Information System Security introduction
Post on 20-Jan-2015
3782 Views
Preview:
DESCRIPTION
Transcript
UCCN 1213Information Security: An Introduction
October 2011
Definition
Information security is a “well-informed sense of assurance that the information risks and controls are in balance.” — Jim Anderson, Inovant (2002)
Does not guarantee the safety of an organization, information, or computer systems Involves in examining threats and vulnerabilities of an
organization and managing them appropriately Take appropriate preventative steps to guard information
and capabilities against these threats Security professionals must review the origins of this
field to understand its impact on our understanding of information security today
History
Computer security began immediately after the first mainframes were developed Groups developing code-breaking computations
during World War II created the first modern computers
Multiple levels of security were implemented Physical controls to limit access to sensitive
military locations to authorized personnel Rudimentary in defending against physical
theft, espionage, and sabotage
1960s to 1980s
1960s – US Department of Defense’s Advanced Research Project Agency (ARPA) began to examine feasibility of redundant networked communications
Larry Roberts, who known as the founder of internet, developed ARPANET from its inception
Early 1970s – ARPANET grew in popularity as did its potential for misuse
Late 1970s – microprocessor expanded computing capabilities and security threats
1960s to 1980s
Information security began with “Rand Report R-609: Security Control for Computer Systems” (paper that started the study of computer security)
Scope of computer security grew from physical security to include: Safety of data Limiting unauthorized access to data Involvement of personnel from multiple levels of an
organization At this stage, the concept of computer security
evolved into the more sophisticated system we call information security
Key Dates for Seminal Works in Early Computer Security
2000 to Present
The Internet brings millions of computer networks into communication with each other—many of them unsecured
Ability to secure a computer’s data influenced by the security of every computer to which it is connected
Growing threat of cyber attacks has increased the need for improved security
What is Security
“The quality or state of being secure—to be free from danger”
A successful organization should have multiple layers of security in place: Physical security - To protect the physical items, objects, or
areas of an organization from unauthorized access and misuse.
Personal security - To protect the individual or group of individuals who are authorized to access the organization and its operations.
Operations security - To protect the details of a particular operation or series of activities.
What is Security
Layers of security continued: Communications security - To protect an organization’s
communications media, technology, and content. Network security - To protect networking components,
connections, and contents. Information security- To protect the confidentiality, integrity
and availability of information assets, whether in storage, processing or transmission. It is achieved via the application of policy, education, training and awareness, and technology.
Components of Information Security
What is Security
The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information
Necessary tools: policy, awareness, training, education, technology
C.I.A. triangle Was standard based on confidentiality, integrity
and availability Now expanded into list of critical characteristics of
information
12
Integrity
Confidentiality Availability
Security Goal
Critical Characteristics of Information The value of information comes from the characteristics it
possesses: Availability – Enables users who need to access information to
do so without interference or obstruction and in the required format. The information is said to be available to an authorized user when and where needed and in the correct format.
Accuracy – Free from mistake or error and having the value that the end user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.
Authenticity –The quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.
Critical Characteristics of Information Characteristics continued:
Confidentiality – The quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
Integrity – The quality or state of being accurate, complete, and authorised. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
Utility – The quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful.
Possession – The quality or state of having ownership or control of some object or item. Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
CNSS Security Model
The McCumber Cube
Cryptography
Can protect confidentiality and integrity, but not availability
Confidentiality - Hide the secret data from unauthorised personnel
Integrity – Make sure the data is not tampered during transmission
Availability – cannot be control by cryptosystem, e.g. unplug network cable
16
Cryptographic Concepts Encryption: a means to allow two parties,
customarily called Alice and Bob, to establish confidential communication over an insecure channel that is subject to eavesdropping.
17
Alice Bob
Eve
Encryption and Decryption
The message M is called the plaintext. Alice will convert plaintext M to an encrypted
form using an encryption algorithm E that outputs a ciphertext C for M.
