Embed Size (px)
Citation preview
INF3510 - Notater
Veronika HeimsbakkInstitutt for informatikk
Universitetet i [email protected]
31. mai 2012
Innhold
1 Intro 3
2 Information security 3
3 PDCA 3
4 Computer Security 34.1 Reference monitor . . . . . . . . . . . 34.2 Virtual Machine . . . . . . . . . . . . 44.3 Memory Corruption . . . . . . . . . 4
5 Cryptography 45.1 Encryption Standard . . . . . . . . . 55.2 Stream Ciphers . . . . . . . . . . . . 55.3 The perfect cipher? . . . . . . . . . . 55.4 Integrity Check Functions . . . . . . 55.5 Message Authentication Codes . . . 65.6 Public Key Cryptography . . . . . . 65.7 Digital Signatures . . . . . . . . . . . 65.8 Summary . . . . . . . . . . . . . . . . 6
6 Key Management 76.1 Usage Periods . . . . . . . . . . . . . 76.2 Key Generation . . . . . . . . . . . . 7
6.2.1 Key States . . . . . . . . . . . 86.2.2 Key Protection . . . . . . . . 86.2.3 Session Key Establishment . 86.2.4 Signing Public Keys . . . . . 96.2.5 Digital Signature . . . . . . . 96.2.6 Public-key Infrastructure . . 96.2.7 Public-Key Certificates . . . . 96.2.8 Browser PKI and Malicious
Certificates . . . . . . . . . . . 10
7 Authentication 107.1 The Concept of Identity . . . . . . . 107.2 Entity Authentication . . . . . . . . . 10
7.2.1 Limitation of User Authenti-cation . . . . . . . . . . . . . . 10
7.3 Message Authentication . . . . . . . 107.4 User Authentication . . . . . . . . . 10
7.4.1 Passwords . . . . . . . . . . . 117.5 Digest Authentication . . . . . . . . 117.6 ID-Based Authentication . . . . . . . 11
7.6.1 Modes of Operation . . . . . 117.6.2 Matching Algorithm . . . . . 11
7.7 Object-Based Authentication . . . . . 117.7.1 Clock-Based OTP Tokens . . 117.7.2 Counter-Based OTP Tokens . 127.7.3 Challenge Response Systems 127.7.4 Contactless Cards . . . . . . . 127.7.5 Multi-Factor Authentication . 127.7.6 Authentication Assurance . . 12
8 Identity and Access Management 128.1 Identity Management Types . . . . . 128.2 Identity Domains . . . . . . . . . . . 138.3 Single Sign-On . . . . . . . . . . . . . 13
8.3.1 Single Domain SSO . . . . . . 138.4 Open Identity Model . . . . . . . . . 13
8.4.1 Characteristics . . . . . . . . 138.4.2 OpenID Business Model . . . 13
8.5 FEIDE . . . . . . . . . . . . . . . . . . 138.5.1 Technical Aspects . . . . . . . 13
8.6 Access Control . . . . . . . . . . . . . 138.6.1 Authorization and Access
Control . . . . . . . . . . . . . 148.6.2 Three Main Approaches . . . 14
1
9 Communication Security 149.1 Communication Protocol Architec-
ture . . . . . . . . . . . . . . . . . . . 149.1.1 Open Systems Interconnection 149.1.2 TCP/IP Protocol Architecture 159.1.3 OSI vs TCP/IP . . . . . . . . 15
9.2 SSL/TLS . . . . . . . . . . . . . . . . 159.3 IP Layer Security . . . . . . . . . . . 15
9.3.1 IPSec Security Services . . . . 159.3.2 Gateway-to-Gateway Archi-
tecture . . . . . . . . . . . . . 169.3.3 Host-to-Gateway Architecture 169.3.4 Host-to-Host Architecture . . 16
10 Perimeter Security 1610.1 Firewalls . . . . . . . . . . . . . . . . 16
10.1.1 Router Packet Filter . . . . . 1610.1.2 Host-Based Packet Filters . . 1710.1.3 Stateful Packet Filters . . . . 1710.1.4 Personal Firewalls . . . . . . 1710.1.5 Circuit Level Gateways . . . 1710.1.6 Application Level Gateway . 1710.1.7 Deep Inspection Applica-
