Confidentiality • Confidentiality is the concealment of information or resources. • Prevent assets from accessing by unauthorized parties. – E.g. individuals, organisation, government. • Access control mechanisms support confidentiality. – E.g. cryptography (keys), encryption. 1 Integrity • Integrity refers to the trustworthiness of data or resources, and it is usually phrased in terms of preventing improper or unauthorized change. • Integrity includes: – data integrity • the content of the information – origin integrity • the source of the data, often called authentication. 2 Integrity • Integrity mechanisms fall into two classes: – Prevention mechanisms: • Seek to maintain the integrity of the data by blocking any unauthorised attempts to change the data or any attempts to change the data in unauthorised ways. • E.g. Access control. – Detection mechanisms: • Do not try to prevent violations of integrity; they simply report that the data’s integrity is no longer trustworthy. • E.g. digital signatures. 3 Difference between Confidentiality and Integrity? • With confidentiality, the data is either compromised or it is not, • but integrity includes both the correctness and the trustworthiness of the data. – origin of the data (how and from whom it was obtained), – how well the data was protected before it arrived at the current machine, and – how well the data is protected on the current machine all affect the integrity of the data. – Thus evaluating integrity is often difficult. 4 Availability • Availability refers to the ability to use the information or resource desired. – E.g. Access website? Display correctly? • Availability is very much linked to reliability as well as of system design because an unavailable system is as bad as no system at all. • Someone may deliberately deny access to data or to a service by making it unavailable. 5 Availability • Attempts to block availability are called, denial-ofservice (DoS) attacks. • DoS attacks are difficult to detect because it requires the analyst to determine if unusual patterns of access are attributable to deliberate manipulation of resources or of environment. • Sometimes DoS attacks just seem to be a typical events or in some cases they are not even a typical. • Statistical models are important here esp. of network traffic. 6 Authenticity and Accuracy • Authenticity – Assets should be unforgeable by unauthorised parties. – E.g. Impersonation, forgery of digital signatures. • Accuracy – Be free from mistakes and errors. – Provide information as end user expects. – E.g. $ = AUD/USD/... ? 7 What is a Threat? • Threat is a category of objects, persons, or other entities that presents a danger to an asset. • The violation need not occur for there to be a threat. • The fact that the violation MIGHT occur is a threat. • If the action occurs then it is an attack. • The one who causes the attack to happen is an attacker/adversary. 8 Threats into 4 Main Categories • Disclosure – unauthorised access to information. (C) • Deception – acceptance of false data. (I.A) • Disruption – interruption or prevention of correct operation. (A) • Usurpation (taking someone's power or property by force) – unauthorised control of some part of the system. (A) 9 From the Source to the Destination Information Source Information Destination Normal Interruption (A) Interception (C) Modification (I) Fabrication (Auth.) 10 Examples of Threats? • Snooping – Unauthorised interception of data. • Wiretapping – Passive vs active • Data passing over a network is modified. • Modification, Alteration • Masquerading – Impersonation of one entity by another. • Delegation – One entity passes authority to another, illegal permission. • Repudiation of origin – A false denial that an entity sent or created something. • Denial of receipt – A false denial that an entity received some information or message. • Delay – Temporary inhibition of a service. • Denial-of-Service – A long-term inhibition of a service. What is the Goal of Security • Prevent an attack (before it happens) – This is the ideal solution – This is where technology should be helping most! • Detect the attack (when it happens) – Know what is going on, who is causing it – This is really where technology is helping most! • Recover from an attack (as soon as possible) – Stop the attack – Assess and repair the damage caused Components of Risk Management Risk Management Risk Control Risk Assessment Selecting Strategy Is the documented result of the risk identification process Inventorying Assets Classifying & Prioritising Assets Identifying & Prioritising Threats & Vulnerabilities Risk Assessment Risk Identification Justifying Controls Implementing & Monitoring Controls 21 Three Important Definitions • Assets – Anything of value that is worth securing – Can include tangible goods (e.g. computers) as well as intangible goods (e.g. passwords) • Threat – Any eventuality that represents a danger to an asset (e.g. possibility that financial transactions will be altered) • Vulnerability – A weakness in a safeguard (e.g. input validity does not exist in an order entry Web form) 22 Creating an Inventory of Information Assets Table 8-1 Organizational assets used in systems 23 Source: Course Technology/Cengage Learning Creating an Inventory of Information Assets • Inventory process requires a certain amount of planning – Whether automated or manual • Determine which attributes of each information asset should be tracked – Depends on the needs of the organization and its risk management efforts 24 Risk Assessment • Identify vulnerabilities between assets and threats • Identify and quantify asset exposure 25 • Asset: paper document: • threat: fire; • vulnerability: • document is not stored in a fire-proof cabinet (risk related to the loss of availability of the information) • there is no backup of the document (potential loss of availability) • threat: unauthorized