Confidentiality
• Confidentiality is the concealment of information or
resources.
• Prevent assets from accessing by unauthorized
parties.
– E.g. individuals, organisation, government.
• Access control mechanisms support confidentiality.
– E.g. cryptography (keys), encryption.
1
Integrity
• Integrity refers to the trustworthiness of data or
resources, and it is usually phrased in terms of
preventing improper or unauthorized change.
• Integrity includes:
– data integrity
• the content of the information
– origin integrity
• the source of the data, often called
authentication.
2
Integrity
• Integrity mechanisms fall into two classes:
– Prevention mechanisms:
• Seek to maintain the integrity of the data by blocking any
unauthorised attempts to change the data or any attempts
to change the data in unauthorised ways.
• E.g. Access control.
– Detection mechanisms:
• Do not try to prevent violations of integrity; they simply
report that the data’s integrity is no longer trustworthy.
• E.g. digital signatures.
3
Difference between Confidentiality and
Integrity?
• With confidentiality, the data is either compromised or it
is not,
• but integrity includes both the correctness and the
trustworthiness of the data.
– origin of the data (how and from whom it was
obtained),
– how well the data was protected before it arrived at
the current machine, and
– how well the data is protected on the current
machine all affect the integrity of the data.
– Thus evaluating integrity is often difficult.
4
Availability
• Availability refers to the ability to use the information
or resource desired.
– E.g. Access website? Display correctly?
• Availability is very much linked to reliability as well
as of system design because an unavailable system
is as bad as no system at all.
• Someone may deliberately deny access to data or
to a service by making it unavailable.
5
Availability
• Attempts to block availability are called, denial-ofservice (DoS) attacks.
• DoS attacks are difficult to detect because it requires
the analyst to determine if unusual patterns of
access are attributable to deliberate manipulation of
resources or of environment.
• Sometimes DoS attacks just seem to be a typical
events or in some cases they are not even a typical.
• Statistical models are important here esp. of
network traffic.
6
Authenticity and Accuracy
• Authenticity
– Assets should be unforgeable by unauthorised
parties.
– E.g. Impersonation, forgery of digital signatures.
• Accuracy
– Be free from mistakes and errors.
– Provide information as end user expects.
– E.g. $ = AUD/USD/... ?
7
What is a Threat?
• Threat is a category of objects, persons, or other
entities that presents a danger to an asset.
• The violation need not occur for there to be a threat.
• The fact that the violation MIGHT occur is a threat.
• If the action occurs then it is an attack.
• The one who causes the attack to happen is an
attacker/adversary.
8
Threats into 4 Main Categories
• Disclosure
– unauthorised access to information. (C)
• Deception
– acceptance of false data. (I.A)
• Disruption
– interruption or prevention of correct operation. (A)
• Usurpation (taking someone's power or property by force)
– unauthorised control of some part of the system. (A)
9
From the Source to the Destination
Information
Source
Information
Destination
Normal
Interruption (A)
Interception (C)
Modification (I)
Fabrication
(Auth.)
10
Examples of Threats?
• Snooping
– Unauthorised
interception of data.
• Wiretapping
– Passive vs active
• Data passing over a
network is modified.
• Modification, Alteration
• Masquerading
– Impersonation of one
entity by another.
• Delegation
– One entity passes
authority to another,
illegal permission.
• Repudiation of origin
– A false denial that an
entity sent or created
something.
• Denial of receipt
– A false denial that an
entity received some
information or message.
• Delay
– Temporary inhibition of a
service.
• Denial-of-Service
– A long-term inhibition of a
service.
What is the Goal of Security
• Prevent an attack (before it happens)
– This is the ideal solution
– This is where technology should be helping most!
• Detect the attack (when it happens)
– Know what is going on, who is causing it
– This is really where technology is helping most!
