Data

advertisement
Data Security and Cryptology, II
Common Ways to Secure
Digital Data.
Security Threats, Classification
September 9th, 2015
Valdo Praust
mois@mois.ee
Lecture Course in Estonian IT College
Autumn 2015
What We Protect: Information
Information (informatsioon, teave) – a knowledge
concerning any objects, such as facts, events,
things, processes or ideas, which have a special
meaning in certain contexts
The concept “information” is heavily related to the
more general concept – knowledge. It assumes that
there is a fact whis is known (an object), and the
person who knows the fact (the subject)
Information itself does not have the practical
shape. The practical shape of information will
occure when we also consider the practical
representation of information (and then it is
called - data)
What We Protect: Data
Data (andmed) – reinterpretable
formalized representation of an
information in such a form which is
suitable for transfer, processing and/or
interpretation
Data are always the presentation of information,
usually in a pre-agreed form (which allows to transfer
the information beared by the data from one subject
to another)
The same data can be interpreted differently by the
different subjects having a different background (for
example, “hallitus” in Estonian and in Finnish)
Data Format
Data format (andmevorming, vorming) —
a desciption how different type of
information – text, picture, voice, video
etc – is coded into the queue of 0’s and
1’s
A pre-agreed (standardised) data format gives to
data (to data file) a concrete and unique meaning.
If we have data but do not have the data format
desciption, then we do not have the information,
carried by the data
From Data Format to Meaning
Different data formats are supported by a
different application software which usually
allow to write the file in certain format, or to
made the content of data (information) humanperceptable etc.
A typical end-user usually don’t know anything about
different data formats and interpretation. He/she
usually associates the certain format only to the
certain software which is able to interpretate these
format(s).
End user usually receives only an human-perceptable
form, prepared by the software, so-calles WYSIWYG
(What You See Is What You Get, in Estonian
adekvaatkuva)
Necessity of Data Security
If we possess (or process) the data then the
information carried by the data has always value for
us (for our business process). It does not depend
either the infomation is represented by the digital nor
by the paper-based data
Information security (infoturve) or data security
(andmeturve) is a discipline concerning the
maintaining these values/properties of information
(performed in practice by the maintaining the
properties of data)
Components of Information
Security
Infortmation security (infoturve) or data security
(andmeturve) is a complex concept consisting
of following three properties (goals):
• information availability (käideldavus)
• information integrity (terviklus)
• information confidentiality (konfidentsiaalsus)
These three properties – called branches or
goals of secrity – must be maintained for all
information/data items we possess
About Different Concepts
The following four concepts:
• information security (infoturve)
• information protection (infokaitse)
• data security (andmeturve)
• data protection (andmekaitse)
are widely taken synonyms
It’s mainly a question about traditions and
culture where we use which concept. For
example in Europe the concept data protection is
often used in a context of protection of personal
data (isikuandmete kaitse)
Data Availability
Data availabilty (andmete
käideldavus) is a timely and
convenient access and usage of
information carried by the data for
all authorized persons and other
entities
Availability is the most important component of
data security – the worst thing which must be
happened is that data are no more available for the
subjects which need them during business
process (maybe destroyed forever)
Data Integrity
Data integrity (andmete terviklus) is a
ensuring that data are originated
(information was stored into the data)
by a certain source and haven’t been
altered (both by an accident or by a
deliberate act or by the fake)
Integrity are the second important
security branch (by the availability)
In the business process we usually
assume that the data are firmly related to
the creator/source of the data, creation
time etc
Data Confidentiality
Data confidentiality (andmete
konfidentsiaalsus ehk salastatus
ehk salastus) is the availability of
the information, carried by the
data, only by the authorized
subjects (and strict nonavailability for other subjects)
In a pre-comuter world it was the
only brach of data (information)
security
Security of Data vs IT Assets
Security of data (security of information beared
by the data) is ensured by the securing the (IT)
assets surrounding the data
IT assets include:
• IT equipment (hardware, communication devices, power
supplies etc)
• data communication channels
• software (both system and application software)
but it also must include:
• organization (its structure and operation)
• personnel
