Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.

Security & Privacy

Learning ObjectivesLearning Objectives

Explain the importance of varying the access allowed to database elements at different times and for different categories of user.

Discuss the problem of maintaining confidentiality of data on an open network and how to address this problem.

Explain the need for encryption, authorisation and authentication techniques.

Example of the need for restricting Example of the need for restricting access 1access 1

In a banking system, accounts must be In a banking system, accounts must be updated with the day's transactions. updated with the day's transactions. While this is taking place users must not be While this is taking place users must not be

able to access the database. able to access the database. Thus, at certain times of the day, users will not be Thus, at certain times of the day, users will not be able to use a cash point.able to use a cash point.

One solution is to only use the database for querying One solution is to only use the database for querying prices and to create a transaction file of sales which can prices and to create a transaction file of sales which can be used later to update the database.be used later to update the database.

Example of the need for restricting Example of the need for restricting access 2access 2

While a database system is checking While a database system is checking stock for re-ordering purposes, the POS stock for re-ordering purposes, the POS terminals will not be able to use the terminals will not be able to use the database as each sale would change the database as each sale would change the stock levels. stock levels. One solution is to only use the database for One solution is to only use the database for

querying prices and to create a transaction file querying prices and to create a transaction file of sales which can be used later to update the of sales which can be used later to update the database. database.

Example of the need for restricted Example of the need for restricted views of the databaseviews of the database

A large hospital has a large network of A large hospital has a large network of computers. computers.

There are terminals in reception, on the There are terminals in reception, on the wards and in consulting rooms.wards and in consulting rooms.

Example of the need for restricted Example of the need for restricted views of the databaseviews of the database

Receptionists’ access rights:Receptionists’ access rights: Check the patient's name and address when Check the patient's name and address when

a patient registersa patient registers

but notbut not the drugs to be administered nor to the the drugs to be administered nor to the

patient's medical history. patient's medical history.

Example of the need for restricted Example of the need for restricted views of the databaseviews of the database

Nurses’ access rights:Nurses’ access rights: Same data as the receptionists Same data as the receptionists andand access to access to

the information about the drugs to be given, the information about the drugs to be given, so they can administer themso they can administer them

but notbut not patients' medical histories. patients' medical histories.

Example of the need for restricted Example of the need for restricted views of the databaseviews of the database

Consultants:Consultants: Need to access all the data.Need to access all the data.

Usernames & PasswordsUsernames & Passwords

To give levels of security:To give levels of security:

All three categories of user of the All three categories of user of the database, receptionist, nurse and database, receptionist, nurse and consultant, must only be allowed to see consultant, must only be allowed to see the data that is needed by them to do their the data that is needed by them to do their job.job.

Other example restrictionsOther example restrictions

Consultants have the right to see all the Consultants have the right to see all the data that is in the database but if the data that is in the database but if the terminal is in a public place then patients terminal is in a public place then patients and receptionists can see the screen.and receptionists can see the screen.

Solution:Solution: Restrict access in public locations irrespective Restrict access in public locations irrespective

of username and password.of username and password.

Hardware method of preventing Hardware method of preventing accessaccess

All terminals have a unique address on All terminals have a unique address on their network cards. their network cards.

DBMS holds these addresses and their DBMS holds these addresses and their locations and restricts access to data locations and restricts access to data accordingly.accordingly.

Physical Physical Methods of Restricting Methods of Restricting AccessAccess

Physical precautions like locking doors / Physical precautions like locking doors / keyboards.keyboards.Physical identifiers (fingerprints, iris Physical identifiers (fingerprints, iris recognition, biometrics, etc…).recognition, biometrics, etc…).

EncryptionEncryption

Provides data security by scrambling Provides data security by scrambling (encrypting)(encrypting) data to make it unintelligible to data to make it unintelligible to anyone who intercepts it.anyone who intercepts it. This involves applying a mathematical function This involves applying a mathematical function

(cipher) to the data, using a (cipher) to the data, using a keykey value. value.

N.B. N.B. The data could be anything including messages e.g. The data could be anything including messages e.g. emails etc..emails etc..Decrypt = to unscramble encrypted data in order to Decrypt = to unscramble encrypted data in order to make it intelligible.make it intelligible.

Public and Private Keys Public and Private Keys

Each user Each user has a public / private key pair usually created by a has a public / private key pair usually created by a CCertification ertification AAuthority (uthority (CACA).).The private key is kept secret, while the public key may be widely The private key is kept secret, while the public key may be widely distributed. distributed. The keys are related mathematically, but the private key cannot be The keys are related mathematically, but the private key cannot be practically derived from the public key. practically derived from the public key.

