Chapter 4

Logistic Security Approaches

Logistic approaches are based on management techniques to provide the security measurements

Typical approaches: password, Key management protocols, access control, convert channel, composing security, privileges and roles, security kernel

4.1 Passwords

Is the only explicit protection used to authenticate identity for access to a computer system

most common techniques are: user generated password computer generated password tunable password

4.1.1 User Generated Password

Created by user for his own useselected passwords are normally pleasant or

enjoyable images of their mindrequire no writing down of passwords - more

safebut is quite easy to guesscan be cracked by electronic search because

high percentage are words in Dictionary

Example from Internet Attack 1988 with passwords start with ‘a’

Aaa Anything Andromache Aerobics Anvils

Airplane Arrow Amorphous Albatross Ariadne

Albert Atmosphere Aria Alexander Athen

Ama Academia Arthur Alphabet Azure

Anchor Albany aztecs animals analog

answer Aliases

Obvious Personal Attributes

Spouse’s name, children’s name, pet name, birthday

license plate number, telephone numberinitialsyear of marriagefemale surname or name (are sufficient to

get into various account in Bell Labs)

Keyboard Patterns

Ghghghbbbbb123-09qwppo1qazetc

Re-used passwords

Normal users with access to various systems will maintain the same password pattern

if attacker crack a password in a less secured environment, this password may be used to crack some more secured system

4.1.2 Computer Generated Password

Created by computer to be less predictablepoor password can be removed from systemnormal a choice of password is providedto prevent possible attack, password aging

technique is used, that is new password is generated periodically

disadvantage: difficult to remember

4.1.3 Tunable PasswordCompromise approach for user and computer

generated passwordallows system administrator to provide users

with part of a passworduser can use this to construct a new password

according to specified rulesExample: computer generated w5G and user

can provide prawn5GRAND or why55_Go60advanatge: of both user and CG password

4.1.4 Dynamic Password

Similar to tunable passwordthe CG password part is generated by

computer and a tag (portable device) and user part is the same

require synchronization of Password Generation

Advantage: prevent tapping the static password via the network

4.1.5 Password Cracking

Critical consideration for selecting password protection scheme should be more difficult for a determined attacker in cracking the password with automatic assistance

present state of computer (3-400 MIPS) is capable of cracking 4-char length of 128 character sets of ASCII data in few seconds.

4.1.6 Password Encryption

Required if the attacker can simply steal the stored password

use of encryption will help reducing the chance of being cracked

can be attacked by using encrypted password as entry for electronic search instead of the raw password extracted from dictionary

4.1.7 Password salt

Technique is based on adjusting the password by adding some random characters before encryption takes place

this technique can confuse electronic search because a similar tunable password is applied

Example : scrap is modified to scrap7^ for encryption

4.1.8 Example: Unix Password Management

Allow user to define their passwordpassword is stored in file called etc/passwdthe data stored are encrypted version with

loging name and administrative informationExample:

root:vBbddfRT56x34,M.y8:0:0:admin:/:/bin/sh

4.2 Key Management Protocol

Computer system requires to communicate remotely to other systems via communications network

it may not be useful to type in password or use a smart card

approaches are developed to identifying and authenticating the systems

techniques are called key management protocols

4.2.1 Attacks to Remote Communications

The most popular attacks are: disclosure to unauthorized listener receipt of message from a masquerading sender corruption or blocking of sent messages

Disclosure to Unauthorized Listener

When messages are passed by sending entity along some communications medium to a remote receiving entity, the possible emerges that a third malicious entity (an intruder) could read these messages by simply observing and interpreting the data traveling along the medium

intruder

receiversendermessages

“observe”

Attacks require that the intruder has the ability to decipher the information being transmitted along the tapped medium

As a result, encryption will provide a useful means for mitigating the effect of this type of attack

Key management protocols will ensure such an attack cannot occur by encrypting messages with keys that are only known by the appropriately authorized entities

Receipt of Message from Masquerading SenderSome sending entity masquerading as another sender

results bad messages were sent from an intruder

avoided by providing a mean for senders to uniquely identify themselves when messages are sent

intruder

receiversender

Bad messages

Corruption or blocking of sent messagesThis attack involves a message sent by a

sender being corrupted or blocked by an intruder

difficult to encounter, possible to use check sum

intruder

receiversender

Bad messages

Goodmessages

4.2.2 Private Key Protocol

A private key protocol involves a single key that is known by two entities who wish to communicate

