
5. Once login has checked the password, it no longer needs root access for using etc/passwd and etc/group, but it needs root access to call setuid and setgid.
6. Then it downgrades from root to your particular UID and GID.
7. It then forks, and then exec. This spawns a shell with the with the user’s privileges, not root.

Question 15

What are the 4 things you can do with Files?

Answer 15

1. Read
2. Write
3. Execute
4. Change permissions

Question 16

What are the 5 things you can do with Directories?

Answer 16

1. Lookup
2. Create
3. Remove
4. Rename
5. Change permissions

Question 17

Who checks permissions when someone is trying to do something?

Answer 17

The OS.

Question 18

How are permissions encoded?

Answer 18

In a datastructure called an inode (index node).

Question 19

What information do inodes hold?

Answer 19

Question 20

What are the principles in an inode?

Answer 20

1. Owner
2. Group
3. Everyone else

Question 21

What is the format for permissions on a file?

Answer 21

Question 22

How do we interpret the permissions listed in an inode?

Answer 22

First three characters: represent the permissions of the owner. rwx means read, write, execute.

Second three characters: represent the permissions of the group. This one is again read, write, execute.

Last three characters: represent the permissions for anyone else. r-x means read and execute, no write access.

Question 23

How do we more easily represent permissions?

Answer 23

Using the Octal Representation. For example, an octal representation might be 754.

Question 24

How do you find the Octal Representation of a given permission sequence?

Answer 24

Read Permission = 4 points

Write Permission = 2 points

Execute Permission = 1 point

Maximum you can have is 7. The three digits in Octal Representation represet:

Add up the total points for each party and concatenate the numbers for octal representation.

OWNER | GROUP | EVERYONE_ELSE |

Question 25

What does it mean for a directory to have execute access?

Answer 25

It means you can look up specific files, but you cannot list contents of the directory.

Question 26

What is read access in the context of a directory?

Answer 26

It means you can list the contents of a directory.

Question 27

What happens if we have execute access for a directory but not read?

Answer 27

It means we can find the file but not read it.

Question 28

What does it mean if we have read access but not execute for a directory?

Answer 28

It means we can list the contents of a file, but we can’t know anything about the file, so we don’t know the metadata, meaning we don’t know the owner, the permissions, etc.

Question 29

What is one of the drawbacks of the unix permissions scheme?

Answer 29

It’s hard to say that some people in a given group can access a file but others in the same group cannot.

Question 30

Who can change file permissions? How can they do this?

Answer 30

Only the owner. They do this by using:

chmod: change permissions

chown: change owner (uid) and optionally the group (gid)

chgrp: change the group (gid)

You can also change permissions with + and - signs:

chmod a-x tmp changes permissions of all to execute tmp.

Question 31

What are the big takeaways of Unix permissions?

Answer 31

It allows one to control which users can access a specific file. But, it’s hard to control the set of files that a specific process can access.

Question 32

Why were we able to elevate permissions in our homework attacks?

Answer 32

When as process spawns a child, like when the shell forks and executes a command you send to it, the process that’s running the program will inherit the permissions of the parent, which is the shell.

So, the program runs with your privileges, whatever they happen to be.

Question 33

How do the binaries know which user level they have?

Answer 33

When they execute, they have flags so that they execute with the privileges not of the parent process, but of the file’s owner or the file’s group.

Question 34

How do we raise privilege level?

Answer 34

sudo, su, ping, mount, passwd, chsh

Question 35

Why does sudo (owned by root) run with sudo privileges?

Answer 35

Because it goess of of a set uid binary.

Question 36

What is Ping?

Answer 36

It creates raw dataframes. Only root can create raw dataframes though, so Ping needs sudo privilege.

Question 37

What is the issue with setuid binaries?

Answer 37

If they are buggy, the adversary can spawn a root shell and then it’s game over.

Question 38

What do setuid/gid binaries do?

Answer 38

They execute with privileges of the file’s owner or group.

Question 39

What can attacker do if he launches the setuid/setgid binaries?

Answer 39

He can influence them.

For example, since when a process is created from a parent and it takes the parents privileges, the attacker has some control over the child. Also, setuid and setgid binaries use libraries like all other programs do, and libraries have flaws and are less rigorously tested, so it creates weaknesses.

Question 40

What’s a good way to store passwords?

Answer 40

Hashing. You store a tuple of the username and the associated password, except instead of storing the password as plaintext, we store a cryptographic hash of the password.

This mangles and compresses the password. We call the compressed version the digest.

Question 41

When passwords are hashed in a program’s database, how is the user’s entered password verified at login?

Answer 41

Their plaintext password is then hashed and the client compares that hash with the digest in the database.

Question 42

What is the problem with hashing?

Answer 42

The password space is small, meaning the range of passwords people pick is small and not uniform. People pick easy/bogus passwords a lot of the time, like 12345 or password.

Question 43

Why is a small password space a problem for hashing?

Answer 43

Because when many users use the same easy passwords, an adversary can take the most common passwords and hash all of them to get the corresponding digests (since hashing is deterministic).

So, if the database is breached and all the digests are leaked, the attacker can compare the hashes of common passwords with the digests in the breached database and look to find matches. They can then crack the accounts with easy passwords/ones that were in their list of common passwords that they hashed.

Question 44

Why is hashing speed a problem?

Answer 44

Hashing is ery fast, which means that an adversary can hash many passwords in a short period of time when trying to crack passwords.

One defense against this is using slow hashing functions.

Question 45

How many hashes can an average laptop do per second?

Answer 45

~2M SHA256 hashes.

Question 46

What do we call hashing functions that are slow to compute?

Answer 46

Slow Key-derivation Functions.

