Outline

• Captchas
• Quiz
• Firewalls
• Start Protocols

Captchas - Turing Tests

• In the 1950s Alan Turing proposed something like the following test to see if a computer was artificially intelligent:
  • A human asks questions to another human and a computer, without seeing either
  • If questioner cannot distinguish human from computer, computer passes the test
  • The gold standard in artificial intelligence
• No computer can pass this today for any extended questioning session...
• But some claim to be close to passing, especially if the interviewer does try too hard.

CAPTCHA (Ang, Blum, Langford 2004)

• CAPTCHA - Completely Automated Public Turing test to tell Computers and Humans Apart
• Automated -- test is generated and scored by a computer program
• Public -- program and data are public
• Turing test to tell... -- humans can pass the test, but machines cannot pass
• Also known as HIP == Human Interactive Proof
• Like an inverse Turing test (well, sort of...)

CAPTCHA Paradox?

• From the original paper on captcha's "...CAPTCHA is a program that can generate and grade tests that it itself cannot pass..."
• "...much like some professors..."
• Paradox -- computer creates and scores test that it cannot pass!
• CAPTCHAs used so that only humans can get access (i.e., no bots/computers)
• CAPTCHAs are for access control

CAPTCHA Uses?

• Original motivation: automated bots stuffed ballot box in vote for best CS grad school
  SJSU vs Stanford?
• Free email services -- spammers like to use bots to sign up for 1000's of email accounts
• CAPTCHA employed so only humans get accounts
• Sites that do not want to be automatically indexed by search engines
• CAPTCHA would force human intervention
• Nowadays use things link re-captchas to do translations of text or OCR.
• Can even be combined with advertisement schemes like key captcha.

CAPTCHA: Rules of the Game

• Easy for most humans to pass
• Difficult or impossible for machines to pass
• Even with access to CAPTCHA software
• From Trudy's perspective, the only unknown is a random number
  Analogous to Kerckhoffs' Principle
• Desirable to have different CAPTCHAs in case some person cannot pass one type
• Blind person could not pass visual test, etc.

Do CAPTCHAs Exist?

• Test: Find 2 words in the following
  
• Easy for most humans
• A (difficult?) OCR problem for computer. Here OCR == Optical Character Recognition

CAPTCHAs

• Current types of CAPTCHAs
• Visual -- like previous example
• Audio -- distorted words or music
• No text-based CAPTCHAs. Maybe this is impossible...

CAPTCHA's and AI

• OCR is a challenging AI problem
  • Hard part is the segmentation problem
  • Humans good at solving this problem
• Distorted sound makes good CAPTCHA. Humans also good at solving this
• Hackers who break CAPTCHA have solved a hard AI problem... So, putting hacker's effort to good use!
• Other ways to defeat CAPTCHAs???

Quiz

Which of the following is true?

1. The Orange Book was a trusted computing evaluation manual that replaced the Common Criteria in 1983.
2. Bell-LaPadula and Biba's models are both compartment-based MLS models.
3. Capabilities Lists can be used to delegate authority to avoid the confused deputy problem.

Firewalls

• Firewall decides what to let in to internal network and/or what to let out
• Access control for the network

Firewall as Secretary

• A firewall is like a secretary
• To meet with an executive
  • First contact the secretary
  • Secretary decides if meeting is important
  • So, secretary filters out many requests
• You want to meet chair of CS department? Secretary does some filtering
• You want to meet the President of the United States? Secretary does lots of filtering

Firewall Terminology

• No standard firewall terminology
• Types of firewalls
  • Packet filter -- works at network layer
  • Stateful packet filter -- transport layer
  • Application proxy -- application layer
• Other terms often used
  E.g., "deep packet inspection"

Packet Filter

• Operates at network layer
• Can filters based on...
  • Source IP address
  • Destination IP address
  • Source Port
  • Destination Port
  • Flag bits (SYN, ACK, etc.)
  • Egress or ingress

