SERVICES, MECHANISMS, AND ATTACKS
The generic name for the collection of tools designed to protect
computer data – is computer security (including access via network)
Collection of tools designed to protect data during transmission
between computers in the network is network (internet) security
Security services should provide: confidentiality, authentication,
nonrepudiation, integrity of transmitted data
Security mechanisms should consider possible attacks on the security
features.
Three aspects of information security:
Security attack: any action that compromises the security of
information owned by an organization
Security mechanism: A mechanism that is designed to detect,
prevent, or recover from a security attack. Many security mechanisms are
based on cryptographic techniques
Security service: A service that enhances the security of the data
processing systems and the information transfers of organization. The
services are intended to counter security attacks, and they make use of one
or more security mechanisms to provide the service. They are used to
implement security policy of an organization. Security services are to
replicate functions normally associated with physical documents.
Documents usually have: signatures, dates. They may be notarized or
witnessed, may be licensed. They may need protection from disclosure,
tampering, or destruction
Security services are to take into account specific features of
electronic documents:
1.
It is usually possible to discriminate between an original
paper document and a xerographic copy. However, an electronic
document is merely a sequence of bits; there is no difference between
the ‘original’ and any number of copies
2.
An alteration to a paper document may leave some sort
of physical evidence of the alteration. For example, an erasure can
result in a thin spot or a roughness in the surface. Altering bits in the
computer memory or in a signal leaves no physical trace
1
SERVICES, MECHANISMS, AND ATTACKS
(CONT 1)
3.
Any ‘proof’ process associated with a physical document
typically depends on the physical characteristics of that document
(e.g., the shape of a handwritten signature or an embossed notary
seal). Any such proof of authenticity of an electronic document must
be based on internal evidence present in the information itself.
Security attacks (Request for Comments RFC 2828, Internet Security
Glossary, http://www.faqs.org/rfcs/rfc2828.html )
Threat – a potential for violation of security which exists when there
is a circumstance, capability, action, or event that could breach security and
cause harm. That is, threat is a possible danger that might exploit
vulnerability
Attack – an assault on system security that derives from an intelligent
threat; that is, an intelligent act that is a deliberate attempt (especially in the
sense of a method or technique) to evade security services and violate the
security policy of a system.
Examples of attacks
1.
Gain unauthorized access to information (violate secrecy
or privacy)
2.
Impersonate another user either to shift responsibility or
else to use the other’s license for the purpose of
a.
originating fraudulent information
b.
modifying legitimate information
c.
using fraudulent identity to get unauthorized access
d.
fraudulently authorizing transactions or endorsing them
3.
Disavow responsibility or liability for information the
cheater did originate
4.
Claim to have received from some other user information
that the cheater created (i.e. fraudulent attribution of responsibility)
5.
Claim to have sent to a receiver (at a specified time)
information that was not sent (or was sent at a different time)
6.
Either disavow receipt of information that was in fact
received, or claim a false time of receipt
7.
Enlarge cheater’s legitimate license (for access,
origination, distribution, etc.)
8.
Modify (without authority to do so) the license of others
(fraudulently enroll others, restrict or enlarge existing licenses, etc.)
2
SERVICES, MECHANISMS, AND ATTACKS
(CONT 2)
9.
Conceal the presence of some information (a covert
communication) in other information (the overt communication)
10. Insert self into a communication link between other users
as an active (undetected) relay point
11. Learn who accesses which information (sources, files,
etc.) and when the accesses are made even if the information itself
remains concealed (e.g., a generalization of a traffic analysis from
communication channels to data bases, software, etc.)
12. Impeach an information integrity protocol by revealing
information the cheater is supposed to (by the terms of the protocol)
keep secret
13. Pervert the function of software, typically by adding a
covert function
14. Undermine confidence in a protocol by causing apparent
failures in the system
15. Prevent communication among other users, in particular,
surreptitious interference to cause authentic communication to be
rejected as unauthentic
THE OSI SECURITY ARCHITECTURE
OSI – Open Systems Interconnection
TCP – Transmission Control Protocol – establishes connection
between peers
IP – Internet Protocol – specifies format of transmitted packets,
datagrams, lower level than TCP, does not establish connections
Let’s
consider
ITU-T
Recommendation
X.800
http://www.itu.int/ITUT/studygroups/com10/languages/X.683_0699_Amend1.pdf
ITU-T – International Telecommunication Unit (ITU)
Telecommunication Standardization Sector – United Nations-sponsored
agency
Security Services
X.800 defines a security service as a service provided by a protocol
layer of communicating open systems, which ensures adequate security
of the systems or of data transfers. X.800 divides these services into 5
categories and 14 specific services
3
THE OSI SECURITY ARCHITECTURE
(CONT 1)
1. Authentication
The assurance that the communicating entity is the one that it claims to
be
1.1. Peer entity authentication
Used in association with a logical connection to provide confidence in
the identity of the entities connected
1.2. Data-origin authentication
In a connectionless transfer, provides assurance that the source of the
received data is as claimed
2. Access Control
2.1. The prevention of unauthorized use of a resource (i.e., this
service controls who can have access to resource, under what conditions
access can occur, and what those accessing the resource are allowed to
do).
