SECURITY IN UBUNTU LINUX
Running Head: SECURITY IN UBUNTU LINUX
Security is an important subject in computing; so all operating systems in need of security at some point including the open source operating system. Otherwise, the operating system may allow a cracker to have access to them and retrieve sensitive information. With all operating systems including Linux, it is suggested that one should use a firewall or at least IP table (Petersen, 2009). In spite of this, there are further steps that can be taken in order to secure the system before setting up a firewall. Free and Open source software generally allows anyone to have access to the source code, modify, study, and improve the software. It is also possible to port it to new operating systems and processor architectures. As a result, it will be worthwhile and more effective one has to have a benefit form OFSS in terms of securing the operating system. From a security point of view, the data should be secure while it is being stored, processed and transmitted. This paper will investigate some free software to enhance the security level of Ubuntu 9.04 Linux operating system. GNU General Public License packages will be used in this assessment to download the requirements packages to help improve the security of the operating system. The report will make use of tool called ccerypt to encrypt and decrypt files to protect the confidentiality of their contents. The other software that will be investigated for securing the kernel is named Grsecurity (Petersen, 2009).The last software is tinc VPN that is used to create a virtual private network. The report will provide an overview of these software and critical analysis of their security features as well as weakness related to the named software.
1. Securing files and stream:
1.7 stable released 2004-03-30
- Released: 30 Mar, 2004
- Code Maturity: Stable
- Source Archive: http://ccrypt.sourceforge.net/download/ccrypt-1…
- Licenses: GPLv2orlater
Interfaces: Command Line
In order to protect the confidentiality of the data from attackers who may have physical access, users need to encrypt files. There are varieties of free software for Linux Ubuntu9.04 that can encrypt and decrypt files. CCrypt is one of the best known tools because of its transparency and strength.
1.1. Ccrypt (Secure encryption and decryption of files and stream)
Ccrypt is a very powerful tool for encrypting and decrypting files and streams. It was proposed as a substitute of the standard Unix crypt utility, which has been proved as a very weak encryption algorithm. Ccrypt is based on Advance Encryption Standard (AES) that was designed by Rijndael in 2001. This cipher is believed to provide very strong and unbreakable security. The most common way to invoke ccrypt is via the commands ccencrypt and ccdecrypt orccat command for decrypting a file directly to the terminal, and this reduces the likelihood of leaving temporary plaintext files around.
Encryption and decryption depends on a keyword entered by the user. By default, the terminal asks the user to enter a keyword and the keywords can consist of any number of characters. Longer keywords provide better security in terms of exhaustive search than short ones, as they are less likely to be exposed.
1.2. Why ccrypt is highly recommended?
There are many factors that make ccrypt a very powerful tool for encrypting files and the major ones are; the algorithm that ccrypt uses, usability, flexibility and the mitigation against the software attack. This section will focus more in cryptology field and will cover the design of the algorithm and the cipher text of the ccrypt (Petersen, 2009). Appendix A contains expressions and abbreviations often used in cryptology field that readers cannot understand the terms and may be unfamiliar to them.
1.2.1. The design of ccrypt
As mentioned before, ccrypt uses The Advanced Encryption Standard (AES) a symmetric-key encryption standard adopted by the U.S. government . AES was designed in an open competition and the winner was Rijndael. AES is based on a design known as a Substitution permutation network which is fast in both software and hardware. AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits. AES operates on a 4×4 matrix of bytes. In order for AES to convert the input plaintext into the final output of ciphertext, number of repetitions of transformation rounds is applied to the plaintext. Each round consists of several processing steps, including one that depends on the encryption key. A set of reverse rounds is applied to the ciphertext to transform it back into the original plaintext using the same encryption key. See Fig 1
1.2.2. Description of the algorithm
- KeyExpansion—round keys are derived from the cipher key using Rijndael’s key schedule.
- Initial Round
- AddRoundKey: each byte of the state is combined with the round key using bitwise xor
- SubBytes: a non-linear substitution step where each byte is replaced with another according to a lookup table.
- ShiftRows: a transposition step where each row of the state is shifted cyclically a certain number of steps.
- MixColumns: a mixing operation which operates on the columns of the state, combining the four bytes in each column.
- Final Round (no MixColumns)
This is a general description of the operation of AES and you can see the flash animation of AES operation to see clearly the entire operation of the algorithm.