The pair is based on prime numbers – see the link below for more The pair is based on prime numbers – see the link below for more information:information:

http://computer.howstuffworks.com/encryption5.htm

Data encrypted with the public key can be decrypted only with the Data encrypted with the public key can be decrypted only with the corresponding private key.corresponding private key.A sender sends data / messages encrypted with the recipient’s A sender sends data / messages encrypted with the recipient’s public key.public key.The recipient decrypts the message with their corresponding private The recipient decrypts the message with their corresponding private key.key.

The recipient is the only one with this corresponding private key so is The recipient is the only one with this corresponding private key so is the only one who can decrypt it.the only one who can decrypt it.

Analogy for public-key encryptionAnalogy for public-key encryption

A locked mailbox with a mail slot. A locked mailbox with a mail slot. The mail slot is exposed and accessible to the The mail slot is exposed and accessible to the public; its location (the street address) is in public; its location (the street address) is in essence the public key. essence the public key. Anyone knowing the street address can go to Anyone knowing the street address can go to the door and drop a written message through the door and drop a written message through the slot.the slot.However, only the person who possesses the However, only the person who possesses the key can open the mailbox and read the key can open the mailbox and read the message. message.

Sender RecipientMessage encrypted with RPUK.RPUK

RPRK

SPUK

SPRK

Key:SPRK = Sender’s Private KeySPUK = Sender’s Public KeyRPRK = Recipient’s Private KeyRPUK = Recipients Public Key

Message decrypted with RPRK.

I am sure that I am the only one who can read this message but how can I be sure who sent this

message as anyone can encrypt a message for me using my RPUK?

I am sure that only the intended recipient can read the message as the intended recipient is

the only one with the corresponding private key so is the only one who can decrypt it.

Certification Authority

Gives out Public & Private Key Paired Keys on request.

Digital signatureDigital signature

A digital code sent with the data that uniquely A digital code sent with the data that uniquely identifies the sender and authenticates the data.identifies the sender and authenticates the data. This digital code is a mathematical summary of the This digital code is a mathematical summary of the

data which is encrypted with sender’s private key and data which is encrypted with sender’s private key and sent with the data.sent with the data.

The recipient will decrypt this digital code with the sender’s The recipient will decrypt this digital code with the sender’s public key.public key.

This verifies the sender as he is the only one with the This verifies the sender as he is the only one with the corresponding private key.corresponding private key.

The recipient also recalculates the digital code of the data The recipient also recalculates the digital code of the data received and if this is different to the digital code received from received and if this is different to the digital code received from the sender then the data has been tampered with (as it is a the sender then the data has been tampered with (as it is a mathematical summary of all the data).mathematical summary of all the data).

Also helps combat repudiation, i.e. denial of involvement in a Also helps combat repudiation, i.e. denial of involvement in a transaction. Since the owner keeps their private key secret, transaction. Since the owner keeps their private key secret, anything signed using that key can only have been signed by anything signed using that key can only have been signed by the owner. the owner.

An analogy for digital signaturesAn analogy for digital signatures

The sealing of an envelope with a The sealing of an envelope with a personal wax seal or stamp which no one personal wax seal or stamp which no one else has.else has.

The message can be opened by anyone, The message can be opened by anyone, but the presence of the seal or stamp but the presence of the seal or stamp authenticates the sender.authenticates the sender.

Sender RecipientMessage encrypted with RPUK.RPUK

RPRK

SPUK

SPRK

Key:SPRK = Sender’s Private KeySPUK = Sender’s Public KeyRPRK = Recipient’s Private KeyRPUK = Recipients Public Key

Message decrypted with RPRK.

I am sure that I am the only one who can read this message and that 1 unique sender sent it but how

can I be sure this person is who they say they are (credentials e.g. qualifications, etc…)?

I am sure that only the intended recipient can read the message as the intended recipient is

the only one with the corresponding private key so is the only one who can decrypt it.

Certification Authority

Gives out Public & Private Key Paired Keys on request.

Digital Signature encrypted with SPRK.

Digital Signature decrypted with SPUK.

Verification of credentialsVerification of credentials

However, a private/public key pair and a digital However, a private/public key pair and a digital signature do not verify the credentials of the signature do not verify the credentials of the sender only that the sender is the one with the sender only that the sender is the one with the corresponding private key.corresponding private key. i.e. A unique individual sent the message but are they i.e. A unique individual sent the message but are they

who they say they are?who they say they are?