Advantages: provides solution for disclosure protection and authentication and work well with DES

Disadvantages: entity needs to maintain a separate key for each remote entity and key distribution can be a problem too

SendMessage

M

Compute[M]k

Compute[[M]k]k]

Receive message

M

[M]k

Sender Receiver

Private Key Protocol

4.2.3 Public Key Protocol

A public key protocol involves a key pair, i.e the secret and public keys, that are held separately by two entities who wish to communicate

Advantages: allow system communications without the need for the storage and maintenance of many private keys

Disadvantages: more complex and computational intensive

SendMessage

M

Compute[[M]SB] PA

Compute[[[[M]SB] PA]SA]PB]

Receive message

M

[[M]SB] PA

Sender(B) Receiver(A)

Public Key ProtocolSA,PA = Secret and Public keys of ASB,PB = Secret and Public keys of B

4.2.4 Example: Secure Terminal/Host CommunicationSystem consists of a host that communicates

with a collection of terminals in a manner that uses key managed encryption protocols to ensure secrecy of all information passed

The host maintains a collection of session keys that dynamically generated for each communication session with a terminal and a collection of terminal keys that are fixed for the set of terminals

Each terminal has its fixed terminal keysThe host maintains a cryptographic facility

that contains master keys to encrypt and decrypt terminal and session keys

Each terminal maintains its own cryptographic facility

Notation: Ek(cleartext) is cleartext encrypted using key K

and Dk is ciphertext decrypted using key K

Silent characteristics

The terminal communicate directly with the host and a new session key is generated for each communication session

Since the host and each terminal contain the terminal key, it is used in private key protocol to distribute the session key. Both the host and terminal can encrypt and decrypt the terminal key using the master terminal key or the specific terminal key at each terminal. Each session is established.

Each time a new session is established, the host updates its session key table with a new encrypted entry Emsk(new session key) where msk is the secret master key for session keys

communication between host and terminal can thus follow a simple key managed protocol using the session key, where messages sent from the host to a terminal i would be of the form Eski(message) [where ski is the session key for i] and messages received from a terminal i would be deciphered by computing Dski(message)

Hosthold: msk, Tk’s and sk’s

Terminal iTki or msk

Step 1: transmission of msk or Tki via secure means

Step 2:

Session key

generate Step 3:Emsk(ski)orETki(ski)

Step 4: Dmsk(Emsk(ski))orDtki(Etki(ski))

Step 5:Message M

Eski(Mih)Eski(Mhi)

Step 6:recover messageDski(Eski(Mhi))

Step 6:recover messageDski(Eski(Mih))

Secure Terminal/Host Communications(Repeat steps 2 to 6 for new transmission)

4.2.5 RSA Implementation

Select two large prime numbers p and q each about 100 digits long

compute n = pq and =(p-1)(q-1)chosse an integer E between 3 and which

has no common factors with select an integer D, such that DE mod =1Make E and n public and keep p,q,D and

secret

Example:

P = 5 and q = 7n = 35 and = 24 choose E = 11 since 3 <

7<24 and HCF(7, 24) = 1select D = 7 where 7x7 =49 and 49 mod 24

=1Let the message = 3, C = 37 mod 35 =2187

mod 35 = 17P = 177mod 35 = 410338673 mod 35 = 3

4.2.6 Arbitrated Protocols with Third PartyAn alternative for point to point key

management protocols between senders and receivers is an arbitrated protocol that utilizes a third party to ensure authentication between communication entities

Two possible schemes arbitrated routing protocol arbitrated communication establishment protocol

Arbitrated Routing Protocol

This scheme requires that the routing not introduce any security problem such as routing a secret message through a party that should not have access to such information

example: message is passed to a router and user associated with that router have access to the message

Arbitrated Communication Establishment Protocol

This involves the third party arbiter establishing authentication between the senders and receivers so that communication can proceed without continued involvement of the arbiter

this scheme often involves the creation of tickets by the arbitrator that allows for subsequent secure communication