18
encryptencrypt decryptdecrypt
ciphertext
plaintext
sharedsecret
key
sharedsecret
key
Communicationchannel
Sender Recipient
Attacker(eavesdropping)
plaintext
Encryption and Decryption
As equations:
C = E(M)
M = D(C) The encryption and decryption algorithms are
chosen so that it is infeasible for someone other than Alice and Bob to determine plaintext M from ciphertext C. Thus, ciphertext C can be transmitted over an insecure channel that can be eavesdropped by an adversary.
19
Caesar Cipher Replace each letter with the one “three over” in the alphabet. Can be represented by using modular arithmathic:
En(x) = (x + n) mod 26 Dn(x) = (x – n) mod 26
20Public domain image from http://commons.wikimedia.org/wiki/File:Caesar3.svg
Symmetric Cryptosystems
Alice and Bob share a secret key, which is used for both encryption and decryption.
21
encryptencrypt decryptdecrypt
ciphertext
plaintext
sharedsecret
key
sharedsecret
key
CommunicationchannelSender Recipient
Attacker(eavesdropping)
plaintext
Symmetric Key Distribution
Requires each pair of communicating parties to share a (separate) secret key.
22
n n12 keys
sharedsecret
sharedsecret
sharedsecret
sharedsecret
sharedsecret
sharedsecret
Public-Key Cryptography
23
Public-Key Cryptography
Separate keys are used for encryption and decryption.
24
encryptencrypt decryptdecrypt
ciphertext
plaintext
publickey
privatekey
Communicationchannel
Sender Recipient
Attacker(eavesdropping)
plaintext plaintext
Public Key Distribution
Only one key is needed for each recipient
25
n key pairs
private
private private
private
public public
public public
Digital Signatures
26
Cryptographic Hash Functions A checksum on a message, M, that is: One-way: it should be easy to compute
Y=H(M), but hard to find M given only Y Collision-resistant: it should be hard to find
two messages, M and N, such that H(M)=H(N).
Examples: SHA-1, SHA-256, MD5.
27
Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a
secret key. Given a message M, Alice computes H(K||M) and sends M and
this hash to Bob.
28
(attack detected)=?
MAChh
sharedsecret
key
Communicationchannel
Sender RecipientAttacker(modifying)
MAC
6B343396B34339 4C668094C66809 4C668094C66809
message M’
hh
sharedsecret
key
87F902487F9024
receivedMAC
computedMAC
message M
Digital Certificates
certificate authority (CA) digitally signs a binding between an identity and the public key for that identity.
29
Access Control Models
Users and groups Authentication Passwords File protection Access control lists
Which users can read/write which files?
Are my files really safe? What does it mean to
be root? What do we really want
to control?
30
Access Control Matrices
A table that defines permissions. Each row of this table is associated with a subject, which
is a user, group, or system that can perform actions. Each column of the table is associated with an object,
which is a file, directory, document, device, resource, or any other entity for which we want to define access rights.
Each cell of the table is then filled with the access rights for the associated combination of subject and object.
Access rights can include actions such as reading, writing, copying, executing, deleting, and annotating.
An empty cell means that no access rights are granted.
31
Example Access Control Matrix
32
Access Control Lists It defines, for each object, o, a list, L, called o’s
access control list, which enumerates all the subjects that have access rights for o and, for each such subject, s, gives the access rights that s has for object o.
33
/etc/passwd /usr/bin/ /u/roberto/ /admin/
root: r,w,xbackup: r,x
root: r,w,xroberto: r,w,xbackup: r,x
root: r,w,xmike: r,xroberto: r,xbackup: r,x
root: r,wmike: rroberto: rbackup: r
Capabilities
Takes a subject-centered approach to access control. It defines, for each subject s, the list of the objects for which s has nonempty access control rights, together with the specific rights for each such object.
34
/etc/passwd: r,w,x; /usr/bin: r,w,x; /u/roberto: r,w,x; /admin/: r,w,xroot
/usr/passwd: r; /usr/bin: r;/u/roberto: r,w,xroberto
/usr/passwd: r; /usr/bin: r,xmike
backup/etc/passwd: r,x; /usr/bin: r,x; /u/roberto: r,x; /admin/: r,x
Role-based Access Control
Define roles and then specify access control rights for these roles, rather than for subjects directly.