tion Gateways . . . . . . . . . 1810.1.8 TLS/HTTPS Traffic Inspection 18
10.2 IPv4 Addresses . . . . . . . . . . . . 1810.3 Network Address Translation (NAT) 1810.4 Screened Bastion-Host . . . . . . . . 1810.5 Intrusion Detection Systems . . . . . 18
10.5.1 Intrusion Detection Tech-niques . . . . . . . . . . . . . 18
10.5.2 Port Scanning . . . . . . . . . 1910.5.3 Attacking and Evading NIDS 1910.5.4 Intrusion Detection Problems 1910.5.5 Intrusion Detection Errors . . 1910.5.6 Intrusion Prevention Systems 19
10.6 Honeypots . . . . . . . . . . . . . . . 1910.7 WLAN Security . . . . . . . . . . . . 19
10.7.1 802.11 Wireless LAN Security 19
11 Application and Operations Security 2011.1 Malware . . . . . . . . . . . . . . . . 20
11.1.1 Backdoor or Trapdoor . . . . 2011.1.2 Logic Bomb . . . . . . . . . . 2011.1.3 Trojan Horse . . . . . . . . . . 2011.1.4 Viruses . . . . . . . . . . . . . 2011.1.5 Worms . . . . . . . . . . . . . 20
11.2 Distributed Denial of Service Attacks 2011.2.1 Constructing an Attack Net-
work . . . . . . . . . . . . . . 20
11.2.2 DDoS Countermeasures . . . 2111.2.3 Botnet . . . . . . . . . . . . . 21
11.3 SQL . . . . . . . . . . . . . . . . . . . 2111.3.1 SQL Injection . . . . . . . . . 21
12 Operations Security 2112.1 Due Diligence and Due Care . . . . . 2112.2 Patch Management . . . . . . . . . . 2112.3 Top 20 Security Controls . . . . . . . 22
13 Privacy and Regulatory Requirements 2213.1 Regulation of IT Security . . . . . . . 22
13.1.1 Who Regulates IT? . . . . . . 2213.1.2 Regulatory Frameworks . . . 22
13.2 Data Protection Regulation . . . . . 2313.2.1 EU Directive on Data Protec-
tion . . . . . . . . . . . . . . . 2313.2.2 Cross-Border Issues . . . . . 2313.2.3 Tension With Other Laws . . 2313.2.4 Application of Data Protec-
tion Laws . . . . . . . . . . . 2313.3 EU Draft Recommendations . . . . . 2313.4 Norwegian Regulation . . . . . . . . 2313.5 Privacy Enhancing Technology . . . 2313.6 Browser Cookie Manipulation . . . . 2413.7 Is Privacy Different from Security? . 24
2
1 Intro
INF3510 - Informasjonssikkerhet1 tar jeg våren2012. Her leverer man en hjemmeeksamen påminimum 5000 ord, samt avlegger en eksamen.Eksamen er uten hjelpemiddel, og mitt mål meddenne samlingen notater er å forbrede meg bestmulig til eksamen. Hjemmeeksamen teller 40% avkarakteren, og avsluttendeeksamen teller 60% avkarakteren. Dokumentet vil bli skrevet på engelsk,ettersom notatene jeg har tatt er på engelsk.
Notatene er i hovedsak forelesningsfoiler,skrevet på en litt enklere måte for repetisjon, plussmine egne notater.
Har dog droppet én forelesning - om DigitalForensics.
Advarsel: inneholder nok alt for mange skrive-feil.
2 Information security
Information security is about protecting informa-tion assets. What is harmful? Need laws and poli-cys.Confidentiality: Authorization: secrecy, privacy,anonymity. Concern: information theft. Control:encryption, access control.Integrety: Data integrety, system integrety. Con-cern: corruption. Control: cryptographic check, ac-cess, verification.Availability: Usable by authorization. Consern:Denial of Service (DoS). Control: filtering, recov-ery.