• data carriers (incl. documents)
• infrastructure (buildings, offices etc)
Standard Model of Security Harming
1. Threats (ohud) influence the data (via IT assets)
2. Threats use the vulnerabilities (nõrkused,
turvaaugud) of IT assets or components of IT system
3. Threats with co-influence the vulnerabilites will
determine the risk or security risk (risk, turvarisk)
4. When a certain risk realises, there will appear a
security loss or security breach or security incident
(turvakadu, turvarike, turvaintsident)
5. In order to minimize the risks there’s necessary to
minimise vulnerabilities using safeguards of security
measures (turvameetmeid)
Main Properties of Digital Data (from
the security point of view)
1. A great but indirect value of a data
(information): it’s very hard to measure it
2. Portativity: data which can be stored by the
very small and easily movable carriers can
possess a huge value for our business
process
3. Possibility of avoiding the physical contact:
the physical and virtual structures are usually
very different
4. Disclosure of security losses especially for
integrity and confidentiality losses
Relations Between Main Concepts
Security and Residual Risk
NB! It does not matter how many safeguards we
implement, we never achieve the absolute security. If
we implement more safeguards we only minimise the
probability that security (availability, integrity of
confidentiality) will be harmed but it will never fall into
zero
Instead of absolute security usually the concept
acceptable residual risk by the business process
((äriprotsessi jaoks) aktsepteeritav jääkrisk) is used
An acceptable residual risk is a situation
where the total price of all implemented
safeguards is approximately equal to the
forecasted total loss of security
(measured by the amount of money)
Economical View of Data Security
Paper-Based Data Security
Availability is ensured by an appropriate preservation of data
(conditions!) and by using suitable handling procedures (from
people to people, record management rules)
Integrity is ensured by the physical shape of a document data must be transferred to the paper sheet by the permanent
method, document is equipped with handwritten signature of
the creator
Confidentiality is ensured by the storing and transporting of
document in a secure way
The common ways to achieve the availability,
integrity and confidentiality (i.e. security) of digital
data are very different from the above-presented.
The most differece lies on usability of cryptograhy
(which bases on mathemathics) as an essential tool
Peculiarities of Securing Digital Data
• Cryptography is a very essential tool for achieving
both confidentiality and integrity. The metods for
archiving confidentiality and integrity are completly
different from the methods used in the paper
document practice
• The essential part is an authentication (in a front of
computer or information system) – ensuring for a
technical device/entity, who is using it (which is
usually followed by granting appropriate right for
executing, reading, writing etc. access)
• Availability is often ensured by the network
(Intrenet). Several distributed client-server systems
are very wide-spread
The Role of Cryptography
Encryption or enciphering (krüpteerimine,
šifreerimine) is a technique where data are
converted to the certain non-readable form.
The converting process usually uses a
special amount of data which are usually
kept secret – a key (võti)
This basic technique can be used:
• For ensuring the confidentiality – without the key it’s
impossible to decipher the data, i.e. to get the
information beared by the (encrypted) data
• For ensuring the integrity – without a special private
key it’s impossible to change the data without the
notice. It allows to associate the data with the certaing
subjects (it also a basic principle of digital signature)
Availability of Digital Data
Main methods:
• regular backuping
• appropriatly working IT systems
• an appropriate digital record
management system
(digidokumendihaldus)
• transmitting of data via data
networks (Internet)
Integrity of Digital Data
Three main possibilities:
• To use a client-server technique and such a IT
system able to logging who has
created/changed different data. Mass-used,
but has a very harmable security
• To tie the data carrier and data stored to it
permanently together. It excludes all networkbased application (and a good e-world)
• To use digital signature (digisignatuur,
digiallkiri) in order to associate the digital data
and their’ creator cryptographically
(mathematically). It is a most secure way and
an only way to use in enhanced-security
(enhanced-integrity) systems
Confidentiality of Digital Data
Two different approches (used mixedly in
practice):
• To store/transport the (uncrypted) data
securely
• To encrypt the data and to handle the enrypted
data as usual (public) data. Encrypting always
adds an additional problem – a key
management (võtmehaldus) problem
If the confidential information are transferred via
the common network (network which wires aren’t
physically secured) then the encryption must be
always mandatory
What Are Security Threats?