• Recover from an attack (as soon as possible)
– Stop the attack
– Assess and repair the damage caused
Components of Risk Management
Risk Management
Risk Control
Risk Assessment
Selecting Strategy
Is the documented result of the
risk identification process
Inventorying Assets
Classifying &
Prioritising Assets
Identifying & Prioritising
Threats & Vulnerabilities
Risk Assessment
Risk Identification
Justifying Controls
Implementing &
Monitoring Controls
21
Three Important Definitions
• Assets
– Anything of value that is worth securing
– Can include tangible goods (e.g. computers) as well
as intangible goods (e.g. passwords)
• Threat
– Any eventuality that represents a danger to an asset
(e.g. possibility that financial transactions will be
altered)
• Vulnerability
– A weakness in a safeguard (e.g. input validity does
not exist in an order entry Web form)
22
Creating an Inventory of Information
Assets
Table 8-1 Organizational assets used in systems
23
Source: Course Technology/Cengage Learning
Creating an Inventory of Information
Assets
• Inventory process requires a certain amount of planning
– Whether automated or manual
• Determine which attributes of each information asset
should be tracked
– Depends on the needs of the organization and its risk
management efforts
24
Risk Assessment
• Identify
vulnerabilities
between assets and
threats
• Identify and quantify
asset exposure
25
• Asset: paper document:
• threat: fire;
• vulnerability:
• document is not stored in a fire-proof cabinet (risk
related to the loss of availability of the information)
• there is no backup of the document (potential loss of
availability)
• threat: unauthorized access
• vulnerability: document is not locked in a cabinet (potential
loss of confidentiality)
26
• Asset: digital document:
• threat: disk failure;
• vulnerability: there is no backup of the document (potential
loss of availability)
• threat: virus;
• vulnerability: anti-virus program is not properly updated
(potential loss of confidentiality, integrity and availability)
• threat: unauthorized access;
• vulnerability:
• access control scheme is not properly defined (potential
loss of confidentiality, integrity and availability)
• the access was given to too many people (potential loss
of confidentiality, integrity and availability)
27
• Asset: system administrator:
• threat: unavailability of this person;
• vulnerability: there is no replacement for this position
(potential loss of availability)
• threat: frequent errors;
• vulnerability: lack of training (potential loss of integrity and
availability)
28
Likelihood
• The probability that a specific vulnerability will be the
object of a successful attack
• Assign numeric value: number between 0.1 (low) and
1.0 (high), or a number between 1 and 100
• Zero not used since vulnerabilities with zero likelihood
removed from asset/vulnerability list
• Use selected rating model consistently
• Use external references for values that have been
reviewed/adjusted for your circumstances
(Whitman and Mattord 2009)
29
Risk is
the likelihood (p) of the occurrence of a vulnerability
multiplied by
the value (a) of the information asset
Minus
the percentage (pc) of risk mitigated by current controls
Plus
the uncertainty (pu) of current knowledge of the
vulnerability
Risk  p  a  (1  pc  pu )
30
Jacobson’s Window
Consequences
Low
High
focus
Low
fraud, flood,
tsunami, lengthy
power disruption
focus
High
Occurrences
Don’t care
Usually doesn’t
minor power
disruption, minor
happen (cannot
bugs, keying errors
happen)
31
Risk Determination
• Information asset B has a value score of 100 and has two
vulnerabilities:
– Vulnerability 2 has a likelihood of 0.5 with a current control that
addresses 50 percent of its risk;
– vulnerability 3 has a likelihood of 0.1 with no current controls.
– You estimate that assumptions and data are 80 percent accurate
(i.e. 20% uncertainty)
• Impact of Vulnerability 2 = 100 x 0.5 x (1 – 0.5 + 0.2) = 35
• Impact of Vulnerability 3 = 100 x 0.1 x (1 – 0 + 0.2) = 12
Risk  a  p  (1  pc  pu )
•
•
•
•
value (a) of the information asset
likelihood (p) of vulnerability occurrence
% (pc) of risk mitigated by current controls
uncertainty (pu) of current knowledge of the
vulnerability
32
Policy, Standards, and Practices
• Policy is a plan or course of action that influences
and determines decisions.