3. Data Confidentiality
The protection of data from unauthorized disclosure
3.1. Connection confidentiality
The protection of all user data on a connection
3.2. Connectionless confidentiality
The protection of all user data in a single data block
3.3. Selective-field confidentiality
The confidentiality of selected fields within the user data on a connection
or in a single data block
3.4. Traffic-flow confidentiality
The protection of information that might be derived from observation of
traffic flows
4. Data Integrity
The assurance that data received are exactly as sent by an authorized
entity (i.e., contain no modification, insertion, deletion, or replay)
4.1. Connection integrity with recovery
Provides for the integrity of all user data on a connection and detects any
modification, insertion, deletion, or replay of any data within an entire
data sequence, with recovery attempted
4.2. Connection integrity without recovery
As above, but provides only detection without recovery
4
4.3. Selective-field connection integrity
Provides for the integrity of selected fields within the user data of a data
block transferred over a connection and takes the form of determination
of whether the selected fields have been modified, inserted, deleted, or
replayed
4.4. Connectionless integrity
Provides for the integrity of a single connectionless data block
4.5. Selective-field connectionless integrity
Provides for the integrity of selected fields within a single connectionless
data block
5. Nonrepudiation
Provides protection against denial by one of the entities involved in the
communication of having participated in all or part of the communication
5.1. Norepudiation, origin
Proof that the message was sent by the specified party
5.2. Nonrepudiation, destination
Proof that the message was received by the specified party
Also, there may be considered Availability service which protects the
system to ensure its availability
Securuty Mechanisms
X.800 defines the following mechanisms
1. Specific security mechanisms
May be incorporated into the appropriate protocol layer in order to
provide some of OSI security services
1.1. Encipherment
The use of mathematical algorithms to transform data into a form that
is not readily intelligible. The transformation and subsequent recovery of the
data depend on an algorithm and zero or more encryption keys
1.2. Digital signature
Data appended to, or a cryptographic transformation of, a data unit
that allows a recipient of the data unit to prove the source and integrity of the
data unit and protect against forgery
1.3. Access control
A variety of mechanisms that enforce access rights to resources
1.4. Data integrity
A variety of mechanisms used to assure the integrity of a data unit or
stream of data units
5
THE OSI SECURITY ARCHITECTURE
(CONT 2)
1.5. Authentication exchange
A mechanism intended to ensure the identity of an entity by means of
information exchange
1.6. Traffic padding
The insertion of bits into gaps in a data stream to frustrate traffic
analysis attempts
1.7. Routing control
Enables selection of a particular physically secure routes for certain
data and allows routing changes, especially when a breach of security is
suspected
1.8. Notarization
The use of the third trusted party to assure certain properties of a data
exchange
2. Pervasive security mechanisms
Mechanisms, not specific to any particular OSI security service or
protocol layer
2.1. Trusted functionality
That which is perceived to be correct with respect to some criteria
(e.g., as established by security policy)
2.2. Security label
The marking bound to a resource (which may be a data unit) that
names or designates the security attributes of that resource
2.3. Event detection
Detection of security relevant events
2.4. Security audit trail
Data collected and potentially used to facilitate a security audit, which
is independent review and examination of system records and activities
2.5. Security recovery
Deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions
Usage of mechanisms in services:
6
THE OSI SECURITY ARCHITECTURE
(CONT 3)
Security Attacks
X.800 and RFC 2828 distinguish passive and active attacks
1. Passive attacks
Passive attacks are in the nature of eavesdropping on, or monitoring
of, transmissions
1.1. Release of message contents – encryption is usually used to
counter attack
1.2. Traffic analysis – if contents is closed but the opponent
could determine the location and identity of communicating hosts and
could observe the frequency and length of messages being exchanged, he
may guess the nature of the communication that was taking place
Passive attacks are very difficult to detect because they do not involve
any alteration of data. However, it is feasible to prevent the success of these
attacks, usually by means of encryption.
2. Active attacks
They involve some modification of the data stream or the creation of a
false data stream and can be subdivided into 4 categories
2.1. A Masquerade takes place when one entity pretends to be a
different entity
2.2. Replay involves the passive capture of a data unit and its
subsequent retransmission to produce an unauthorized effect
2.3. Modification of messages simply means that some portion
of a legitimate message is altered
2.4. The Denial of service prevents or inhibits the normal use or
management of communication facilities
7
A MODEL FOR NETWORK SECURITY
Virus – malicious code which runs inside infected programs, worm –
independent malicious program.
8
OUTLINE OF THE COURSE
1. Provides a survey of symmetric encryption, including Data
Encryption Standard (DES) and Advanced Encryption Standard (AES)
2. Provides a survey of public-key algorithms, including RSA
(Rivest-Shamir-Adelman), digital signatures and key exchange
3. Examines the use of cryptographic algorithms and security
protocols to provide security over networks and Internet
4. Deals with security facilities designed to protect a computer
system from security threats, including intruders, viruses, and worms;
firewalls are considered.
9