A threat (oht) is an
external potential
violation of (information)
security
A threat might be:
• potentian violation of availability
• potentian violation of integrity
• potentian violation of confidentiality
A threat is always considered as an external
influence, i.e. caused by the subjects and/or
properties not involved in our information
system (our IT assets)
Classification of Threats
(Security) threats can be classified:
1. By the harmable goal (availability,
integrity, confidentiality)
2. By the source (by the which subject
the potential harm is caused)
3. By the type of IT asset being harmed
4. By the importance of (potential)
damage (how big it wil be)
Usually, the two first classifications
are used in practice
Threats Classification
by the Source
1. Spontaneous or accidential threats
(stiihilised ohud):
• environmental threats (keskkonnaohud)
• technical failures and defects (tehnilised
ohud ja defektid)
• human threats and failures (inimohud)
2. Deliberate acts or attacks (ründed) which
are characterized by a clear intentional
(human) activity (selge tahtlik
(inim)tegevus)
Spontaneous or Accidential Threats
Spontaneous (accidential) threats (stiihilised
ohud) can be caused by:
•
the force majeure (vääramatu (looduslik)
jõud), which can be both occasional
(lightning, flooding) or regular (wearing,
material fatigue, contamination etc)
•
human failures (inimvead) which can
caused by inadequate skills, negligence,
mis-management, environmental factors
etc
Peculiarities of Spontaneous
Threats
Threats with the most serious
consequences are usually several
management and decision-making
errors at all lifecycles (in the former
cycles the results are usually stronger)
Practice (the available threat statistics) shows
that the impact of the accidential (spontaneous)
threats to IT assets is usually greater than an
impact of several attacks. Unfortunately, this fact
is often non-acknowledged
Environmental Threats
•
•
•
•
lightning
fire
flooding
inappropriate temperature
and humidity
• dust and contamination
• electromagnetic
perturbations
• mis- or non-operability of
external infrastructures
Technical Failures
and Defects
• accident in IT infrastructure
• hardware defects and failures
• failures and disturbances of
connection lines (network(s))
• defects and failures of data
carriers
• defects and failures of security
means (devices)
Human Threats and Failures
Loss of staff (inimkaod):
• illness
• death
• strike
Occasional events (juhuslikud äpardused):
• mistakes during work operations
• erasing and/or destroying of data/device
by an accident
• false line connections
Attacks
Attacks or deliberate acts (ründed) are
always based on humans who make a
certain intended or deliberate action
(sihilik tegevus) to harm the security
goals (lead by a personal interest,
private or state intelligence, hooliganism
etc)
Attacks are usually
classified by the attack
sources, attacking methods
and attackable objects
Sources of Attack
1. Authorized users of IT systems
Available stastics show that they are the most
important source. Main motives:
• providing illegal (financial) profit
• revenge of hired/harried people
• political / ideological
2. Intelligence (economical, state-based, military
etc) agents
3. Crackers, often also mis-called hackers
(kräkkerid, häkkerid) an increasing factor
4. Other (in Estonia mainly criminal element)
Attack Channels
1. Instant contact with an
attackable object (IT
component/device, personal,
infrastrcture etc)
2. Networks (mass-used for all
client-server systems). The
most common attacking way
(channel)
3. Portable data carriers (memory
sticks etc) – were historically
important but during last years
are again very actual
Attacks Classification by Methods
•
•
•
•
•
•
•
•
physical attacks
mis-use of resources
blocking of resources
interception (eavesdropping)
fabrication
system manipulation
attacks to security mechanisms
attacking software or malware
(ründe(tark)vara, pahavara,
kahjurvara)
Physical Attacks