3 PDCA
ISO27002 is an Information Security Management(ISM) guideline. Released in 2005. Contains 11high level security objects and 183 controls.ISO27001 is ISM requriements. Perhaps far greaterand fundamental importance than the originalCode of Practice (ISO27002). Based on Plan-Do-Check-Act (PDCA).
Plan-phase:
1Ved prof. Audun Jøsang, kurssider: http://www.uio.no/studier/emner/matnat/ifi/INF3510/
• Establish ISM.
• Spesify policy, objectives and procedures.
• Indentify and analyze risks.
Do-phase:
• Implement and operate ISM.
• Implement controls to manage risks.
Check-phase
• Monitor and review ISM.
• Ensure that the controls work properly.
• Mesure effectiveness of controls.
• Record actions and events that could have animpact of the ISM System (ISMS).
Act-phase
• Maintain and improve.
• Implement improvements.
Only 8000 companies worldwide have the 27001certification - mostly in Japan.
4 Computer Security
The Trusted Computing Base (TCB) of a computersystem is the set of all hardware, firmware and/orsoftware components that are critical to its securi-ty, in the sense that bugs or vulnerabilities occur-ing inside the TCB might jeopardize the securityproperties of the entire system.
4.1 Reference monitor
Reference monitor is the specification of a securitymodel for enforcing an access control policy oversubjects ability to preform operations on objectson a system. Eksample: the security kernel ofan Operating System (OS) is a reference monitorplaced at the lowest level.
Hierarchic security levels is used in Intel mi-croprosessor architecture since 803862. There arefour ordered privilige levels:
2Itel38g/i386/386. A 32-bit microprosessor. Released in1986 for personal computers.
3
• Ring 0: highest; OS kernel.
• Ring 1 and 2: OS services
• Ring 3: lowest; applications.
Windows and Linux uses ring 0 for OS anddrivers (admin) and ring 3 for applications (userspace). Rings 1 and 2 are not used, for perfor-mance reasons.
A process can access and modify any dataand software at the same or less privileged levelas itself. A process that runs in kernel modemay modify anything on the whole platform. Anattackers goal is then to reach access to the kernelmode. He may do this by tricking users to installsoftware or through exploits.
4.2 Virtual Machine
A Virtual Machine (VM) is a software imple-mentation of a machine (computer) that executesprograms like a real machine. An example isJava Virtual Machine (JVM). Platform virtualiza-tion allows multiple OSs to execute on top of areference monitor calles Hypervisor. Each OS isa VM controlled by the Hypervisor. There areseveral Hypervisor implementations available,VM Ware is probably the most known freeware.VirtualBox is software for x86 virtualization (runson Windows, Linus, OSX and Solaris hosts).
VM architecture variants:
Type 1 VM architecture:
Apps Apps AppsGuest OS Guest OS Guest OSHypervisor (VMM)Hardware
No host OS, hypervisor runs on hardware, highperformance, limited GUI, suitable for servers.
Type 2 VM architecture:
Apps Apps AppsGuest OS Guest OS Guest OSHypervisor (VMM)Host Operating SystemHardware
Hypervisor runs on host OS, performancepenalty, good gui, better HW support, suitable forworkstations.
But why use a VM?It allowes multiple OSs on same hardware, thisgives improved security, improves managementand resourse utilization, and reduced energyconsumption. It allows optimal combination ofOS and application. Safe testing and analysis ofmalware; malware can only infect the VM.
4.3 Memory Corruption
Buffer overflow is when written data size > buffersize. This results in neighbouring buffers beingoverwritten. Unintentional buffer overflow crash-es software and results in unreliability software.Intentional buffer overflow is when an attackermodifies specific data in the memory to executemalware. In languages like C or C++ you allocateand de-allocate memory. In type-safe languageslike Java, memory management is error-free.