Packet Filter - Pros and Cons

• Advantages?
  • Speed
• Disadvantages?
  • No concept of state
  • Cannot see TCP connections
  • Blind to application data

Packet Filter Configuration

• Configured via Access Control Lists (ACLs)
• ACLs here have a different meaning than at start of Chapter 8
• The above attempts to restrict traffic to web browsing

TCP ACK Scan

• Attacker scans for open ports through firewall -- Port scanning is first step in many attacks
• Attacker sends packet with ACK bit set, without prior 3-way handshake
  • Violates TCP/IP protocol
  • ACK packet pass through packet filter firewall
  • Appears to be part of an ongoing connection
  • RST sent by recipient of such packet

TCP ACK Scan

• Attacker knows port 1209 open through firewall
• A stateful packet filter can prevent this -- since scans not part of established connections.

Stateful Packet Filter

• Adds state to packet filter
• Operates at transport layer
• Remembers TCP connections, flag bits, etc.
• Can even remember UDP packets (e.g., DNS requests)

Stateful Packet Filter

• Advantages?
  • Can do everything a packet filter can do plus...
  • Keep track of ongoing connections (so prevents TCP ACK scan)
• Disadvantages?
  • Cannot see application data
  • Slower than packet filtering

Application Proxy

• A proxy is something that acts on your behalf
• Application proxy looks at incoming application data
• Verifies that data is safe before letting it in

Application Proxy

• Advantages?
  • Complete view of connections and applications data
  • Filter bad data at application layer (viruses, Word macros)
• Disadvantages?
  • Speed

Application Proxy

• Creates a new packet before sending it through to internal network
• Attacker must talk to proxy and convince it to forward message
• Proxy has complete view of connection
• Prevents some scans stateful packet filter cannot -- next slides

Firewalk

• Tool to scan for open ports through firewall
• Attacker knows IP address of firewall and IP address of one system inside firewall
• Set TTL to 1 more than number of hops to firewall, and set destination port to N
• If firewall allows data on port N thru firewall, get time exceeded error message
• Otherwise, no response

Firewalk and Proxy Firewall

• This will not work through an application proxy (why?)
• The proxy creates a new packet, destroys old TTL

Deep Packet Inspection

• Many buzzwords used for firewalls
• One example: Deep packet inspection
• What could this mean?
• Look into data portion of packets (even application level), but don't really "process" (use header info to do network stuff) these packets
• Like an application proxy, but faster

Firewalls and Defense in Depth

• Typical network security architecture

Protocol

We are now going to start the third major topic of this course -- protocols.

• Human protocols -- the rules followed in human interactions.
  Example: Asking a question in class
• Networking protocols -- rules followed in networked communication systems
  Examples: HTTP, FTP, etc.
• Security protocol -- the (communication) rules followed in a security application
  Examples: SSL, IPSec, Kerberos, etc.

More on Protocols

• Protocol flaws can be very subtle
• Several well-known security protocols have significant flaws: Including WEP, GSM, and IPSec
• Implementation errors can occur -- Recent IE implementation of SSL
• Not easy to get protocols right...

Ideal Security Protocol

• Must satisfy security requirements -- Requirements need to be precise
• Efficient
  • Small computational requirement
  • Small bandwidth usage, minimal delays...
• Robust
  • Works when attacker tries to break it
  • Works even if environment changes
• Easy to use and implement, flexible...
• Difficult to satisfy all of these!

Secure Entry to NSA

To start talking about protocols we will look at several simple security protocols... First, consider the following protocol for entering the NSA building...

1. Insert badge into reader
2. Enter PIN
3. Correct PIN?
   Yes? Enter
   No? Get shot by security guard

ATM Machine Protocol

1. Insert ATM card
2. Enter PIN
3. Correct PIN?
   Yes? Conduct your transaction(s)
   No? Machine (eventually) eats card

Identify Friend or Foe (IFF)

MIG in the Middle