Physical attacks (füüsilised ründed) harm
mainly the availability and integrity
Important branches:
• physical attack to
infrastructure (wires, antennas,
power supplies etc)
• vandalism
• unauthorized entering to
house/rooms/territory
• theft
• manipulation or destruction of
IT equipment or devices
Mis-use of Resources
Mis-use of resources (ressursside
väärkasutus) may harm all goals of security availability, integrity and confidentiality
More important examples:
• unauthorized use of IT system
• mis-use of user rights
• mis-use of system administration rights
• theft of telephone (or similar) service
Resourse misuse threat is extremly great
during the conversion, maitenance, repairing
and/or upgrading tasks performed by the
external parties
Blocking of Resources
Blocking of resources (ressursside
blokeerimine) harms mainly the availability
In most of cases it means the blocking (denial) of
services (teenusetõkestusrünne), for example:
• overloading of network (branches)
• mass-execution of tasks
• filling of all disk space (quota)
Tme most common and known branch of it is
a distributed denial of service (DDOS) attack
(hajus ummistusrünne)
Interception (Eavesdropping)
Interception (infopüük), often also called to
eavesdropping, is an attack to confidentiality
by any unauthorized subject
Main branches:
• voice interception in rooms (hidden
microphone, computer microphone, malusing of smartphone etc)
• interception of telephone calls (both by
interception of wires and modification of
used devices)
• unauthorized reading or copying of stored
data
Interception (Eavesdropping)
Main branches (continue) :
• reading of residual information
(jääkteave) from printer, copy machine
etc
• eavesdropping of wires (with the
analyzing the eavesdropped information
with special equipment/software)
• unauthorized copying on data (carriers)
during the transport, maitenance work
etc)
• inappropriate deleting of data or
destructing of data carriers with the
subsequent unauthorized reading
Fabrication (Faking)
Fabrication (võltsing), sometimes called also
faking is the entering of faked items into
system. Harms mainly integrity
Examples:
• playback of earlier recording messages (sõnumite
taasesitus) - passwords, bank transactions etc
• masquerade attack (teesklusrünne) - equipping of
messages with false requisites (name, user name
password, money amount etc)
• social engineering (suhtlemisosavus), “presenting of
own people” by mail, phone, physically etc
• denial (salgamine) of getting or sending the message
System Manipulation
Manipulation (manipuleerimine) is the
unauthorized changing of IT system. Harms
mainly integrity, but also other goals
Examples:
• manipulation of data or software (false data,
unauthorized changing of access rights or
functionality etc)
• manipulation of lines
• manipulation of data during transfer (via
vulnerabilites)
• attack via service ports (when they are insufficiently
secured)
Attacks to Security Mechanisms
… can harm all three goals of security.
Harming level of depends of a concrete
mechanism or/and architecture
•
•
•
•
Main attacking objects are often
authentication systems and cryptosystems,
for example:
systematic guessing of passwords (via
password scanner etc)
theft of passwords via keylogger
interception of of PIN-code
practical cryptranalysis of crytpoalghoritm or
-protocol
Attack Software
… can be divided into three main
branches:
• legal products with its
documented features
• malware (pahavara, kurivara) Trojans, viruses etc
• special programs for attacking the
different security mechanisms
(safeguards)
Classical Types of Malware
• logical bomb (loogikapomm)
• Trojan Horse or Trojan (trooja
hobune)
• worm (uss)
• virus (viirus)
• dropper (pipett): a programm
which install virus or Trojan
During last years the spread of different malware is
heavily increased. It’s always very important to keep
the anti-malware software and all application software
up-to-date (last virus definitions, updates etc)
Download