35Department
MemberDepartment
Member
Administrative Personnel
Administrative Personnel
AccountantAccountant SecretarySecretary
Administrative Manager
Administrative Manager
FacultyFaculty
Lab Technician
Lab Technician
Lab Manager
Lab Manager
StudentStudent
Undergraduate Student
Undergraduate Student
Graduate Student
Graduate Student
Department Chair
Department Chair
Technical PersonnelTechnical Personnel
Backup Agent
Backup Agent
System Administrator
System Administrator
Undergraduate TA
Undergraduate TA
Graduate TA
Graduate TA
Passwords
A short sequence of characters used as a means to authenticate someone via a secret that they know.
Userid: _________________ Password: ______________
36
How a password is stored?
Password fileUser
Butch:ASDSA 21QW3R50E ERWWER323 … …
hash function
Dog124
38
Strong Passwords• What is a strong password
– UPPER/lower case characters– Special characters– Numbers
• When is a password strong?– Seattle1– M1ke03– P@$$w0rd– TD2k5secV
Password Complexity• A fixed 6 symbols password:
– Numbers 106 = 1,000,000
– UPPER or lower case characters 266 = 308,915,776
– UPPER and lower case characters 526 = 19,770,609,664
– 32 special characters (&, %, $, £, “, |, ^, §, etc.)326 = 1,073,741,824
• 94 practical symbols available– 946 = 689,869,781,056
• ASCII standard 7 bit 27 =128 symbols– 1286 = 4,398,046,511,104
39
40
Password Length• 26 UPPER/lower case characters = 52 characters• 10 numbers• 32 special characters • => 94 characters available • 5 characters: 945 = 7,339,040,224• 6 characters: 946 = 689,869,781,056• 7 characters: 947 = 64,847,759,419,264• 8 characters: 948 = 6,095,689,385,410,816• 9 characters: 949 = 572,994,802,228,616,704
41
Password Validity: Brute Force Test• Password does not change for 60 days• how many passwords should I try for each
second?– 5 characters: 1,415 PW /sec– 6 characters: 133,076 PW /sec– 7 characters: 12,509,214 PW /sec– 8 characters: 1,175,866,008 PW /sec– 9 characters: 110,531,404,750 PW /sec
Secure Passwords• A strong password includes characters from at
least three of the following groups:
• Use pass phrases eg. "I re@lly want to buy 11 Dogs!"
42
Social Engineering
Pretexting: creating a story that convinces an administrator or operator into revealing secret information.
Baiting: offering a kind of “gift” to get a user or agent to perform an insecure action.
Quid pro quo (from the Latin meaning "what for what"): offering an action or service and then expecting something in return.
43
Direct Attacks on Computational Devices
44
Environmental Attacks Electricity. Computing equipment requires
electricity to function; hence, it is vital that such equipment has a steady uninterrupted power supply.
Temperature. Computer chips have a natural operating temperature and exceeding that temperature significantly can severely damage them.
Limited conductance. Because computing equipment is electronic, it relies on there being limited conductance in its environment. If random parts of a computer are connected electronically, then that equipment could be damaged by a short circuit (e.g., in a flood).
45
Eavesdropping Eavesdropping is the process of secretly listening in on another
person’s conversation. Protection of sensitive information must go beyond computer
security and extend to the environment in which this information is entered and read.
Simple eavesdropping techniques include Using social engineering to allow the attacker to read information
over the victim’s shoulder Installing small cameras to capture the information as it is being
read Using binoculars to view a victim’s monitor through an open
window. These direct observation techniques are commonly referred to
as shoulder surfing.46
Wiretapping Many communication networks employ
the use of inexpensive coaxial copper cables, where information is transmitted via electrical impulses that travel through the cables.
Relatively inexpensive means exist that measure these impulses and can reconstruct the data being transferred through a tapped cable, allowing an attacker to eavesdrop on network traffic.