These act like hash gunctions but are slow to compute. Instead of taking micro or milliseconds to compute a hash, these can take, say, a second. This really slows down the adversary, and the 1 second doesn’t really slow down the login process, especially when you have your browser save your password/keep you logged in.

Question 47

What do slow key-derivation functions actually do to make themselves slower?

Answer 47

They perform a bunch of repeated hashes. This means that by adding more or less hashes, you can make your hashing function arbitrarily slow.

Question 48

Why won’t slow key-derivation hashes completely save us?

Answer 48

Because Rainbow Tables exist. A collection of attackers can divide up the work so that they can create a mapping between digests and passwords.

Collectively as a community, they create a giant database of cracked passwords. Once that dictionary is created, if a database of passwords is then leaked, all they have to do is use that dictionary and see if the corresponding digest exists.

Question 49

What is a Rainbow Table?

Answer 49

A data structure that provides an efficient mapping between passwords and their hash digests. All you do is search a digest and it will come back with the corresponding password.

They are expensive to create, but they efficiently invert hashes once created.

Question 50

What is Salting?

Answer 50

Hashing alone is not enough. Salting is where we add additional randomness known as salt into the password hash.

The salt is often some large random string with very high entropy. Salting helps prevent the creation of rainbow tables.

Question 51

Who generates the salt for passwords?

Answer 51

The service you are creating a password with. It stores the salt in plaintext alongside the hash salted password.

The database stores the username, the hash of the salted password, and then the salt.

Question 52

What happens if a database of salted passwords is leaked?

Answer 52

The attacker still cannot have precomputed the mapping between common passwords to digests because the salt (which is different for each user) is there, which changes the digest in this database and makes it different from the rainbow table’s.

Therefore, if the rainbow table has a hash digest for the password “password”, it will be different from the salted hash digest in the database for the same password “password”.

In short, two users with the same password will have different hash digests.

Question 53

Can an attacker still try to crack passwords that are salted?

Answer 53

Yes. He can brute force them by passing different passwords to the salt for a given user to figure out which one is a match to the same digest. It’s still very time consiming though and makes the attacker’s job harder.

Question 54

When does salting work best?

Answer 54

When the password of the user is high entropy, meaning it’s long and has a lot of randomness.

A weak password is easy to crack with brute force.

Question 55

Why is sending a plaintext password over a network dangerous?

Answer 55

Anyone evesdropping or anyone on the IT team at the corporation could see it.

Question 56

Does an encrypted connection like https fix the problem of evesdropping on communications?

Answer 56

Yes, but people at the organization you have an account with can still see your password come in when it’s decrypted (right before it’s hashed). They could then use this to log into your other accounts if you reuse passwords.

Or, if you accidentally typed in the password to another account you have, they could see it still and try to use that to crack one of your other accounts.

So, encryption of the network connection does NOT solve the problem.

Question 57

Why can’t you salt the password before sending?

Answer 57

Because the end recipient doesn’t know the salted store of the hashed password, only the salted store of the password.

You could store the hash of the salt and concatenate it with the hash of the password, but that is basically a password equivalent, and the digest you create on your end just becomes your password.

Question 58

What is the current best solution for handling password transmission across networks?

Answer 58

Challenge-response Protocol.

The service you use knows your plaintext password. So what they can do is use a random challenge R which is like a random string.

The user who also knows the password will type it in, and it will be concatenated with the random R string and then the sum of them will be hashed. Then, the service will check to see if what the user provided was indeed a hash of R concatenated with their correct password.

If the user sends an incorrect password, all the service will see is that the hashes don’t match.

R is new every time the user tries to enter the site. So if an attacker can intecept R once, it won’t matter since R will be different the next time.

Question 59

What are common ways to defend against password guessing?

Answer 59

1. Rate limit authentication attempts.
2. Imlement timeout periods after too many incorrect guesses.

Question 60

What is the most important thing when picking a password?

Answer 60

Entropy. Entropy is a notion of randomness.

Entropy = log₂(|S|^L)

|S| is the cardinality of the user set and L is the length of the password.

Question 61

When is the equation for entropy true?

Answer 61

When passwords are sampled uniformly from the set of characters. The problem is that users are not generating passwords randomly, and they eventually generate passwords using a very biased distribution like birthdays, names, etc.

The equation we have for entropy is an upper bounds.

Question 62

Why don’t password format requirements necessarily translate to higher entropy?

Answer 62

Because the requirement only forces people to not pick dictionary passwords. They don’t really increase entropy.

A user won’t necessarily pick “j2ij54u32ibSSg#$@S”, but rather will just pick “andrew!@1”.

In short, people just barely cover the requirement.

Question 63

How do biometrics compare to passwords in terms of entropy?

Answer 63

They are roughly as secure.

Question 64

What are Fuzzy Extractors?

Answer 64

They generate cryptographic keys from biometric data. A fingerprint or retina scan may be slightly different each time you do it, so fuzzy extractors make sure that even if it’s slightly different, it’s “enough” of the same and is really the right person.

Question 65

How do biometrics compare to passwords in terms of usability?

Answer 65

Question 66

What is CAP?

Answer 66

Stands for Chip Authentication. Pioneered by mastercard.

Each site you have an account with will issue you a card. You just insert the card to a reader and it issues you an 8-digit code which then you supply to the website.

This is more secure than passwords so hackers can’t get into your account without your card, but they are difficult from a usability standpoint.

Question 67

How usable is CAP compared to passwords?

Answer 67

Question 68

What is the current standard for best-practice authentication?

Answer 68

Multi-factor Authentication (MFA). It means that you need multiple modalities to get into an account.

Question 69

What is the main takeaway on authentication methods today?

Answer 69

No option is perfect and we need a better solution.