1.3. Ciphertext of the ccrypt:
In cryptography, the block ciphers are symmetric encryption schemes operating on blocks of fixed length both in plaintext and ciphertext by using the same key for encryption and decryption such as AES that is used by ccrypt. Blocks are of equal size and are often 64 or 128 bits in length. If one wishes to encrypt messages longer than the block size, a mode of operation is used . With the block cipher algorithm, different modes of operation can be applied (Petersen, 2009). A mode of operation normally consists of several simple operations in order to increase security taking in consideration that the block cipher itself is already providing for a high standard of security.
In order to provide confidentiality or integrity of a message of variable length, different modes of operation can be applied. ccrypt implements a stream cipher by operating the Rijndael block cipher in ( Cipher Feedback ) CFB mode of operation. Figure2 shows the operation of CFB.
As we can see from the above figure, in CBC mode, each block of plaintext is XORed with the encrypted version of the previous ciphertext in order to generate the current ciphertext block. In this process, each ciphertext block is depending on all plaintext blocks up to that point. For the first block, the Initial Vector (IV) is used as the previous ciphertext block which is a random value and must be unpredictable.
With ccrypt the IV is generated at encryption time and written as the first block of the encrypted stream. The IV is generated as follows: a combination of the host name, current time, process id, and an internal counter are hashed into a 28-byte value, using a cryptographic hash function. Then a magic number is with fixed four-byte is combined with this value, and encrypted by one round of the Rijndael block cipher with the given key. The aim of using the magic number is to allow ccrypt to detect non-matching keys before decryption.
1.4. Other security features of the ccrypt
Ccrypt is an independent platform for reason that it can work in different operating system such as Linux, Windows, Macintosh OS-X, Unix, and in principle, on many other platforms. The following features make the use of ccrypt a very popular tool even in organizations.
Type of the password: when using ccrypt we use keywords instead of passwords. All characters are fine for all keywords including Printable ASCII characters, except null ” characters. Practically, users can not enter newline such as (‘ ’ or ‘r’) characters as keywords, although ccrypt can still handle them. Yet there is usually no way of entering them as the operating system does not let the user enter such characters.
Know plaintext attack( see appendix A) is useless with ccrypt: With ccrypt security means that, it is efficiently impossible to obtain any information about the plaintext from a given ciphertext without the knowledge of the encryption key. Even if a large number of plaintext pairs are already known for the same key it is still secure. Furthermore, due to the fact that ccrypt uses a key size of 256 bits, an exhaustive search of the key space is impossible, at least as long as sufficiently long keys are actually used in practice.
File size and memory: Ccrypt1.4 and later versions can handle files of any size. Ccrypt also uses very little memory and disk space, as by default, ccrypt overwrites original files in place, which may cause the real contents to be overwritten. Because of ccrypt encrypts data a few bytes at a time, it does not need to read the entire file into memory. For this reason, there is no need for additional disk space, and very little memory will be used. In addition to that ccrypt does not write temporary data to disk unless the user use –tmpfiles option, then ccrypt will create a temporary file rather than overwriting the original file in place. In this case, the user needs enough free disk space to save the largest files that are being encrypted.
2. Securing the Kernel for Linux Ubuntu
- Released: 7 Mar, 2005
- Code Maturity: Stable
- Source Archive: http://www.grsecurity.net/grsecurity-2.1.2-2.4….
- Licenses: GPLv2
Last updated 7 Jan, 2008
2.1. What is Grsecuirty
Grsecurity is licensed under the GNU which has a new approach to security utilizing a multi-layered detection, prevention, and containment model. It presents numerous security features which some of them are:
- It provides intelligent and robust privilege policies least through Role-Based Access Control (RBAC) system for the entire system with no configuration.
- Change root (chroot) hardening.
- Prevents /tmp race
- Extensive auditing.
- Prevents any arbitrary code execution in the kernel.
- Provides a protection against exploitable bugs in the kernel.
- Helps reducing the risk of leaking sensitive information through arbitrary-read kernel bugs.
- Implements a restriction that allows users to only view their processes.
- Security alerting and auditing that contains the IP address of the user produce the alert.
2.2. What is the Kernel and why it is important to secure it?
To better understand the Grsecurity tool, this section will outline a briefer description of the Kernel and the correlation between the operating system.