These wiretapping attacks are passive, in that there is no alteration of the signal being transferred, making them extremely difficult to detect.
47
Signal Emanations
Computer screens emit radio frequencies that can be used to detect what is being displayed.
Visible light reflections can also be used to reconstruct a display from its reflection on a wall, coffee mug, or eyeglasses.
Both of these require the attacker to have a receiver close enough to detect the signal.
48
Acoustic Emissions
49
Dmitri Asonov and Rakesh Agrawal published a paper in 2004 detailing how an attacker could use an audio recording of a user typing on a keyboard to reconstruct what was typed.
microphone to capture keystrokesounds
sound recordingdevice
Each keystroke has minute differences in the sound it produces, and certain keys are known to be pressed more often than others.
After training an advanced neural network to recognize individual keys, their software recognized an average 79% of all keystrokes.
Hardware Keyloggers A keylogger is any means of recording a victim’s keystrokes,
typically used to eavesdrop passwords or other sensitive information.
Hardware keyloggers are typically small connectors that are installed between a keyboard and a computer.
For example, a USB keylogger is a device containing male and female USB connectors, which allow it to be placed between a USB port on a computer and a USB cable coming from a keyboard.
50
USB Keylogger
TEMPEST
TEMPEST is a U.S. government code word for a set of standards for limiting information-carrying electromagnetic emanations from computing equipment.
TEMPEST establishes three zones or levels of protection:1. An attacker has almost direct contact with the equipment, such
as in an adjacent room or within a meter of the device in the same room.
2. An attacker can get no closer than 20 meters to the equipment or is blocked by a building to have an equivalent amount of attenuation.
3. An attacker can get no closer than 100 meters to the equipment or is blocked by a building to have an equivalent amount of attenuation.
51
Emanation Blockage
To block visible light emanations, we can enclose sensitive equipment in a windowless room.
To block acoustic emanations, we can enclose sensitive equipment in a room lined with sound-dampening materials.
To block electromagnetic emanations in the electrical cords and cables, we can make sure every such cord and cable is well grounded and insulated.
52
Faraday Cages To block electromagnetic
emanations in the air, we can surround sensitive equipment with metallic conductive shielding or a mesh of such material, where the holes in the mesh are smaller than the wavelengths of the electromagnetic radiation we wish to block.
Such an enclosure is known as a Faraday cage.
53
Computer Forensics
Computer forensics is the practice of obtaining information contained on an electronic medium, such as computer systems, hard drives, and optical disks, usually for gathering evidence to be used in legal proceedings.
Unfortunately, many of the advanced techniques used by forensic investigators for legal proceedings can also be employed by attackers to uncover sensitive information.
54
Computer Forensics
Forensic analysis typically involves the physical inspection of the components of a computer, sometimes at the microscopic level, but it can also involve electronic inspection of a computer’s parts as well.
55
ATMs
An automatic teller machine (ATM) is any device that allows customers of financial institutions to complete withdrawal and deposit transactions without human assistance.
Typically, customers insert a magnetic stripe credit or debit card, enter a PIN, and then deposit or withdraw cash from their account.
The ATM has an internal cryptographic processor that encrypts the entered PIN and compares it to an encrypted PIN stored on the card (only for older systems that are not connected to a network) or in a remote database.
56ATM
ATMs
To ensure the confidentiality of customer transactions, each ATM has a cryptographic processor that encrypts all incoming and outgoing information, starting the moment a customer enters their PIN.
The current industry standard for ATM transactions is the Triple DES (3DES) cryptosystem, a legacy symmetric cryptosystem with up to 112 bits of security.
The 3DES secret keys installed on an ATM are either loaded on-site by technicians or downloaded remotely from the ATM vendor.
57ATM
3DES Encryption
Bank
Attacks on ATMs Lebanese loop: A perpetrator inserts this sleeve into the card
slot of an ATM. When a customer attempts to make a transaction and inserts their credit card, it sits in the sleeve, out of sight from the customer, who thinks that the machine has malfunctioned. After the customer leaves, the perpetrator can then remove the sleeve with the victim’s card.