Defences against memory corruption may behardware functions as No eXecute (NX) bit/flagin stack memory; the attackers code will notexecute. OS/compiler functions like stack cookies.Programming languages that is type-safe, likeJava and C#.
5 Cryptography
When is cryptography used? It’s used if yourequire confidentiality, data integrity and messageauthentication. And when is it used? Historicallythe military where using it and spy agencies.Cryptography came in handy when they wheretransmitting messanges through insecure chan-nels. Now days it’s used in many other areas.Especially in electronic information processingand communication technologies. For eksamplebanking.
Taxonomy of modern ciphersCiphers is divided into symmetric (one key) andasymmetric (two keys). Symmetric ciphers aredivided into two more; stream and block.
4
Block ciphers vs. stream ciphersEncryption: plaintext M is converted into cipher-text C under the control of the key k.C = E(M, k).Decryption with key k recovers the plaintext Mfrom ciphertext C. M = D(C, k).Symmetric ciphers: the secret key is used for bothencryption and decryption.Asymmetric ciphers: pair of private and publickeys where it is computationally infeasible toderive the private decryption key from the corre-sponding public encryption key.
Shannon’s S-P Network3 is a sequence ofmany substitutions and permutations. Substitu-tion provide confusion and complex relationshipbetween input and output. Functions must beinvertible.
5.1 Encryption Standard
The Data Encryption Standard (DES) was pub-lished in 1977 by the US National Bureau ofStandards. It was used in unclassified governmentapplications with a 15 years life time. When thetime had come to replace DES, a public competi-tion took place. This was because DES used 56-bitkeys and the 64-bit data blocks did not longeradequate. Rijndeal4 was nominated as the newAdvanced Encryption Standard (AES) in 2001.Versions for 128-bit, 196-bit and 256-bit data andkey blocks was now possible.
Block ciphers can be used in different modesin order to provide different security services.Common modes include:
• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Output Feedback (OFB)
• Cipher Feedback (CFB)
• Counter Mode (CTR)
ECB is the simplest mode of operation. Plaintextdata is divided into several blocks, each block
3Designed by Claude Shannon, Massachusetts Institute ofTechnology (MIT) in 1949.
4Designed by Vincent Rijmen and Joan Daemen.
then processes separately. Problem: for a givenkey, the same plaintext block always encryptsto the same siphertext block. This may allowthe attacker to construct a code book of knownplaintext/ciphertext blocks.
CBC mode issues: the same plaintext blockencrypts to different ciphertext blocks each time.May assist in detecting integrity breaches; suchas the insertion, deletion or reordering of datablocks. Problem: inserting or deleting a block willcause incorrect decryption.
CTR mode can do parallel encryption in h/wor s/w. Can preprocess in advance of need. Goodfor HD encryption. Random access to encrypteddata blocks.
5.2 Stream Ciphers
Consist of a key stream generator and a func-tion for combining key stream and data. The keystream generator takes a input key k seed S(0) andupdated its state with a state transition functionf(k), S(i+1) = f(k)(S(i)). The output at step i is thebitstream key K(i) derived from S(i). In such a ci-pher, a bit error in ciphertext bit i causes a sin-gle bit error in plaintext bit i. Wireless networksuse stream ciphers to protect data confidentiality.Stream ciphers cannot be used for integrity pro-tection, because of precise relative changes to theplaintext by modifying the corresponding cipher-text bits.
5.3 The perfect cipher?
An attackers goal is to discover the secret key.If you require confidentiality, the One Time Padis provably secure. But we don’t use it due toits disadvantages. It’s disadvantages are that eachkey can only be used once, each key is typicallyvery large and it requires secure distribution oflarge key. Key management is therefore difficult.In the One Time Pad cipher, the encryption anddecryption operations are identical.
5.4 Integrity Check Functions
Requirements for a one-way hash function h:
5
• Ease of computation: given x, it is easy tocompute h(x).
• Compression: h maps inputs x of arbitrarybitlength to outputs h(x) of a fixed bitlengthn.
• One-way: given a value y, it is impossible tofind an input x so that h(x) = y.