– they are organizational laws in that they dictate
acceptable and unacceptable behavior within the
organization.
– they define what is right, what is wrong, what the
penalties are for violating policy, and what the
appear process is.
Example:
Policy: Passwords must be used
Standard: Passwords will be constructed of 6-8 alpha-numeric characters.
Procedure: To change your password, type your old password, then your new password.
Technical control: mechanisms used to regulate the operations to meet policy requirements
Policy, Standards, and Practices
• Standards are a more detailed statement of what must
be done to comply with policy practices.
• Standards may be informal or part of an organizational
culture.
• May be published, scrutinized, and ratified by a group
formally. (majority agreed)
Example:
Policy: Passwords must be used
Standard: Passwords will be constructed of 6-8 alpha-numeric characters.
Procedure: To change your password, type your old password, then your new password.
Technical control: mechanisms used to regulate the operations to meet policy requirements
Policy, Standards, and Practices
• Procedures and guidelines explain how employees
will comply with policy
• For policies to be effective, they must be:
– Properly disseminated, read, understood, and
agreed-to
Example:
Policy: Passwords must be used
Standard: Passwords will be constructed of 6-8 alpha-numeric characters.
Procedure: To change your password, type your old password, then your new password.
Technical control: mechanisms used to regulate the operations to meet policy requirements
Key Terms
Firewalls
• Prevent specific types of information from moving
between the outside world (untrusted network) and
the inside world (trusted network)
• May be separate computer system; a software
service running on existing router or server; or a
separate network containing supporting devices
37
What is a Network Firewall?
• A firewall is a system or group of systems that
enforces an access control policy between two or
more networks.
• A firewall can block traffic and/or permit traffic
through to a network.
• If you don't have a good idea of what kind of access
you want to allow or to deny, a firewall really won't
help you.
www.interhack.net/pubs/fwfaq/
38
A Typical Architecture with Firewalls
(Internal & External)
39
Firewall Protection
• Some firewalls permit only a certain type of traffic
through them.
– e.g. email
• Can be configured to protect against unauthenticated
interactive logins from the “outside'' world.
• Can provide a single point for security and auditing
40
Firewall Protection
• Provide a summary of the types and amount of traffic
passed through it,
– how many attempts there were to break in
• Firewall logs are critically important data. They can be
used as evidence in a court of law in most countries.
41
What Can’t A Firewall Protect Against
• Firewalls can't protect against attacks that don't go
through the firewall.
– This is something of concern
– A magnetic tape, compact disc, DVD, or USB flash
drives can just as effectively be used to export
data.
• Insider attackers who are allowed to do specific
operations.
42
Processing Modes of Firewalls
• Five processing modes that firewalls can be
categorized by are:
– Packet filtering
– Application gateways
– Circuit gateways
– MAC layer firewalls
– Hybrids
43
Selecting the Right Firewall
• When selecting firewall, consider a number of factors:
– What firewall offers right balance between protection and cost
for needs of organization?
– Which features are included in base price and which are not?
– Ease of setup and configuration? How accessible are staff
technicians who can configure the firewall?
– Can firewall adapt to organization’s growing network?
• Second most important issue is cost
• How do you select your home firewall?
44
Configuring and Managing Firewalls
• Each firewall device must have own set of configuration
rules regulating its actions
• Firewall policy configuration is usually complex and
difficult
• Configuring firewall policies is both an art and a science
• When security rules conflict with the performance of
business, security often loses
45
Best Practices for Firewalls
• All traffic from trusted network is allowed in
• Firewall device never directly accessed from public
network
• Simple Mail Transport Protocol (SMTP) data allowed to
pass through firewall (else can’t send email)
• Internet Control Message Protocol (ICMP) data denied
• Telnet access to internal servers should be blocked
• When Web services offered outside firewall (DMZ)
HTTP traffic should be denied from reaching internal
networks
46
Firewall Limitations
• Generally provides no data integrity (eg: doesn’t check for viruses)
• No authenticity for source of the data
• Often no confidentiality of data
• No protection against internal threats
• Only one point of entry (DoS susceptible)
• Maybe just one point of failure
• Higher levels of functionality = more complexity = possible failure
– but simpler systems have more vulnerabilities to attack
47
Categories of Cryptography
• Symmetric-key Cryptography
– Same key applied on both sender and receiver.
