Computer Security: Principles and Practice

Chapter 1 Overview

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown

Overview
Computer Security: protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).

Key Security Concepts

 Confidentiality:

preserving authorized restrictions on information access and disclosure

Data confidentiality: assures that private or confidential information is not made available or disclosed to unauthorized individuals Privacy: assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed

integrity :guarding against improper information modification

Data integrity: assures that information and programs are changed only in specified and authorized manner System integrity :assures that a system performs its intended function in an unimpaired manner , free from unauthorized manipulation of the system

Availability : assures that system work promptly and service is not denied to authorized users

 Authenticity:

verifying that users are who they say they are and that each input arriving the system came from a trusted source Accountability: system must keep records of their activities to permit later analysis to trace unauthorized activity

model for computer security:

Hardware :including computer system and other data processing , data storage and data communications devices Software : including the operating system , system utilities and applications Data : including files and databases as well as security related data such as password files Communications facilities and networks: local and wide area network links , bridges , routers

 Vulnerabilities

of system resources: corrupted :it does the wrong thing or gives wrong answers. e.g. data stored may be different from what it should be because it has been improperly modified. leaky: e.g. someone who should not have access to some or all of the information available through the network obtains such access. unavailable: or very slow. e.g. using the system / network impossible.

 threats

that are capable of exploiting those vulnerabilities, which represent a potential security harm to an asset . An attack is a threat that is carried out that lead to an undesirable violation of security We can distinguish two type of attacks: Active attack: attempts to alter system resources or affect their operation Passive attack: attempts to learn or make use of information from the system but does not affect system resources

 We

can also classify attacks based on the origin of the attack: Inside attack: Initiated by an entity inside the security perimeter (an "insider) Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system (an "outsider").

Countermeasures
means

used to deal with security attacks

prevent detect Recover

may

result in new vulnerabilities When prevention is not possible, the goal is to detect the attack, and then recover from the effects of the attack goal is to minimize risk given constraints

 Unauthorized

disclosure a circumstance or event whereby an entity gains access to data for which the entity is not authorized

Exposure : sensitive data are directly released to an unauthorized entity Interception : an unauthorized entity directly accesses sensitive data travelling between authorized sources and destinations Inference : a threat action whereby an unauthorized entity indirectly accesses sensitive data by products of communications Intrusion : an unauthorized entity gains access to sensitive data by circumventing a systems security protections

 Deception

a circumstance or event that may result in an authorized entity receiving false data and believing it to be true

Masquerade an unauthorized entity gains access to system or performs a malicious act by posing as an authorized entity Falsification-false data deceive an authorized entity Repudiation : an entity deceives by another by falsely denying responsibility for act

 Disruption

:a circumstance or event that interrupts or prevents the correct operation of system services or functions

Incapacitation: prevents or interrupts system operation by disabling a system components Corruption : undesirably alters system operation by adversely modifying system functions or data Obstruction: a threat action that interrupts delivery of system services by hindering system operations

Usurpation : a circumstance or event that results in control of system services or function by unauthorized entity

Misappropriation: an entity assumes unauthorized logical or physical control of a system resource Misuse: causes a system component to perform a function or service that is detrimental to system security

Network Security Attacks

classify as passive or active passive attacks are eavesdropping

release of message contents traffic analysis are hard to detect masquerade replay modification denial of service hard to prevent

active attacks modify/fake data

 Passive

attacks are eavesdropping on, or monitoring of, transmissions to obtain information that is being transmitted. Two types of passive attacks are:

release of message contents - opponent learns contents of sensitive transmissions traffic analysis - can occur even when contents of messages are masked, e.g using encryption, but an opponent can still observe the pattern of messages and determine location and identity of communicating hosts, frequency and length of messages being exchanged, and hence guess nature of communications.

 Passive

attacks are very difficult to detect because they do not involve any alteration of the data. Active attacks involve modification of data stream or creation of false data:

masquerade - when one entity pretends to be another. replay passive capture of data and subsequent retransmission. modification of messages a legitimate message is altered, delayed or reordered. denial of service prevents or inhibits the normal use or management of communications facilities, or the disruption of an entire network

 Active

attacks present the opposite characteristics of passive attacks. It is quite difficult to prevent active attacks absolutely.