A B C

C

B

A

ArbitratorMessage to Cfrom A

Routed messageto C from A

(1) requestcommunications from C

Arbitrator

(2) establishcommunications

(3) communicationsbetween A and C

Arbitrated Routing Protocol

Arbitrated Communications Establishment Protocol

4.2.7 Key Distribution

Key distribution is a key issue for the establishing of a secured key management protocol

Key distribution is normally achieved via a Key Distribution Centre (KDC) via a secure channel

Sender Receiver

KDC

Encrypted Message

key key

Secured channel

normal channel

Centralized Key Distributor

4.2.8 Digital Signatures

Public Key Protocol is applied to “digital signatures”

Digital Signature is useful for direct communication or

as a third party authenticating systemsDS can be included as part of the message

protocol for identity purpose

ConceptStep 1: Sender A transmits the digitally signed

message (H, M, [Checksum(M)]SA) to B where H is the ID, M is the message and [Checksum(M)]SA is encrypted checksum

Step 2: Receiver computes the checksum and compared with the decrypted “encrypted checksum” [[Checksum(M)]SA ]PA

if both checksum are equal, the sender must be H and no message was corrupted during delivery

4.3 Access ControlAccess control provide a degree of

protection from malicious attacksit is defined as comprising those mechanisms

that enforce mediation on subject requests for access to objects as specified in the security policy

Two main types of access control: discretionary access control (DAC) mandatory access control (MAC)

4.3.1 Discretionary Access ControlA DAC mechanism is defined as comprising

those procedures and mechanisms that enforce the specified mediation at the discretion of individual users

This provide users with flexibility to protect their files and resources by setting DAC parameters as they see fit

However DAC parameters are easily changed and thus subject to Trojan Horse attack

4.3.2 Mandatory Access Control

MAC is defined as comprising those procedure and mechanisms that enforce the specified mediation, not at the discretion of individual users but by the system administration

Restriction imposed make it easier to establish an enforceable security policy

Do not allow users to change access control parameters and thus helps to reduce Trojan Horse attacks

4.3.3 Access Matrices and permission mechanism

Access matrices are used to define the access rights of the corresponding subjects (people) to the corresponding objects (resources)

Subjects

S1

.

.

.SN

O1 02 … OM

AccessRight

Objects

Permission Mechanisms: e.g. owner/group/other in UNIX (rwx) (rwx) (rwx) all groups with

read/write/execute permission (r-x) (r-x) (r-x) all groups with read/execute

permission only special program setuid (set user identification)

allows user to perform some task for which they would normally not have proper authorization

4.3.4 ACL and Capability Mechanism

Another ways is by use of access control list (ACL)

Example:Subjects X,Y, Z and objects A,B,C

X: A,B

Y:A

Z:A,B,C

Capacities are represented conceptually as the reverse of ACLs about the specific access

4.3.5 Examples - MAC Implementation

user

Open(a,b)

Underlying openroutine sequence

Call to MAC routine

Operation allowedand sequence

completes

Operation disallowed and

sequence completes

MAC routine

Invocationof command

Systemcallinterface

4.3.6 Attacks Countered by Access Control

Attacks: Malicious attempts to attack certain resources inadvertent requests that could cause harm to

resources on the system

MAC provides a more effective means for countering such attacks

4.4 Covert Channel

A covert channel is defined as existing whenever some computer system mechanism is used in an unexpected manner to provide a means by which information can flow to an unauthorized individual

A perfect channel is defined as having a sender, a receiver and a perfect communication path that passes message between the two entities.

SenderOvert Information flow mechanism receiver

Mechanisms Not Intended for

Information Flow

Covert Channel

Overt channel

Overt and Covert Channels

4.4.1 Covert Storage Channel

One type of covert channel exists is called covert storage channel.

In covert storage channel, information are passed unexpected and unauthorized manner from a high (secure) user to a low (secure) user

Example: ls commands in UNIX where low user can find out the name of the high user

files and initial some attacks..

It can be avoided by hiding the filenames to low user

4.4.2 Covert Timing ChannelsAnother is called a covert timing channel where

some resources are shared between both high and low users

Normally, a monitor program such as cpu_monitor is used to monitor the access control, auditing and authentication of the resources of both types of users.

