SERVICES, MECHANISMS, AND ATTACKS The generic name for the collection of tools designed to protect computer data – is computer security (including access via network) Collection of tools designed to protect data during transmission between computers in the network is network (internet) security Security services should provide: confidentiality, authentication, nonrepudiation, integrity of transmitted data Security mechanisms should consider possible attacks on the security features. Three aspects of information security: Security attack: any action that compromises the security of information owned by an organization Security mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack. Many security mechanisms are based on cryptographic techniques Security service: A service that enhances the security of the data processing systems and the information transfers of organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service. They are used to implement security policy of an organization. Security services are to replicate functions normally associated with physical documents. Documents usually have: signatures, dates. They may be notarized or witnessed, may be licensed. They may need protection from disclosure, tampering, or destruction Security services are to take into account specific features of electronic documents: 1. It is usually possible to discriminate between an original paper document and a xerographic copy. However, an electronic document is merely a sequence of bits; there is no difference between the ‘original’ and any number of copies 2. An alteration to a paper document may leave some sort of physical evidence of the alteration. For example, an erasure can result in a thin spot or a roughness in the surface. Altering bits in the computer memory or in a signal leaves no physical trace 1 SERVICES, MECHANISMS, AND ATTACKS (CONT 1) 3. Any ‘proof’ process associated with a physical document typically depends on the physical characteristics of that document (e.g., the shape of a handwritten signature or an embossed notary seal). Any such proof of authenticity of an electronic document must be based on internal evidence present in the information itself. Security attacks (Request for Comments RFC 2828, Internet Security Glossary, http://www.faqs.org/rfcs/rfc2828.html ) Threat – a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. That is, threat is a possible danger that might exploit vulnerability Attack – an assault on system security that derives from an intelligent threat; that is, an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. Examples of attacks 1. Gain unauthorized access to information (violate secrecy or privacy) 2. Impersonate another user either to shift responsibility or else to use the other’s license for the purpose of a. originating fraudulent information b. modifying legitimate information c. using fraudulent identity to get unauthorized access d. fraudulently authorizing transactions or endorsing them 3. Disavow responsibility or liability for information the cheater did originate 4. Claim to have received from some other user information that the cheater created (i.e. fraudulent attribution of responsibility) 5. Claim to have sent to a receiver (at a specified time) information that was not sent (or was sent at a different time) 6. Either disavow receipt of information that was in fact received, or claim a false time of receipt 7. Enlarge cheater’s legitimate license (for access, origination, distribution, etc.) 8. Modify (without authority to do so) the license of others (fraudulently enroll others, restrict or enlarge existing licenses, etc.) 2 SERVICES, MECHANISMS, AND ATTACKS (CONT 2) 9. Conceal the presence of some information (a covert communication) in other information (the overt communication) 10. Insert self into a communication link between other users as an active (undetected) relay point 11. Learn who accesses which information (sources, files, etc.) and when the accesses are made even if the information itself remains concealed (e.g., a generalization of a traffic analysis from communication channels to data bases, software, etc.) 12. Impeach an information integrity protocol by revealing information the cheater is supposed to (by the terms of the protocol) keep secret 13. Pervert the function of software, typically by adding a covert function 14. Undermine confidence in a protocol by causing apparent failures in the system 15. Prevent communication among other users, in particular, surreptitious interference to cause authentic communication to be rejected as unauthentic THE OSI SECURITY ARCHITECTURE OSI – Open Systems Interconnection TCP – Transmission Control Protocol – establishes connection between peers IP – Internet Protocol – specifies format of transmitted packets, datagrams, lower level than TCP, does not establish connections Let’s consider ITU-T Recommendation X.800 http://www.itu.int/ITUT/studygroups/com10/languages/X.683_0699_Amend1.pdf ITU-T – International Telecommunication Unit (ITU) Telecommunication Standardization Sector – United Nations-sponsored agency Security Services X.800 defines a security service as a service provided by a protocol layer of communicating open systems, which ensures adequate security of the systems or of data transfers. X.800 divides these services into 5 categories and 14 specific services 3 THE OSI SECURITY ARCHITECTURE (CONT 1) 1. Authentication The assurance that the communicating entity is the one that it claims to be 1.1. Peer entity authentication Used in association with a logical connection to provide confidence in the identity of the entities connected 1.2. Data-origin authentication In a connectionless transfer, provides assurance that the source of the received data is as claimed 2. Access Control 2.1. The prevention of unauthorized use of a resource (i.e., this service controls who can have access to resource, under what conditions access can occur, and what those accessing the resource are allowed to do). 