Skimmer: a device that reads and stores magnetic stripe information when a card is swiped. An attacker can install a skimmer over the card slot of an ATM and store customers’ credit information without their knowledge. Later, this information can be retrieved and used to make duplicates of the original cards.
Fake ATMs: capture both credit/debit cards and PINs at the same time.
58
Authentication Technologies
59
Authentication The determination of identity, usually based on a
combination of something the person has (like a smart card or a radio key
fob storing secret keys), something the person knows (like a password), something the person is (like a human with a fingerprint).
60
Something you are
Something you know
Something you have
radio token withsecret keys
password=ucIb()w1Vmother=Jonespet=Caesarhuman with fingers
and eyes
Barcodes
Developed in the 20th century to improve efficiency in grocery checkout.
First-generation barcodes represent data as a series of variable-width, vertical lines of ink, which is essentially a one-dimensional encoding scheme.
Some more recent barcodes are rendered as two-dimensional patterns using dots, squares, or other symbols that can be read by specialized optical scanners, which translate a specific type of barcode into its encoded information.
61
Authentication via Barcodes Since 2005, the airline industry has been incorporating two-dimensional
barcodes into boarding passes, which are created at flight check-in and scanned before boarding.
In most cases, the barcode is encoded with an internal unique identifier that allows airport security to look up the corresponding passenger’s record with that airline.
Staff then verifies that the boarding pass was in fact purchased in that person’s name (using the airline’s database), and that the person can provide photo identification.
In most other applications, however, barcodes provide convenience but not security. Since barcodes are simply images, they are extremely easy to duplicate.
62Public domain image from http://commons.wikimedia.org/wiki/File:Bpass.jpg
Two-dimensional barcode
Magnetic Stripe Cards Plastic card with a magnetic stripe containing personalized
information about the card holder. The first track of a magnetic stripe card contains the
cardholder’s full name in addition to an account number, format information, and other data.
The second track may contain the account number, expiration date, information about the issuing bank, data specifying the exact format of the track, and other discretionary data.
63Public domain image by Alexander Jones from http://commons.wikimedia.org/wiki/File:CCardBack.svg
Magnetic Stripe Card Security One vulnerability of the magnetic stripe medium is that it is easy
to read and reproduce. Magnetic stripe readers can be purchased at relatively low cost,
allowing attackers to read information off cards. When coupled with a magnetic stripe writer, which is only a little
more expensive, an attacker can easily clone existing cards. So, many uses require card holders to enter a PIN to use their
cards (e.g., as in ATM and debit cards in the U.S.).
64Public domain image by Alexander Jones from http://commons.wikimedia.org/wiki/File:CCardBack.svg
Smart Cards
Smart cards incorporate an integrated circuit, optionally with an on-board microprocessor, which microprocessor features reading and writing capabilities, allowing the data on the card to be both accessed and altered.
Smart card technology can provide secure authentication mechanisms that protect the information of the owner and are extremely difficult to duplicate.
65Public domain image from http://en.wikipedia.org/wiki/File:Carte_vitale_anonyme.jpg
Circuit interface
Smart Card Authentication
They are commonly employed by large companies and organizations as a means of strong authentication using cryptography.
Smart cards may also be used as a sort of “electronic wallet,” containing funds that can be used for a variety of services, including parking fees, public transport, and other small retail transactions.
66
SIM Cards
Many mobile phones use a special smart card called a subscriber identity module card (SIM card).
A SIM card is issued by a network provider. It maintains personal and contact information for a user and allows the user to authenticate to the cellular network of the provider.
67
SIM Card Security SIM cards contain several pieces of information that are used to identify
the owner and authenticate to the appropriate cell network. Each SIM card corresponds to a record in the database of subscribers
maintained by the network provider. A SIM card features an integrated circuit card ID (ICCID), which is a unique 18-digit number used for hardware identification. Next, a SIM card contains a unique international mobile subscriber
identity (IMSI), which identifies the owner’s country, network, and personal identity.
