Data Security and Cryptology, II Common Ways to Secure Digital Data. Security Threats, Classification September 9th, 2015 Valdo Praust mois@mois.ee Lecture Course in Estonian IT College Autumn 2015 What We Protect: Information Information (informatsioon, teave) – a knowledge concerning any objects, such as facts, events, things, processes or ideas, which have a special meaning in certain contexts The concept “information” is heavily related to the more general concept – knowledge. It assumes that there is a fact whis is known (an object), and the person who knows the fact (the subject) Information itself does not have the practical shape. The practical shape of information will occure when we also consider the practical representation of information (and then it is called - data) What We Protect: Data Data (andmed) – reinterpretable formalized representation of an information in such a form which is suitable for transfer, processing and/or interpretation Data are always the presentation of information, usually in a pre-agreed form (which allows to transfer the information beared by the data from one subject to another) The same data can be interpreted differently by the different subjects having a different background (for example, “hallitus” in Estonian and in Finnish) Data Format Data format (andmevorming, vorming) — a desciption how different type of information – text, picture, voice, video etc – is coded into the queue of 0’s and 1’s A pre-agreed (standardised) data format gives to data (to data file) a concrete and unique meaning. If we have data but do not have the data format desciption, then we do not have the information, carried by the data From Data Format to Meaning Different data formats are supported by a different application software which usually allow to write the file in certain format, or to made the content of data (information) humanperceptable etc. A typical end-user usually don’t know anything about different data formats and interpretation. He/she usually associates the certain format only to the certain software which is able to interpretate these format(s). End user usually receives only an human-perceptable form, prepared by the software, so-calles WYSIWYG (What You See Is What You Get, in Estonian adekvaatkuva) Necessity of Data Security If we possess (or process) the data then the information carried by the data has always value for us (for our business process). It does not depend either the infomation is represented by the digital nor by the paper-based data Information security (infoturve) or data security (andmeturve) is a discipline concerning the maintaining these values/properties of information (performed in practice by the maintaining the properties of data) Components of Information Security Infortmation security (infoturve) or data security (andmeturve) is a complex concept consisting of following three properties (goals): • information availability (käideldavus) • information integrity (terviklus) • information confidentiality (konfidentsiaalsus) These three properties – called branches or goals of secrity – must be maintained for all information/data items we possess About Different Concepts The following four concepts: • information security (infoturve) • information protection (infokaitse) • data security (andmeturve) • data protection (andmekaitse) are widely taken synonyms It’s mainly a question about traditions and culture where we use which concept. For example in Europe the concept data protection is often used in a context of protection of personal data (isikuandmete kaitse) Data Availability Data availabilty (andmete käideldavus) is a timely and convenient access and usage of information carried by the data for all authorized persons and other entities Availability is the most important component of data security – the worst thing which must be happened is that data are no more available for the subjects which need them during business process (maybe destroyed forever) Data Integrity Data integrity (andmete terviklus) is a ensuring that data are originated (information was stored into the data) by a certain source and haven’t been altered (both by an accident or by a deliberate act or by the fake) Integrity are the second important security branch (by the availability) In the business process we usually assume that the data are firmly related to the creator/source of the data, creation time etc Data Confidentiality Data confidentiality (andmete konfidentsiaalsus ehk salastatus ehk salastus) is the availability of the information, carried by the data, only by the authorized subjects (and strict nonavailability for other subjects) In a pre-comuter world it was the only brach of data (information) security Security of Data vs IT Assets Security of data (security of information beared by the data) is ensured by the securing the (IT) assets surrounding the data IT assets include: • IT equipment (hardware, communication devices, power supplies etc) • data communication channels • software (both system and application software) but it also must include: • organization (its structure and operation) • personnel • data carriers (incl. documents) • infrastructure (buildings, offices etc) Standard Model of Security Harming 1. Threats (ohud) influence the data (via IT assets) 2. Threats use the vulnerabilities (nõrkused, turvaaugud) of IT assets or components of IT system 3. Threats with co-influence the vulnerabilites will determine the risk or security risk (risk, turvarisk) 4. When a certain risk realises, there will appear a security loss or security breach or security incident (turvakadu, turvarike, turvaintsident) 5. In order to minimize the risks there’s necessary to minimise vulnerabilities using safeguards of security measures (turvameetmeid) Main Properties of Digital Data (from the security point of view) 1. A great but indirect value of a data (information): it’s very hard to measure it 2. Portativity: data which can be stored by the very small and easily movable carriers can possess a huge value for our business process 3. Possibility