– Encryption, Authentication.
– E.g., DES, AES, RC4
• Public (asymmetric) key Cryptography
– Use a pair of public and private keys.
– Encryption, Authentication, Digital Signatures, etc
– E.g., RSA, DSS, ElGamal
48
Symmetric-Key Encryptions
• Plaintext can be encrypted through bit stream or block
cipher method
• Stream cipher: each plaintext bit transformed into cipher
bit one bit at a time
– RC4
• Block cipher: message divided into blocks (e.g., sets of
8- or 16-bit blocks) and each is transformed into
encrypted block of cipher bits using algorithm and key
– DES, AES
49
Substitution Cipher
• Substitute one value for another
• Monoalphabetic substitution: uses only one alphabet,
e.g., Caesar ciper.
• Polyalphabetic substitution: more advanced; uses two or
more alphabets
• Vigenère cipher: advanced cipher type that uses simple
polyalphabetic code; made up of 26 distinct cipher
alphabets
50
Transposition Cipher
• Easy to understand, but if properly used, produces
ciphertext that is difficult to decipher
• Rearranges values within a block to create ciphertext
• Can be done at the bit level or at the byte (character) level
• To make the encryption even stronger, the keys and block
sizes can be made much larger
51
Symmetric Encryption
• Uses same “secret key” to encipher and decipher
message
– Encryption methods can be extremely efficient,
requiring minimal processing
– Both sender and receiver must possess encryption
key
– If either copy of key is compromised, an intermediate
can decrypt and read messages
52
Example of Symmetric Encryption
53
Asymmetric-Key Encryption
• Also known as public-key encryption
– RSA
• Key pair
– Public key: publicly known for encryption
– Private key: only known by the owner; for decryption
– Public and private keys are mathematically related.
– Hard to find the private key from the public key.
54
Example of Asymmetric Encryption
55
Encryption Key Size
• When using ciphers, size of encryption key are very
important
• Strength of many encryption applications and
cryptosystems measured by key size
• For cryptosystems, security of encrypted data is not
dependent on keeping encrypting algorithm secret
• Cryptosystem security depends on keeping some or all
of elements of key(s) secret
56
Encryption Key Power
Note: time is different in different encryption algorithms.
57
Digital Signatures
• Digital signatures are a security primitive for demonstrating
the authenticity of a digital message.
– Sign: using the signer’s private (signing) key
– Verify: using the signer’s public key
• It mimics the function of handwritten signatures.
• Digital signatures should be unforgeable.
• Non-repudiation: the process that verifies the message was
sent by the sender and thus cannot be refuted (contested)
• Digital Signature Standard (DSS)
58
Public Key Infrastructure (PKI)
• PKI is a system which creates, stores and distributes digital
certificates of public keys.
• PKI supports the use of public key cryptography.
• Typical PKI solution protects the transmission and reception
of secure information by integrating:
– Certificate authority (CA)
– Registration authority (RA)
– Certificate directories
– Management protocols
– Policies and procedures
59
Digital Certificates
• Electronic document containing key value and identifying
information about entity that controls key
• Digital signature attached to certificate’s container file to
certify file is from entity it claims to be from
• Different client-server applications use different types of
digital certificates to accomplish their assigned functions
• Distinguished name (DN): uniquely identifies a certificate
entity
60
Hybrid Cryptography Systems
• Except with digital certificates, pure asymmetric key
encryption not widely used
• Asymmetric encryption more often used with symmetric
key encryption, creating hybrid system
• Diffie-Hellman Key Exchange method:
– Most common hybrid system
– Provided foundation for subsequent developments in
public-key encryption
61
Example of Hybrid Encryption
62