SIM cards also contain a 128-bit secret key. This key is used for authenticating a phone to a mobile network.
As an additional security mechanism, many SIM cards require a PIN before allowing any access to information on the card.
68
GSM Challenge-Response Protocol
1. When a cellphone wishes to join a cellular network it connects to a local base station owned by the network provider and transmits its International Mobile Subscriber Identity (IMSI).
2. If the IMSI matches a subscriber’s record in the network provider’s database, the base station transmits a 128-bit random number to the cellphone.
3. This random number is then encoded by the cellphone with the subscriber’s secret key stored in the SIM card using a proprietary encryption algorithm known as A3, resulting in a ciphertext that is sent back to the base station.
4. The base station then performs the same computation, using its stored value for the subscriber’s secret key. If the two ciphertexts match, the cellphone is authenticated to the network and is allowed to make and receive calls.
69
IMSI = (this phone’s ID)
R = a 128-bit random number (the challenge)
EK(R) = the 128-bit random number encrypted using the subscriber’s secret key K
(the response)
RFIDs
Radio frequency identification, or RFID, is a rapidly emerging technology that relies on small transponders to transmit identification information via radio waves.
RFID chips feature an integrated circuit for storing information, and a coiled antenna to transmit and receive a radio signal.
70
RFID Technology
RFID tags must be used in conjunction with a separate reader or writer.
While some RFID tags require a battery, many are passive and do not.
The effective range of RFID varies from a few centimeters to several meters, but in most cases, since data is transmitted via radio waves, it is not necessary for a tag to be in the line of sight of the reader.
71
RFID Technology
This technology is being deployed in a wide variety of applications.
Many vendors are incorporating RFID for consumer-product tracking.
Car key fobs. Electronic toll transponders.
72
Passports
Modern passports of several countries, including the United States, feature an embedded RFID chip that contains information about the owner, including a digital facial photograph that allows airport officials to compare the passport’s owner to the person who is carrying the passport.
73
e-Passport symbol
RFID chip and antenna is embedded in the cover
Passport Security In order to protect the sensitive information on a passport, all
RFID communications are encrypted with a secret key. In many instances, however, this secret key is merely the
passport number, the holder’s date of birth, and the expiration date, in that order. All of this information is printed on the card, either in text or
using a barcode or other optical storage method. While this secret key is intended to be only accessible to
those with physical access to the passport, an attacker with information on the owner, including when their passport was issued, may be able to easily reconstruct this key, especially since passport numbers are typically issued sequentially.
74
Biometrics
Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits.
Generally, biometric systems incorporate some sort of sensor or scanner to read in biometric information and then compare this information to stored templates of accepted users before granting access.
75Image from http://commons.wikimedia.org/wiki/File:Fingerprint_scanner_in_Tel_Aviv.jpg used with permission under the Creative Commons Attribution 3.0 Unported license
Requirements for Biometric Identification Universality. Almost every person should
have this characteristic. Distinctiveness. Each person should have
noticeable differences in the characteristic. Permanence. The characteristic should not
change significantly over time. Collectability. The characteristic should
have the ability to be effectively determined and quantified.
76
Biometric Identification
77
Feature vector
Reference vector
Comparison algorithm
matches doesn’t match
BiometricReader
Candidates for Biometric IDs
Fingerprints Retinal/iris scans DNA “Blue-ink” signature Voice recognition Face recognition Gait recognition Let us consider how each of these scores in terms
of universality, distinctiveness, permanence, and collectability…
78
Public domain image from http://commons.wikimedia.org/wiki/File:Retinal_scan_securimetrics.jpg
Public domain image from http://commons.wikimedia.org/wiki/File:CBP_chemist_reads_a_DNA_profile.jpg
Public domain image from http://commons.wikimedia.org/wiki/File:Fingerprint_Arch.jpg
Summary
History What is security? Critical characteristics of security CNSS
security model Cryptography (Confidentiality, Integrity)
Access Control (Availability) Password Physical attack Authentication Technology
top related