access • vulnerability: document is not locked in a cabinet (potential loss of confidentiality) 26 • Asset: digital document: • threat: disk failure; • vulnerability: there is no backup of the document (potential loss of availability) • threat: virus; • vulnerability: anti-virus program is not properly updated (potential loss of confidentiality, integrity and availability) • threat: unauthorized access; • vulnerability: • access control scheme is not properly defined (potential loss of confidentiality, integrity and availability) • the access was given to too many people (potential loss of confidentiality, integrity and availability) 27 • Asset: system administrator: • threat: unavailability of this person; • vulnerability: there is no replacement for this position (potential loss of availability) • threat: frequent errors; • vulnerability: lack of training (potential loss of integrity and availability) 28 Likelihood • The probability that a specific vulnerability will be the object of a successful attack • Assign numeric value: number between 0.1 (low) and 1.0 (high), or a number between 1 and 100 • Zero not used since vulnerabilities with zero likelihood removed from asset/vulnerability list • Use selected rating model consistently • Use external references for values that have been reviewed/adjusted for your circumstances (Whitman and Mattord 2009) 29 Risk is the likelihood (p) of the occurrence of a vulnerability multiplied by the value (a) of the information asset Minus the percentage (pc) of risk mitigated by current controls Plus the uncertainty (pu) of current knowledge of the vulnerability Risk p a (1 pc pu ) 30 Jacobson’s Window Consequences Low High focus Low fraud, flood, tsunami, lengthy power disruption focus High Occurrences Don’t care Usually doesn’t minor power disruption, minor happen (cannot bugs, keying errors happen) 31 Risk Determination • Information asset B has a value score of 100 and has two vulnerabilities: – Vulnerability 2 has a likelihood of 0.5 with a current control that addresses 50 percent of its risk; – vulnerability 3 has a likelihood of 0.1 with no current controls. – You estimate that assumptions and data are 80 percent accurate (i.e. 20% uncertainty) • Impact of Vulnerability 2 = 100 x 0.5 x (1 – 0.5 + 0.2) = 35 • Impact of Vulnerability 3 = 100 x 0.1 x (1 – 0 + 0.2) = 12 Risk a p (1 pc pu ) • • • • value (a) of the information asset likelihood (p) of vulnerability occurrence % (pc) of risk mitigated by current controls uncertainty (pu) of current knowledge of the vulnerability 32 Policy, Standards, and Practices • Policy is a plan or course of action that influences and determines decisions. – they are organizational laws in that they dictate acceptable and unacceptable behavior within the organization. – they define what is right, what is wrong, what the penalties are for violating policy, and what the appear process is. Example: Policy: Passwords must be used Standard: Passwords will be constructed of 6-8 alpha-numeric characters. Procedure: To change your password, type your old password, then your new password. Technical control: mechanisms used to regulate the operations to meet policy requirements Policy, Standards, and Practices • Standards are a more detailed statement of what must be done to comply with policy practices. • Standards may be informal or part of an organizational culture. • May be published, scrutinized, and ratified by a group formally. (majority agreed) Example: Policy: Passwords must be used Standard: Passwords will be constructed of 6-8 alpha-numeric characters. Procedure: To change your password, type your old password, then your new password. Technical control: mechanisms used to regulate the operations to meet policy requirements Policy, Standards, and Practices • Procedures and guidelines explain how employees will comply with policy • For policies to be effective, they must be: – Properly disseminated, read, understood, and agreed-to Example: Policy: Passwords must be used Standard: Passwords will be constructed of 6-8 alpha-numeric characters. Procedure: To change your password, type your old password, then your new password. Technical control: mechanisms used to regulate the operations to meet policy requirements Key Terms Firewalls • Prevent specific types of information from moving between the outside world (untrusted network) and the inside world (trusted network) • May be separate computer system; a software service running on existing router or server; or a separate network containing supporting devices 37 What is a Network Firewall? • A firewall is a system or group of systems that enforces an access control policy between two or more networks. • A firewall can block traffic and/or permit traffic through to a network. • If you don't have a good idea of what kind of access you want to allow or to deny, a firewall really won't help you. www.interhack.net/pubs/fwfaq/ 38 A Typical Architecture with Firewalls (Internal & External) 39 Firewall Protection • Some firewalls permit only a certain type of traffic through them. – e.g. email • Can be configured to protect against unauthenticated interactive logins from the “outside'' world. • Can provide a single point for security and auditing 40 Firewall Protection • Provide a summary of the types and amount of traffic passed through it, – how many attempts there were to break in • Firewall logs are critically important data. They can be used as evidence in a court of law in most countries. 41 What Can’t A Firewall Protect Against • Firewalls can't protect against attacks that don't go through the firewall. – This is something of concern – A magnetic tape, compact disc, DVD, or USB flash drives can just as effectively be used to export data. • Insider attackers who are allowed to do specific operations. 