Attacker (low user) may remove the cpu_monitor program or introduce some noise in confusing the detection of states in order to prolong the processing time and initiate attacks

4.4.3 Resource Matrix ApproachTo analysis possible existence of covert

channel, a resource matrix approach is usedThe matrix is composed of resources as row

and lowest level operation as column.The contents of the matrix elements are M

or/and R which denotes modification and read respectively

The presence of M represents a high potential of establishing a covert channel.

4.4.5 Computers as the Weakest Link

Because computer can be access by both high and low users, the establishment of covert channel is high.

Normally cover channels are fixed if vulnerabilities exist. The simplest way to remove covert channel is by using hardcopy instead of electronic transfer which may not be viable in the IT age.

4.5 Composing SecurityWhen two or more secure systems are

connected together, they may not compose into a secure system as expected.

Because non-deducibility and non-interference security are normally not exist

Compositional analysis must be carried out to ensure two/more systems are connected securely.

The presence of covert channels will further weaken the security properties.

4.6 Privileges and Roles

A privilege is defined as a collection of related computer system operations that can be performed by users of that systems. By operations, we mean low-level system activities.

A role is defined as a collection of related privileges.

Privileges can exist in multiple different roles. This implies that if a given privilege is required, then in some cases, a choice of which role should be allocated

A role might contain only one privilege.A role might be defined to include every

privilege.

Priv Priv Priv

PrivPrivrole

role

role

4.6.1 Role based attacks

Attacks arises when security is not considered in the allocation of roles to users

Example a user was granted with a supervisor role in UNIX based system

This will results a more potentially destructive power to a user then is desired

An attack may occurs if some user is granted a role that contain certain privilege that the user should not have.

The possibility is high if the number of roles is smaller and the associated privilege is larger.

As a results, privileges and roles must be designed in a manner that maximizes the granularity of privilege allocation without so many roles that their administration and allocation becomes overly complex.

4.6.2 Principle of Least Privilege

The principle of least privilege states that users should only be granted privileges to perform operation for which they have a legitimate need.

Designer based on this rule should ensure the granularity of role is fine enough to allow for different types of allocations.

4.6.3 Transformation and Revocation

By transformation, we imply that some change is being associated with the privileges allocated to a user. The transformation of privilege may occur internally to a single user in which certain roles and privilege are changed.

Transformation may also occur externally to a single user in which a user transfer a role or privilege to another user. Usually, external transformation occurs when a user is associated with a role or privilege that allows for such transfer to another user.

Privilege or role revocation is a special type of privilege transform that involves the timely removal of the ability to perform certain operations, presumably because of some event that changes the job requirements.

Example:

if a user associated with some privilege or role and is found to be a malicious intruder with motivation to harm the system, then immediate revocation of that user’s role and privilege may be necessary.

Examples: commands in UNIX

$ su

$ su adduser

$ su deluser

4.7 Security kernels

A security kernel is defined as an isolated portion of a computer system that is designed to enforce the security policy of the system.

Users and Application

Operating System

Hardware

Security Kernel

Security Kernel Organization

4.7.1 Principles of Kernel Design

Avoidance of Tampering: must protect from malicious or inadvertent tampering.Explicit attention must be placed on ensuring the security kernel is tamper-proof.

Avoidance of Bypass: Kernel must be designed in a manner that ensures complete avoidance of security kernel bypass by a subject requesting some service.

Provision for Assurance: Convincing evidence is needed to assure a system is secure: demonstrated secure usage over a period of

time full documentation on security mechanisms,

development methods, relevant information to ensure proper attention is addressed

results of security tests - ensure security results of penetration tests - ensure all possible

attack

Formal methods to prove evaluation, certification or accreditation from

authority individual or agency

Hardware Mechanisms: hardware to implement certain portions of security kernel functionality presents some advantages provide memory protection protect integrity of executing processes provide security support for I/O operations

Minimization of Complexity: if system is large and complex, the formal proof will be hindered. Minimizing the size of kernel is critical.

Fault tolerance: must designed to resist against any classes of faults because recovery from fault is always complicated and needs human intervention.

References:

Amoroso: chapters 19,21-26