2.2.1. The Kernel
The kernel is a bridge between applications and the actual data processing done at the hardware level as Figure 3 shows. It has many responsibilities including managing the communication between hardware and software components, it also receives resource requests and allow access to resources such as allocating space for a new file or creating a network connection . As the Kernel is a basic component of the operating system, it provides the lowest-level abstraction layer for the resources, particularly processors and I/O devices that application software must make control of it to perform its function.
2.2.2. The Linux kernel: brief description
The Linux kernel, that is Linux, in a Unix based kernel originally created by Linus Torvalds in 1991, as an operating system based on the Intel x86 processor family. As the Linux is open source system released under the GNU Public License, GPL project provides the kernel-related applications and programs that make the Linux kernel usable, such as file systems, compilers, system administrator binaries, graphical environments, editors and many others.
The modern monolithic architecture of Linux kernel is complemented by its support of modules, such as multiple file systems support, and a lightweight multithread process model. Other features of the kernel are introduced as being multiuser, multiprocessor and multiplatform.
As the kernel in charge of managing the system hardware, it performs a number of tasks :
- Memory management: Both, the real and the virtual memory are controlled by the kernel, as well as all its swapping capabilities. The performance of the system depends on the kernel caching capabilities.
- Process management: These involve user execution modes, and kernel execution mode, and the transitions between them in addition to the process signaling model and other inter-process communication (IPC) mechanisms.
- File system management: Including the Virtual File System (VFS), an abstraction layer, and the real file system implementations: ext2, ext3, UFS, … etc
- Device drivers: The kernel synchronizes all the interrupts that are received from all the system components such as, mouse, screen, keyboard and network cards other peripherals.
- Networking stacks, Implementing all protocol, mainly in the TCP/IP model, from layer 1 (physical) to layer 4 (TCP/UDP).
2.2.3. Why do we need to secure the Kernel?
Whilst most attacks often directed on modifications to user level libraries, the operating system kernel became more popular target . Attackers usually modify the kernel using so-called “rootkits” Which is “A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect information on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems” 
Any application program or system access such as writing or reading from the disk are performed and controlled and by the kernel. The application typically will call a kernel syscall (see appendix) A, then the kernel will do the required job and bring the outcome back to the application. From the users’ perspective, these syscallsare functions in the lowest level of the system provide access to file systems, network connections, and other actions. By modifying kernel syscalls, kernel rootkits hides files, processes, or network connections without making any changes to system binaries. Therefore, rootkit is making the hacker activities and actions invisible and difficult to be detectedor noticedby the system administrator.
3. Securing the communication
1.0.4 Stable released 2005-05-04
- Released: 4 May, 2005
- Code Maturity: Stable
- Source Archive: http://tinc.nl.linux.org/packages/tinc-1.0.4.ta…
- Licenses: GPLv2orlater with Open SSL exception
3.1. What is tinc?
Tinc is a Virtual Private Network (VPN) daemon that uses oftunnelling and encryption to create a secure private network between multiple hosts over network that cannot be t such as the Internet . tinc is free software and licensed under the GNU General Public License. Since the VPN is recognized by the IP level network code as a normal network device, no need of any additional software to be installed for the adaption. For this reason, VPN sites are able to share information with each other without revealing any information to others.
3.2. Tinc (VPN) prerequisites
For the user to use tinc, the kernel-side functionality that is required by tinc is the universal TUN/TAP driver. This function is expected to be available as a kernel module in any distribution’s kernel package . To check whether the kernel module is available, execute modprobetun as root and check dmesg. The user should see a message mentioning the TUN/TAP driver, and the user will have a /dev/net/tun device. Otherwise, user has to compile a kernel to get it. Also the user needs to install the lzo, openssl, and zlib development packages or configuration will fail.
3.3. Security features of tinc
In practice, with a remote-access, VPN tunnel limits that access using access control lists (ACLs) or firewall rules. With SSL-VPN access can even be limited to a single application on a single host and this can involves many clients. Then VPN creates an encrypted point-to-point connection between two different networks over some un-trusted medium such as Internet see Fig ….
With VPN, the computers that are located at each end of the tunnel will encrypt the data before entering the tunnel, and then it will be decrypted at the other end. Nevertheless, a VPN requires more than just a pair of keys to apply encryption, and this is where protocols comes in. With site-to-site VPN commonly use one of the following protocols Internet protocol security protocol (IPSec) or generic routing encapsulation (GRE) .
In this section will discuss only the IPSec as it is a widely used protocol and implemented for securing traffic on IP networks.