of avoiding the physical contact: the physical and virtual structures are usually very different 4. Disclosure of security losses especially for integrity and confidentiality losses Relations Between Main Concepts Security and Residual Risk NB! It does not matter how many safeguards we implement, we never achieve the absolute security. If we implement more safeguards we only minimise the probability that security (availability, integrity of confidentiality) will be harmed but it will never fall into zero Instead of absolute security usually the concept acceptable residual risk by the business process ((äriprotsessi jaoks) aktsepteeritav jääkrisk) is used An acceptable residual risk is a situation where the total price of all implemented safeguards is approximately equal to the forecasted total loss of security (measured by the amount of money) Economical View of Data Security Paper-Based Data Security Availability is ensured by an appropriate preservation of data (conditions!) and by using suitable handling procedures (from people to people, record management rules) Integrity is ensured by the physical shape of a document data must be transferred to the paper sheet by the permanent method, document is equipped with handwritten signature of the creator Confidentiality is ensured by the storing and transporting of document in a secure way The common ways to achieve the availability, integrity and confidentiality (i.e. security) of digital data are very different from the above-presented. The most differece lies on usability of cryptograhy (which bases on mathemathics) as an essential tool Peculiarities of Securing Digital Data • Cryptography is a very essential tool for achieving both confidentiality and integrity. The metods for archiving confidentiality and integrity are completly different from the methods used in the paper document practice • The essential part is an authentication (in a front of computer or information system) – ensuring for a technical device/entity, who is using it (which is usually followed by granting appropriate right for executing, reading, writing etc. access) • Availability is often ensured by the network (Intrenet). Several distributed client-server systems are very wide-spread The Role of Cryptography Encryption or enciphering (krüpteerimine, šifreerimine) is a technique where data are converted to the certain non-readable form. The converting process usually uses a special amount of data which are usually kept secret – a key (võti) This basic technique can be used: • For ensuring the confidentiality – without the key it’s impossible to decipher the data, i.e. to get the information beared by the (encrypted) data • For ensuring the integrity – without a special private key it’s impossible to change the data without the notice. It allows to associate the data with the certaing subjects (it also a basic principle of digital signature) Availability of Digital Data Main methods: • regular backuping • appropriatly working IT systems • an appropriate digital record management system (digidokumendihaldus) • transmitting of data via data networks (Internet) Integrity of Digital Data Three main possibilities: • To use a client-server technique and such a IT system able to logging who has created/changed different data. Mass-used, but has a very harmable security • To tie the data carrier and data stored to it permanently together. It excludes all networkbased application (and a good e-world) • To use digital signature (digisignatuur, digiallkiri) in order to associate the digital data and their’ creator cryptographically (mathematically). It is a most secure way and an only way to use in enhanced-security (enhanced-integrity) systems Confidentiality of Digital Data Two different approches (used mixedly in practice): • To store/transport the (uncrypted) data securely • To encrypt the data and to handle the enrypted data as usual (public) data. Encrypting always adds an additional problem – a key management (võtmehaldus) problem If the confidential information are transferred via the common network (network which wires aren’t physically secured) then the encryption must be always mandatory What Are Security Threats? A threat (oht) is an external potential violation of (information) security A threat might be: • potentian violation of availability • potentian violation of integrity • potentian violation of confidentiality A threat is always considered as an external influence, i.e. caused by the subjects and/or properties not involved in our information system (our IT assets) Classification of Threats (Security) threats can be classified: 1. By the harmable goal (availability, integrity, confidentiality) 2. By the source (by the which subject the potential harm is caused) 3. By the type of IT asset being harmed 4. By the importance of (potential) damage (how big it wil be) Usually, the two first classifications are used in practice Threats Classification by the Source 1. Spontaneous or accidential threats (stiihilised ohud): • environmental threats (keskkonnaohud) • technical failures and defects (tehnilised ohud ja defektid) • human threats and failures (inimohud) 2. Deliberate acts or attacks (ründed) which are characterized by a clear intentional (human) activity (selge tahtlik (inim)tegevus) Spontaneous or Accidential Threats Spontaneous (accidential) threats (stiihilised ohud) can be caused by: • the force majeure (vääramatu (looduslik) jõud), which can be both occasional (lightning, flooding) or regular (wearing, material fatigue, contamination etc) • human failures (inimvead) which can caused by inadequate skills, negligence, mis-management, environmental factors etc Peculiarities of Spontaneous Threats Threats with the most serious consequences are usually several management and decision-making errors at all lifecycles (in the former cycles the results are usually stronger) Practice (the available threat statistics) shows that the impact of the accidential (spontaneous) threats to IT assets is usually greater than an impact of several attacks. Unfortunately, this