• Collision resistance: it is impossible to find xand x’, where x is unlike x’, with h(x) = h(x’).
Some frequently used hash functions are SecureHash Algorithm (SHA-1): 160 bit digest. Poten-tial attacks exist, it’s designed to operate with theUS Digital Signature Standard (DSA). The replace-ment for SHA-1 is SHA-256, 384 and 512 bit digest.This one is still secure. It’s a ongoing competitionfor a new secure hash algorithm. The winner willbe announced in 2012.
5.5 Message Authentication Codes
A message M with a simple message hash h(M)can be changes by an attacker. In communicationswe need to verify the origin of the data, thereforeMessage Authentication Codes (MAC). This canuse hash functions as h(M, k). With the message Mand the secret key k. To validate and authenticatethis message, the reciver of the message needto share the same secret key as the sender whocomputed the MAC. A third party who does noth ave the key cannot validate the message.
In practice the MAC algorithm is:
• Hash-based MAC algorithm (HMAC).
• CBC based MAC algorithm (CBC-MAC).
• Cipher-based MAC algorithm (CMAC).
5.6 Public Key Cryptography
Public key encryptio nwas proposed in the openliterature by Diffie and Hellman in 1976. Hereeach party has a public encryption key and aprivate decryption key. Computing the privatekey from the public key should be infeasible.Applications using Diffie-Hellman: IP Security(IPSec) and Secure Socket Layer (SSL)/Transport
Layer Security (TLS).
As a response to the Diffie-Hellman article in1976, three guys tried to work out an even betteralgorithm. This one is calles RSA. This is anasymmetric algorithm. In practice, large mes-sages are not encrypted directly with asymmetricalgorithms. Hybrid systems are used, whereonly symmetric session key is encrypted withasymmetric algorithm.
Hybrid cryptosystems works like this: sym-metric ciphers are faster than asymmetric ciphersbecause they are less computationally expensive,but asymmetric ciphers simplify key distribution,therefore a combination of both symmetric andasymmetric ciphers can be used - a hybrid system.
5.7 Digital Signatures
A MAC cannot be used as evidence that shouldbe verified by a third party. Digital signaturesused for non-repudiation, data origin authenti-cation and data integrity sevices, and in someauthentication exchange mechanisms. This digitalsignature mechanism got three components; keygeneration, signing and verification procedures.In applications a message M is not signed directly,but a hash value h(M) is. To get authenticationfrom a document sent from A, we require aprocedure for B to get an authentic copy of A’spublic key. Then we have a service that providesthe authenticity of dockument signed by A. Thiscan be provided by a Public Key Infrastructure(PKI).
So what is the difference between MAC anddigital signatures? They are both authenticationmechanisms. When using MAC, the verifier needsthe secret key that was used to compute theMAC. MAC cannot be used as evidence with athird party. Digital signatures can be validated bythird parties, and can in the theory support bothnon-repudiation and authentication.
5.8 Summary
A cipher must be hard to cryptanalyse and use asufficently large key.Algorithm secrecy makes cryptanalysis harder,
6
but it can give false assurance, and it’s challengingto keep cipher design confidential. It’s safest toassume that the attacker knows cipher.
6 Key Management
The security of protected information by encryp-tion depends on the size of the keys, robustnessof cryptographic algorithms and the protectionand management afforded to the keys. A singlekey should be used for only one purpose. If youuse it for two different purposes, it may weakenthe security. By limiting the use of a key, limitsthe damage that could be done if the key is com-promised. And some key usages interfere witheach other: an asymmetric key pair should onlybe used for either encryption or digital signatures,not both.
There are 19 types of cryptographic keys, de-fined by NIST. They are classified according towheter they are public, private or symmetric, theirarea of use and for asymmetric keys - wheter theyare static or ephemeral.
The cryptopo period is the lifespan of the spe-cific key. This is important because it limits theamount of information protected by that givenkey that is available for analysis. And limits theamount of exposure if a single key is compro-mised. Short cryptoperiods may be counter pro-ductive, particularly where denial of service is theparamount concern, and there is a significant over-head and potential for error in the re-keyring, keyupdate or key derivation process. The cryptoperi-od is therefore a trade-off.
