Boundary Control Chapter 10 1 Materi: Boundary controls: Cryptographic controls Access controls Personal identification numbers Digital signatures Plastic cards Audit trail controls Existence controls 2 Introduction The boundary subsystem establishes the interface between the would -be user of a computer system and the computer system itself 3 Controls in the boundary subsystem have three purpose: (a)To establish the identity and authenticity of would be users (b) To establish the identity and authenticity of computer system resources that users wish to employ © To restrict the action undertaken by users who obtain computer resources to an authorized set 4 Cryptographic controls Cryptographic controls are used extensively throughout the boundary subsystem. Cryptographic controls the privacy of data an d prevent unauthorized modification of data . They achieve this goal by scrambling data so it is not meaningful to anyone who does not have the means to unscramble it 5 Cryptographic controls There are three classes of techniques used to transform cleartext data into ciphertext data: (a) transposition ciphers, (b) substitution ciphers, and © product ciphers. Most modern cryptographic systems use a product cipher because it is the most difficult to break (it has the highest work factor) The US National Bureau of Standards’ Data Encryption Standard (DES) uses a product cipher 6 Cryptographic controls (Continued) A major disadvantage of conventional parties who wish to exchange information must share a private, secret key. To overcome this disadvantage , public key cryptosystems have been develop . Public key cryptosystems use two different keys to encrypt data and to decrypt data. One key can be made public, and the other key is kept private 7 Cryptographic controls (Continued) From an audit perspective, the most important aspect of cryptosystems is often the way in which cryptographic keys are managed. Cryptographic key management must address three functions (a) how key will be generated; (b) how they will be distributed to users, and © how they will be installed in cryptographic facilities 8 Access Controls Access controls restrict use of computer system resources to authorized users, limit the actios users can undertake with respect to those resources , and ensure that users obtainonly authentic computer resources. They perform these functions in three steps: (a) they authenticate users who identify themselvess to the system; (b) they authenticate the resources requested by the user; and © they confine users’ action to those that have been authorized 9 Access Controls (Continued) Users can provide three classes of authentication information to an access control mechanism: (a) remembered information (e.g. passwords); (b) possessed object (e.g. plastic card); and © personal characteristics (e.g. fingerprints). Remembered information is the most commonly used form of authentication Information. Its major limitation is that it can be forgotten. As a result, users employ strategies to help them remember the compromised (e.g. they write down a password) 10 Access Controls (Continued) Users employ four types of resources in a computer system: hardware, software, commodities (e.g. processor time), and data. The most complex actions they take (and the most difficult to control) relate to data resources 11 Access Controls An access control mechanism can be used to enforce two types of access control policy. Under a discretionary access control policy, users can specify to the access control mechanism who can access their resources. Under a mandatory access control policy, both users and resources are assigned fixed security attributes. Mandatory access control policies are easier to enforce but they are less flexible 12 Access Controls (Continued) Discretionary access control policies can be implemented via a ticket oriented approach or a list oriented. With a ticket oriented approach (or capability approach), the access control mechanism store information about users and the resources they are permitted to access. With a list oriented approach, the access control mechanism store information about each resources and the users who can access each resources. 13 Access Controls (Continued) Access control should enforce the principle of least privilege; Users should be assigned only the minimum set of resources and action privileges that they need to accomplish their work 14 Personal Identification Numbers (PINs) Personal Identification Numbers (PINs) are a form of remembered information used to authenticate user of electronic funds transfer systems. Controls need to be in place and working to reduce exposures to an acceptable level at several phases in the life cycle of PINs: (a) generation of the PIN; (b) issuance and delivery of the PIN to users; © validation of the PIN upon entry at a terminal device (e.g. an automatic teller machine); (d) tranmission of the PIN across communication lines; 15 Personal Identification Numbers Continued (e) processing the PIN; (f) storage of the PIN; (g) change of the PIN; (h) replacement of the PIN; and (I)termination of the PIN 16 Digital Signature A digital signature is a string of 0s and 1s used to authenticate a user. It is the equivalent of the analog signature that humans to sign documents. Unlike analog signatures, however, digital signatures should be impossible to forge 17 Digital Signature (Continued) The most common way to implement digital signatures is via public key cryptosystems. The sender of a message signs the message with their private key, and receivers of the message verify the signature by decrypting the message ausing the sender’s public key 18 Digital Signature (Continued) Sometimes arbitrators must be used with digital signature systems to prevent the sender of a message reneging or disavowing the message. The arbitrator acts as an intermediary between the sender and the receiver. In essence, the arbitrator is a witness to the contract between the sender and the receiver 19 Plastic Card Plastic Card are primarily a means of identifying individuals who wish to use a computer system. Control need to be in place and working to reduce exposures to an acceptable level at a number of phases in the life cycle of plastic cards: (a) application by the user for a card; (b) preparation of the card; © issue of the card; (d) return of the card; and (e) destruction of the card 20 Audit Trail Control Accounting Audit Trail: 1. Identify of the would be user of the system 2. Authentication information supplied 3. Resources requested 4. Action privileges requested 5. Terminal identifier 6. Start and finish time 7. Number of sign –on attempts 21 Audit Trail Control (Continued) 8. Resources provided/denied; and 9. Action privileges allowed/denied OperationAudit Trail 22 Existence Control Existence controls in the boundary subsytems are usually straightforward. If the subsystem fails, existence controls usually do not attempt to restore the subsystem to the point of failure. Instead, the user is simply asked to undertake sign on procedure again 23 Tugas Mahasiswa Tugas Mahasiswa mengumpulkan hasil diskusi atas kasus yang diberikan dosen. 24