Security Architecture
Security Architecture for OSI defines:

security attacks security mechanism - act to detect, prevent, recover from attack security service - A service that enhances the security of the data processing systems and the information transfers of an organization

 Security

mechanisms

Mechanisms are implemented in a specific Protocol layer such as tcp or application layer and that are not specific protocol layer 1.Encripherment: the use of mathematical algorithms to transform data into a form that is not readily intelligible the transformation and subsequent recovery of data depend on algorithm and zero or more encryption keys 2. digital signature: data appended to, cryptographic transformation of, a data unit to prove the source and integrity of data unit and protect against forgery

 Access

control: a variety of mechanism that enforce access right to resources Data integrity : a variety of mechanism used to assure the integrity of data unit or stream of data unit Authentication exchange: a mechanism intended to ensure identity of an entity by means of information exchange Traffic padding : the insertion of bits into gap in a data stream to frustrate traffic analysis attempts Routing control: enables selection of particular physically secure routes for

certain data and allows routing changes Notarization: the use of a trusted third party to assure certain properties of data exchange

Security services
A

service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter measure of security attacks

Authentication Data integrity Availability Data confidentiality Non repudiation

 Authentication

: the assurance that the communicating entity is one that claim to be

Peer entity authentication: two entities are considered peer if they implement the same protocol in different system. It use data transfer phase . Entity is not performing either masquerade or replay Data origin authentication : in a connectionless transfer , provides assurance that source of received data is as claimed

 Data

integrity :the assurance that data received are exactly as sent by authorized entity i.e. contains no modification, insertion, deletion , or replay

Connection integrity with recovery Connection integrity without recovery Selective field connection integrity Connectionless integrity Selective field connectionless integrity

 Connection

integrity with recovery: provides for integrity of all user data on a connection and detects any modification , insertion , replay of any data with in entire data sequence with recovery attempted Connection integrity with out recovery: as above , but provides only detection without recovery Selective-field connection integrity: provides for the integrity selected fields within the user data of a data block transferred over a connection and takes the form of determination a whether

selected fields have modified , inserted , deleted or replayed selective field connectionless integrity: provides for the integrity selected fields within connectionless the user data of a data block and takes the form of determination selected fields have modified Connectionless integrity : provides for the integrity of single connectionless data block and may take the for of detection of data modification

 Data

confidentiality: the protection of data from unauthorized disclosure

Connection confidentiality: the protection of all user data on the connection Connectionless confidentiality: the protection of all user data in a single data block Selective field confidentiality : the confidentiality of selected fields within the user data on connection or in a single data block Traffic flow confidentiality : the protection of information might be derived from observation of traffic flows

 Access

control : prevention of unauthorized use of resource. Availability : ensures that there is no denial of authorized access to network elements , stored information etc Nonrepudiation : clarify entities

Nonrepudiation origin : proof that msg send by specified party Nonrepudiation destination : proof that msg received by specified party

 Key

elements in computer security

Action : a step taken by a user or process in order to achieve result Target : computer or network physical or logical entity Event : an action directed at a target that is intended to result in change state or status Tool : exploiting computer vulnerabilities Vulnerability : a weakness in a system allowing unauthorized action Attack : a series of steps taken by attacker to achieve an unauthorized result Objectives : purpose or end goal of an incident

 Incident

: a group of attack that can be distinguished from other attack.

Computer Security Strategy

specification/policy

what is the security scheme supposed to do? how does it do it? does it really work?

implementation/mechanisms

correctness/assurance

Security policy
Security

service and mechanisms is to develop a security policy Security policy is formal statement of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical resources

 Factors

of security policy

The value of the asset being protected The vulnerabilities of the system Potential threats and the likelihood attacks

Security implementation
ideal security scheme is one which no attack is successful .eg: transmission of encrypted data , if secure encryption algorithm is used ,to prevent unauthorized access to encryption key & attack on confidentiality will prevent Detection eg : intrusion detection and denial of service
Prevention

 if security mechanisms detect an ongoing attack , the system may be able to respond in such a way as to be attack and prevent further damage Recovery eg: backup system, if integrity is compromised , a correct copy of the data can be reloaded
Response

Assurance and evaluation

Degree

of confidence both technical and operational It encompasses both system design and system implementation Does the security system design meet its requirements? Does the security system implementation meet its specification

 Evaluation

is the process of examining a computer product or system with respect to certain criteria Evaluation involves testing and may also involve analytic and mathematical technique