3.3.1. Internet protocol security protocol (IPSec)
IPSec can encrypt data between various devices, including router to router, firewall to router, desktop to router, and desktop to server. IPSec consists of two sub-protocols which provide the instructions a VPN needs to secure its packets:
IP Security (IPSec) was designed to provide a method for ensuring a secure private communications over an IP network (end-to-end security). The mechanism of IPSec relies on the sender and receiver, as the only parties who know the security key. When the authentication between parties is valid, the receiver ensures that the communication came from the intended sender and was not changed during transition. IPsec consists two functions: data encryption and data integrity [VPNs 2000] and IPsec apply two protocols to offer traffic security which are:
Authentication Header (AH)
By using hashing operation to provide integrity, and this implemented on the information on the packet header to hide certain information until it gets to its destination. It also involves a sequence number that allows the receiver to be sure that the message has not been modified.
Encapsulating Security Payload (ESP)
The Encapsulating Security Payload (ESP) simply is a protocol that applies encryption and limited traffic flow confidentiality. As the data authentication is provided by AH and ESP. They also provide data integrity service, which makes it more secure and reliable.
IPSec can be used by networked devices in two different encryption modes. The first one is transport mode; where the devices encrypt the data traveling between them. The second mode is tunnel mode, which is used by VPNs, where devices build a virtual tunnel between two networks and with is mode. VPNs use IPSec in tunnel mode with IPSec ESP and IPSec AH working together.
Point-to-point Protocol (PPP) is used in a remote- access VPN and there are typically three possible protocols based on PPP that can be used by VPN:
- L2F (Layer 2 Forwarding): designed by Cisco; any authentication system supported by PPP can be use with it.
- PPTP (Point-to-point Tunneling Protocol): Supports 40-bit and 128-bit encryption.
- L2TP (Layer 2 Tunneling Protocol): Combines features of PPTP and L2F and together and fully supports IPSec.
In addition to the previous security features, tinc has the following advantages:
Tinc daemon can create more than one connection by contacting each other directly in a direct way, and that does not require the VPN sites to configure all those connections individually.
Tinc support different platforms and runs on many operating systems such as Linux, MacOS, FreeBSD, Solaris, and Windows it also support IPv6.
3.6. Expanding VPN network is Easy.
In the cause of adding new nodes to the VPN, the user is not required to start new daemons or even create and configure new devices such as network interfaces. The user needs only to add an extra configuration file.
In general, what has been done so far to make the Linux more secure and reliable is more likely to be acceptable and reasonable. From a security perspective, each one of these software takes a responsibility to secure the data in different situations. To make the idea clear, ccrypt provides security to the data as it is being stored in the hard drive and Grsecurity looks after the data in terms of processing it. Whereas, tinc VPN secures the communication and tunnels the data to that has to be transmitted safely. Processing, storing and processing the data with the three software is represented in the next table.
The software Aim of the software Situation Example CCRYUPT Encryption of files and folders. Securing the data being stored Encrypt a text file GRSECURITY Securing the kernel
Securing the data being processed
Reading/ writing file form the hard drive
TINC VPN Securing the communication Securing the data being transmitted Sending a file over the Internet
However, some security weakness associated with these software and its significance are to be mentioned and discussed. This section will also suggest a future work for the project.
Although ccrypt make use of AES as it is believed to be breakable, some security concerns are however reported  as follow:
Compatibility problem: Although ccrypt is an independent platform, it is not compatible with other programs that use the same algorithm such as (AES). The Advanced Encryption Standard is not a file format rather it is a block cipher. Therefore, encryption utilities that make use of AES can differ in a number of ways, for example the way that a key is converted into an internal format. Ccrypt unfortunately uses its own file format and is not compatible with any other programs, however, the platform independent.
No physical security provided: As mentioned before ccrypt overwrites the original file causing its contents to be not read by other anymore by software. Nevertheless, this does not provide a protection against possible hardware attacks, a physical analysis of the hard disk surface by forensic examiner might be capable to trace of files that have been overwritten.
It is worth to be mentioned that parts of the original file might still exist after encrypting it in memory, and if user use virtual memory which known as swap space then this might again leak onto the hard drive (Petersen, 2009). Also, journaling file systems may keep copies of parts of the data in unexpected places where they cannot be easily overwritten. Briefly, ccrypt provide cryptographic security, but not physical security.