Digital Certificates attempt to do this (next slide).Digital Certificates attempt to do this (next slide).

Digital certificatesDigital certificates

An electronic document which incorporates a An electronic document which incorporates a digital signature from the digital signature from the CACA (encrypted using the (encrypted using the CACA’s private key so proves the ’s private key so proves the CACA made it) made it) to bind to bind together a public key with identity information together a public key with identity information such as the name of a person or an such as the name of a person or an organization, their address, and so forth.organization, their address, and so forth.Given to you when you apply for a private / Given to you when you apply for a private / public key pair from a public key pair from a CACA but only if you prove to but only if you prove to them and they can prove for themselves that them and they can prove for themselves that you are who you say you are.you are who you say you are.Verifies that the sender is who they say they are Verifies that the sender is who they say they are iif you can verify the f you can verify the CACA's signature 's signature (by decrypting (by decrypting the certificate using their public key)the certificate using their public key) and trust the and trust the CACA..

Sender RecipientMessage encrypted with RPUK.RPUK

RPRK

SPUK

SPRK

Key:SPRK = Sender’s Private Key CAPRK = Certification Authority’s Private Key SPUK = Sender’s Public Key CAPUK = Certification Authority’s Public Key RPRK = Recipient’s Private KeyRPUK = Recipients Public Key

Message decrypted with RPRK.

Certification AuthorityInvestigate applicants before giving out a Digital Certificate and

Public & Private Key Paired Keys.

Digital Signature encrypted with SPRK.

Digital Signature decrypted with SPUK.

Digital C

ertifica

te

encrypted w

ith C

APRK.

CAPRK CAPUK

Digital Certificate encrypted by CA with CAPRK.

Digital Certificate decrypted with CAPUK.

I am sure that I am the only one who can read this message, that 1 unique sender sent it and of their

credentials, as long as I trust the Certification Authority.I am sure that only the intended recipient can

read the message as the intended recipient is the only one with the corresponding private key

so is the only one who can decrypt it.

Visit the following websites for Visit the following websites for more informationmore information

http://en.wikipedia.org/wiki/Public_key_cryptography

www.itsecurity.com

www.verisign.com

PlenaryPlenary

Using, as an example, the database of Using, as an example, the database of student records in a school,student records in a school,

Explain why different users should be given Explain why different users should be given different access rights.different access rights.

Describe how these access rights can be Describe how these access rights can be implemented. implemented.

PlenaryPlenary

Different users require different information.Different users require different information.Information is sensitive/confidential and should only be Information is sensitive/confidential and should only be available to those who need it.available to those who need it.Secretary may need contact information.Secretary may need contact information.College nurse may need medical information.College nurse may need medical information.Subject tutors may need academic information.Subject tutors may need academic information.Personal tutor needs social information.Personal tutor needs social information.Principal can see all (but medical information)Principal can see all (but medical information)Students allowed RO access to their own record.Students allowed RO access to their own record.Technician allowed to alter structure but not to see Technician allowed to alter structure but not to see data.data.

PlenaryPlenary

Passwords arranged as hierarchy to verify Passwords arranged as hierarchy to verify user ID.user ID.

User ID identifies areas available to user.User ID identifies areas available to user.

Particular machines allow different access.Particular machines allow different access.

Physical precautions like locking doors / Physical precautions like locking doors / keyboards.keyboards.

Encryption of information.Encryption of information.

Physical identifiers (fingerprints, iris Physical identifiers (fingerprints, iris recognition).recognition).

PlenaryPlenary

State the meanings of the terms:State the meanings of the terms: encryption,   encryption,    message authentication message authentication

and explain how they are used to maintain and explain how they are used to maintain confidentiality of messages.confidentiality of messages.

PlenaryPlenary

EncryptionEncryption Makes messages unintelligibleMakes messages unintelligible Provides security for data by making it Provides security for data by making it

impossible to understandimpossible to understand Key used to encrypt data and another to Key used to encrypt data and another to

decrypt itdecrypt it Use of public and private keysUse of public and private keys

PlenaryPlenary

Message Authentication Message Authentication Method of ensuring that message is from the Method of ensuring that message is from the

person it claims to be fromperson it claims to be from Use of digital signature created using private Use of digital signature created using private

key which can only be done by owner of keykey which can only be done by owner of key Digital certificate from authority to Digital certificate from authority to

authenticate author of message.authenticate author of message.