fact is often non-acknowledged Environmental Threats • • • • lightning fire flooding inappropriate temperature and humidity • dust and contamination • electromagnetic perturbations • mis- or non-operability of external infrastructures Technical Failures and Defects • accident in IT infrastructure • hardware defects and failures • failures and disturbances of connection lines (network(s)) • defects and failures of data carriers • defects and failures of security means (devices) Human Threats and Failures Loss of staff (inimkaod): • illness • death • strike Occasional events (juhuslikud äpardused): • mistakes during work operations • erasing and/or destroying of data/device by an accident • false line connections Attacks Attacks or deliberate acts (ründed) are always based on humans who make a certain intended or deliberate action (sihilik tegevus) to harm the security goals (lead by a personal interest, private or state intelligence, hooliganism etc) Attacks are usually classified by the attack sources, attacking methods and attackable objects Sources of Attack 1. Authorized users of IT systems Available stastics show that they are the most important source. Main motives: • providing illegal (financial) profit • revenge of hired/harried people • political / ideological 2. Intelligence (economical, state-based, military etc) agents 3. Crackers, often also mis-called hackers (kräkkerid, häkkerid) an increasing factor 4. Other (in Estonia mainly criminal element) Attack Channels 1. Instant contact with an attackable object (IT component/device, personal, infrastrcture etc) 2. Networks (mass-used for all client-server systems). The most common attacking way (channel) 3. Portable data carriers (memory sticks etc) – were historically important but during last years are again very actual Attacks Classification by Methods • • • • • • • • physical attacks mis-use of resources blocking of resources interception (eavesdropping) fabrication system manipulation attacks to security mechanisms attacking software or malware (ründe(tark)vara, pahavara, kahjurvara) Physical Attacks Physical attacks (füüsilised ründed) harm mainly the availability and integrity Important branches: • physical attack to infrastructure (wires, antennas, power supplies etc) • vandalism • unauthorized entering to house/rooms/territory • theft • manipulation or destruction of IT equipment or devices Mis-use of Resources Mis-use of resources (ressursside väärkasutus) may harm all goals of security availability, integrity and confidentiality More important examples: • unauthorized use of IT system • mis-use of user rights • mis-use of system administration rights • theft of telephone (or similar) service Resourse misuse threat is extremly great during the conversion, maitenance, repairing and/or upgrading tasks performed by the external parties Blocking of Resources Blocking of resources (ressursside blokeerimine) harms mainly the availability In most of cases it means the blocking (denial) of services (teenusetõkestusrünne), for example: • overloading of network (branches) • mass-execution of tasks • filling of all disk space (quota) Tme most common and known branch of it is a distributed denial of service (DDOS) attack (hajus ummistusrünne) Interception (Eavesdropping) Interception (infopüük), often also called to eavesdropping, is an attack to confidentiality by any unauthorized subject Main branches: • voice interception in rooms (hidden microphone, computer microphone, malusing of smartphone etc) • interception of telephone calls (both by interception of wires and modification of used devices) • unauthorized reading or copying of stored data Interception (Eavesdropping) Main branches (continue) : • reading of residual information (jääkteave) from printer, copy machine etc • eavesdropping of wires (with the analyzing the eavesdropped information with special equipment/software) • unauthorized copying on data (carriers) during the transport, maitenance work etc) • inappropriate deleting of data or destructing of data carriers with the subsequent unauthorized reading Fabrication (Faking) Fabrication (võltsing), sometimes called also faking is the entering of faked items into system. Harms mainly integrity Examples: • playback of earlier recording messages (sõnumite taasesitus) - passwords, bank transactions etc • masquerade attack (teesklusrünne) - equipping of messages with false requisites (name, user name password, money amount etc) • social engineering (suhtlemisosavus), “presenting of own people” by mail, phone, physically etc • denial (salgamine) of getting or sending the message System Manipulation Manipulation (manipuleerimine) is the unauthorized changing of IT system. Harms mainly integrity, but also other goals Examples: • manipulation of data or software (false data, unauthorized changing of access rights or functionality etc) • manipulation of lines • manipulation of data during transfer (via vulnerabilites) • attack via service ports (when they are insufficiently secured) Attacks to Security Mechanisms … can harm all three goals of security. Harming level of depends of a concrete mechanism or/and architecture • • • • Main attacking objects are often authentication systems and cryptosystems, for example: systematic guessing of passwords (via password scanner etc) theft of passwords via keylogger interception of of PIN-code practical cryptranalysis of crytpoalghoritm or -protocol Attack Software … can be divided into three main branches: • legal products with its documented features • malware (pahavara, kurivara) Trojans, viruses etc • special programs for attacking the different security mechanisms (safeguards) Classical Types of Malware • logical bomb (loogikapomm) • Trojan Horse or Trojan (trooja hobune) • worm (uss) • virus (viirus) • dropper (pipett): a programm which install virus or Trojan During last years the spread of different malware is heavily increased. It’s always very important to keep the anti-malware software and all application software up-to-date (last virus definitions, updates etc)