However, the previous security concern can be mitigated by some available tools which can physically erase files from hard drives. It has been suggested that a tool called wipe might be useful (http://abaababa.ouvaton.org/wipe/). One could use wipe in conjunction with ccrypt by doing something like this:
ccrypt< filename >filename.cptwipe filename
This would physically erase the plaintext after encrypting it.
Data integrity: Ccrypt is not designed to provide data integrity, it will not detect whether the ciphertext was modified after encryption. In particular, encrypted data can be truncated, leaving the corresponding decrypted data also truncate. If we need to ensure data integrity, this can be achieved by other methods. The suggested scheme is to apply a cryptographic hash (for instance, an SHA-1 hash) to the data before encryption.
Even though grsecurity is a very good set of patches that help to improve Linux security by in many ways such as ACL system, auditing and logging detection of attacks, several issues were observed and are as follows:
Role-based access control issue
Grsecurity has no conception of role-based access control; it is expected to see RBAC in a following release (Petersen, 2009). As a result, the administrator does not have any authorization to provide different levels of access to different non-root users outside the limited discretionary access control (DAC) mechanisms in which an individual user can allow or deny access to an object .
Weakness in path-based protection
The mechanism of path-based protection that grsecurity offers is considered weak, because paths are not necessarily unique . This is actually very deep level and requires more investigation, which is out of our project scope.
No implementation of domain-type
Although grsecurity has a simple MAC implementation, it does not apply the domain-type enforcement element. Essentially grsecurity uses an access matrix to define permissions between files and processes. However, Domain-type enforcement would be more flexible particularly in policy definition as it offers for better isolation between processes.
4.3. Tinc VPN
Network address translation (NAT) and performance are two main problems are considered with VPN. With most VPN protocols, NAT can be a potential drawback. The reason for this is that the VPN servers normally cannot have translated addresses. Using a firewall as a VPN server is one method to get around the NAT trouble, however that takes us to the second consideration which is the performance as VPN tunnels can be CPU-intensive. Unless the firewall has a crypto-accelerator card or does not support many simultaneous VPN tunnels, it is recommended that using a dedicated VPN server would be better than using your firewall for VPNs .
One of the security issue is that tinc is not secure against RSA attack. (See appendix A for RSA). Tinc uses RSA encryption without padding. Padding schemes are designed for the situation that where the size of the plaintext and the RSA key are not equal which could lead to an attack. In spite of this, tinc constantly encrypts random values that have the same size as the RSA key, which should safe. It is believed that there are timing attacks against RSA and Tinc does not protect against such attack.
5. Future work
While this work intention is to secure Ubuntu9.04 Linux with some popular free software, there are many powerful security enhancements software that are available with open source code (Petersen, 2009). While ccrypt is used to encrypt files and folder, we would like to run a tool that encrypts the entire hard drive such as Truecrypt to overcome the weakness associated with ccrypt as the attacker may use scripts or patches and having access to keys that might exist in the memory or any other part of the drive.
In addition, we would like to further investigate the many security options of grsecurity and it will be more interesting to compare grsecurity against SELinux as both are used to secure kernel. We would like also to do a vulnerability evaluation of systems running both SELinux and grsecurity.
Finally, a number of VPN packages are available for Linux: FreeS/WAN, PoPToP, OpenS/WAN, OpenVPN. The choice between them depends heavily on the users particular needs. It would be more interesting to compare them in terms of security and performance.
With the combination of both the popularity and open source code, Linux became a more popular target for enhanced security projects. In our project, three powerful security software were used and discussed: ccrypt, grsecurity and tinc. While ccrypt offers significant security feature to files and folders, lack of integrity, physical protection and compatibility are noticed and should be considered by both the users and developers (Petersen, 2009). Grsecurity is very powerful software that improves Linux security with different security mechanisms to detect, prevent, and contain attacks. Even though there are few drawbacks of grsecuiry, the advantages outweigh the disadvantages. With our project, the user can connect to a remote server or company over unsecure network such as the Internet using tinc as it creates a virtual private network that is more secure and reliable. This security feature is provided not only by tinc but also different software are available in open source. The performance and Network address translation are two main concerns with tinc, and user mig (Petersen, 2009)ht decide to choose other software to avoid these issues however, this would bring other security problems.
Petersen, R. (2009). Ubuntu 9.04: System Administration and Security. California: Surfing Turtle Press.