6.1 Usage Periods
A key is both used for protecting and processing.In the protection period, the key is used forencryption. And in the processing period, the keyis used for decryption. A symmetric key shall notbe used to provide protection after the end of theprotection period. The processing period normallyextend beyond the protection period.
Recommended crypto periods as following:Type - protection period - usage period
1. Private Signature Key: 1-3 years
2. Public Signature Key: several years (dependson key size)
3. Symmetric Authentication Key: < 2 years / <OUP + 3 years
4. Private Authentication Key: 1-2 years
5. Public Authentication Key: 1-2 years
6. Symmetric Data Encryption Keys: < 2 years /< OUP + 3 years
7. Symmetric Key Wrapping Key: < 2 years / <OUP + 3 years
8. Symmetric and asymmetric RNG Keys: uponreseeding
9. Symmetric Master Key: about 1 year
10. Private Key Transport Key: < 2 years
11. Public Key Transport Key: 1-2 years
12. Symmetric Key Agreement Key: 1-2 years
13. Private Static Key Agreement Key: 1-2 years
14. Public Static Key Agreement Key: 1-2 years
15. Private Ephemeral Key Agreement Key: onekey agreement transaction
16. Public Ephemeral Key Agreement Key: onekey agreement transaction
17. Symmetric Authorization (Access Approval)Key: < 2 years
18. Private Authorization (Access Approval)Key: < 2 years
19. Public Authorization (Access Approval) Key:< 2 years
6.2 Key Generation
This is the most sensitive of all cryptographic func-tions. When we generate a key, we need to pre-vent unauthorized disclosure, insertion and dele-tion of keys. Automated devises that generate keysand initialization vectors (IVs) should be physi-cally protected to prevent modifications, replace-ments and disclosure. Keys should also be ran-domly chosen from full range of key space.
7
Random Number Generator Seeds (RNG) keysare used to initialize the generation of randomsymmetric/asymmetric keys. Knowing the seedmay determine the key uniquely. Requires confi-dentiality and integrity protection.
Examples of key generationStream cipher keys: long true random key stream(as the One-Time-Pad), or short random key (forexample 128 bits) input to keystream generator togenerate a pseudo random key stream.AES symmetric block cipher keys: select adequatekey length 128, 192 or 256 bits. Ensures that anykey is as probable as any other.RSA asymmetric cipher: makes sure n = p * q(modulus) is sufficiently large to prevent factoringexample n = 2048 bit. Randomness in seeds togenerate primes p and q must be twice the securi-ty required.
Compromise of keys occurs when the protec-tive mechanisms for the key fail, and the key canno longer be trusted. When a key is compromised,all the use of the key to protect information shallcease and the compromised key shall be revoked.A compromise recovery plan should contain:
1. The identification of the personnel to notify.
2. The identification of the personnel to performthe recovery actions.
3. The re-key method.
4. Any other recovery procedures, such as:
• Physical inspection of equipment.
• Identification of all information that maybe compromised.
• Identification of all signatures that maybe invalid due to the compromise of asigning key.
• Distribution of new keying material, ifrequired.
The worst form of key compromise is when it isnot detected.
When a key is going to be destructed, no keymaterial should reside in volatile memory orpermanent storage media afterwards.Methods for destroying keys may be as follows:
1. Simple delete operation on computer; mayleave undeleted key e.g. in recycle bin ortemporary folders.
2. Special delete operation on computer; thatleaves no data e.g. by overwriting.
3. Magnetic media degaussing
4. Destruction of physical device e.g. high tem-perature.
6.2.1 Key States
1. Pre-activision: the key material has been gen-erated.
2. Active: the key may be used to cryptographi-cally protect information or process previous-ly protected information.
3. Deactivated: a key whose cryptoperiod hasexpired, still need to preform processing.Therefore deactivated until its destroyed.