3. Data Confidentiality The protection of data from unauthorized disclosure 3.1. Connection confidentiality The protection of all user data on a connection 3.2. Connectionless confidentiality The protection of all user data in a single data block 3.3. Selective-field confidentiality The confidentiality of selected fields within the user data on a connection or in a single data block 3.4. Traffic-flow confidentiality The protection of information that might be derived from observation of traffic flows 4. Data Integrity The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay) 4.1. Connection integrity with recovery Provides for the integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted 4.2. Connection integrity without recovery As above, but provides only detection without recovery 4 4.3. Selective-field connection integrity Provides for the integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted, or replayed 4.4. Connectionless integrity Provides for the integrity of a single connectionless data block 4.5. Selective-field connectionless integrity Provides for the integrity of selected fields within a single connectionless data block 5. Nonrepudiation Provides protection against denial by one of the entities involved in the communication of having participated in all or part of the communication 5.1. Norepudiation, origin Proof that the message was sent by the specified party 5.2. Nonrepudiation, destination Proof that the message was received by the specified party Also, there may be considered Availability service which protects the system to ensure its availability Securuty Mechanisms X.800 defines the following mechanisms 1. Specific security mechanisms May be incorporated into the appropriate protocol layer in order to provide some of OSI security services 1.1. Encipherment The use of mathematical algorithms to transform data into a form that is not readily intelligible. The transformation and subsequent recovery of the data depend on an algorithm and zero or more encryption keys 1.2. Digital signature Data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery 1.3. Access control A variety of mechanisms that enforce access rights to resources 1.4. Data integrity A variety of mechanisms used to assure the integrity of a data unit or stream of data units 5 THE OSI SECURITY ARCHITECTURE (CONT 2) 1.5. Authentication exchange A mechanism intended to ensure the identity of an entity by means of information exchange 1.6. Traffic padding The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts 1.7. Routing control Enables selection of a particular physically secure routes for certain data and allows routing changes, especially when a breach of security is suspected 1.8. Notarization The use of the third trusted party to assure certain properties of a data exchange 2. Pervasive security mechanisms Mechanisms, not specific to any particular OSI security service or protocol layer 2.1. Trusted functionality That which is perceived to be correct with respect to some criteria (e.g., as established by security policy) 2.2. Security label The marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource 2.3. Event detection Detection of security relevant events 2.4. Security audit trail Data collected and potentially used to facilitate a security audit, which is independent review and examination of system records and activities 2.5. Security recovery Deals with requests from mechanisms, such as event handling and management functions, and takes recovery actions Usage of mechanisms in services: 6 THE OSI SECURITY ARCHITECTURE (CONT 3) Security Attacks X.800 and RFC 2828 distinguish passive and active attacks 1. Passive attacks Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions 1.1. Release of message contents – encryption is usually used to counter attack 1.2. Traffic analysis – if contents is closed but the opponent could determine the location and identity of communicating hosts and could observe the frequency and length of messages being exchanged, he may guess the nature of the communication that was taking place Passive attacks are very difficult to detect because they do not involve any alteration of data. However, it is feasible to prevent the success of these attacks, usually by means of encryption. 2. Active attacks They involve some modification of the data stream or the creation of a false data stream and can be subdivided into 4 categories 2.1. A Masquerade takes place when one entity pretends to be a different entity 2.2. Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect 2.3. Modification of messages simply means that some portion of a legitimate message is altered 2.4. The Denial of service prevents or inhibits the normal use or management of communication facilities 7 A MODEL FOR NETWORK SECURITY Virus – malicious code which runs inside infected programs, worm – independent malicious program. 8 OUTLINE OF THE COURSE 1. Provides a survey of symmetric encryption, including Data Encryption Standard (DES) and Advanced Encryption Standard (AES) 2. Provides a survey of public-key algorithms, including RSA (Rivest-Shamir-Adelman), digital signatures and key exchange 3. Examines the use of cryptographic algorithms and security protocols to provide security over networks and Internet 4. Deals with security facilities designed to protect a computer system from security threats, including intruders, viruses, and worms; firewalls are considered. 9