42 Processing Modes of Firewalls • Five processing modes that firewalls can be categorized by are: – Packet filtering – Application gateways – Circuit gateways – MAC layer firewalls – Hybrids 43 Selecting the Right Firewall • When selecting firewall, consider a number of factors: – What firewall offers right balance between protection and cost for needs of organization? – Which features are included in base price and which are not? – Ease of setup and configuration? How accessible are staff technicians who can configure the firewall? – Can firewall adapt to organization’s growing network? • Second most important issue is cost • How do you select your home firewall? 44 Configuring and Managing Firewalls • Each firewall device must have own set of configuration rules regulating its actions • Firewall policy configuration is usually complex and difficult • Configuring firewall policies is both an art and a science • When security rules conflict with the performance of business, security often loses 45 Best Practices for Firewalls • All traffic from trusted network is allowed in • Firewall device never directly accessed from public network • Simple Mail Transport Protocol (SMTP) data allowed to pass through firewall (else can’t send email) • Internet Control Message Protocol (ICMP) data denied • Telnet access to internal servers should be blocked • When Web services offered outside firewall (DMZ) HTTP traffic should be denied from reaching internal networks 46 Firewall Limitations • Generally provides no data integrity (eg: doesn’t check for viruses) • No authenticity for source of the data • Often no confidentiality of data • No protection against internal threats • Only one point of entry (DoS susceptible) • Maybe just one point of failure • Higher levels of functionality = more complexity = possible failure – but simpler systems have more vulnerabilities to attack 47 Categories of Cryptography • Symmetric-key Cryptography – Same key applied on both sender and receiver. – Encryption, Authentication. – E.g., DES, AES, RC4 • Public (asymmetric) key Cryptography – Use a pair of public and private keys. – Encryption, Authentication, Digital Signatures, etc – E.g., RSA, DSS, ElGamal 48 Symmetric-Key Encryptions • Plaintext can be encrypted through bit stream or block cipher method • Stream cipher: each plaintext bit transformed into cipher bit one bit at a time – RC4 • Block cipher: message divided into blocks (e.g., sets of 8- or 16-bit blocks) and each is transformed into encrypted block of cipher bits using algorithm and key – DES, AES 49 Substitution Cipher • Substitute one value for another • Monoalphabetic substitution: uses only one alphabet, e.g., Caesar ciper. • Polyalphabetic substitution: more advanced; uses two or more alphabets • Vigenère cipher: advanced cipher type that uses simple polyalphabetic code; made up of 26 distinct cipher alphabets 50 Transposition Cipher • Easy to understand, but if properly used, produces ciphertext that is difficult to decipher • Rearranges values within a block to create ciphertext • Can be done at the bit level or at the byte (character) level • To make the encryption even stronger, the keys and block sizes can be made much larger 51 Symmetric Encryption • Uses same “secret key” to encipher and decipher message – Encryption methods can be extremely efficient, requiring minimal processing – Both sender and receiver must possess encryption key – If either copy of key is compromised, an intermediate can decrypt and read messages 52 Example of Symmetric Encryption 53 Asymmetric-Key Encryption • Also known as public-key encryption – RSA • Key pair – Public key: publicly known for encryption – Private key: only known by the owner; for decryption – Public and private keys are mathematically related. – Hard to find the private key from the public key. 54 Example of Asymmetric Encryption 55 Encryption Key Size • When using ciphers, size of encryption key are very important • Strength of many encryption applications and cryptosystems measured by key size • For cryptosystems, security of encrypted data is not dependent on keeping encrypting algorithm secret • Cryptosystem security depends on keeping some or all of elements of key(s) secret 56 Encryption Key Power Note: time is different in different encryption algorithms. 57 Digital Signatures • Digital signatures are a security primitive for demonstrating the authenticity of a digital message. – Sign: using the signer’s private (signing) key – Verify: using the signer’s public key • It mimics the function of handwritten signatures. • Digital signatures should be unforgeable. • Non-repudiation: the process that verifies the message was sent by the sender and thus cannot be refuted (contested) • Digital Signature Standard (DSS) 58 Public Key Infrastructure (PKI) • PKI is a system which creates, stores and distributes digital certificates of public keys. • PKI supports the use of public key cryptography. • Typical PKI solution protects the transmission and reception of secure information by integrating: – Certificate authority (CA) – Registration authority (RA) – Certificate directories – Management protocols – Policies and procedures 59 Digital Certificates • Electronic document containing key value and identifying information about entity that controls key • Digital signature attached to certificate’s container file to certify file is from entity it claims to be from • Different client-server applications use different types of digital certificates to accomplish their assigned functions • Distinguished name (DN): uniquely identifies a certificate entity 60 Hybrid Cryptography Systems • Except with digital certificates, pure asymmetric key encryption not widely used • Asymmetric encryption more often used with symmetric key encryption, creating hybrid system • Diffie-Hellman Key Exchange method: – Most common hybrid system – Provided foundation for subsequent developments in public-key encryption 61 Example of Hybrid Encryption 62