4. Destroyed: the key has been destroyed.
5. Compromised: keys are compromised whenthey are released to or determined by anunauthorized entity.
6. Destroyed compromised: key is destroyedafter a compromise.
6.2.2 Key Protection
Keys should be accessible for authorized usersand protected against unauthorized users. E.g.symmetric ciphers is never stored or transmit-ted ’in the clear’. They may use hierarchy likesession keys encrypted with a master. Masterkey protection could be locks and guards, tam-per proof devices, passwords and biometrics. Forasymmetric ciphers private keys need confiden-tiality protection and public keys need integri-ty/authentication protection.
6.2.3 Session Key Establishment
Symmetric ciphers are more efficient than asym-metric, typically used for secure data communica-tion sessions. Session keys for symmetric ciphers
8
must be distributed under the protection of per-manent keys. Three options for protecting the dis-tribution of session keys:
1. Use existing shared secret keys.
2. Use a trusted third party (server) who shareda symmetric (long-term) key with each user.
3. Use asymmetric cipher to protect session key.
6.2.4 Signing Public Keys
Need to know who the key belongs to. Public keysmust be distributed securely. May use a public-keycertificate from a trusted third party: CertificationAuthority (CA). A public-key certificate is a pub-lic key digitally signed by a CA. A hierarchy ofpublic-key certificated becomes a Public Key In-frastructure (PKI).
6.2.5 Digital Signature
Notation
• Private Key Kpriv: confidential key onlyknown by the owner.
• Public Key Kpub: publicly known key.
• Plain text message M: the original message ordata.
• Hash function H: used to create hash block.
• Digital signature Sig: cryptographic authenti-cation code.
• Signature generation S: function for creatingthe digital signature Sig of hash H(M) onmessage M. E.g. RSA: the S(sign) function isequivalent to D(decrypt).
• Verification function V: function for verifyingthe digital signature Sig of hash H(M) onmessage M. E.g. RSA: the V(veri f y) functionis equivalent to E(encrypt).
Generation and validation is as follows: taketwo parties A and B.
1. The plain text M
2. Compute the hash H(M)
3. Signed hashed message with As private key
4. Digital signature: Sig = S(H(M), Kpriv)
5. Recover hash from Sig with As public key:H(M) = V(Sig, Kpub)
6. Is valid if H(M) = H(M′)
7. Compute hash H(M′)
8. B has received plain text M′
6.2.6 Public-key Infrastructure
Due to spoofing problem, public keys must bedigitally signed before it is distributed. PKI is aninfrastructure for distributing signed public keysin the form of public-key certificates. PKI consistof:
• Policies: to define the rules for managingcertificates.
• Technologies: to implement policies and gen-erate, store and manage certificates.
• Procedures: related to key management.
• Structure of public key certificates: publickeys with digital signatures.
6.2.7 Public-Key Certificates
A public-key certificate is a public key with adigital signature. It binds a name to the publickey. CA sign public keys. An authentic copy ofCA’s public key is needed in order to validatecertificate. Relying party validates this certificate,verifies that the users public key is authentic.
How to generate a digital certificate?
• Assemble the information in single recordRec.
• Hash the record.
• Sign the hashed record.
• Append the digital signature to the record.
H(Rec)→ S(H(Rec), Kpriv(CA))
9
Using certificates to verify signature If B sendssigned message M, SigB(H(M)), CertB to A,H(M) is the hash value of the message M.
• A is the relying party and must first validateCertB: A uses CA’s public key Kpub (CA) toverify CA’s signature on the binding betweenthe public key and Bs unique identifier.
• A obtains Kpub (B) from the certificate CertB
• A uses Kpub (B) to verify signature SigB(H(M)) on M.
• If A trusts the CA that issued CertB and is cer-tain of CA’s public key and unique identifierand is certain of Bs unique identifier, then Ais certain that message M came from B.
Self-signed root keys Many people think a rootpublic key is authentic just because it is self-signed. Self-signing provides absolutely no securi-ty. It gives impression of assurance and false trust.
6.2.8 Browser PKI and Malicious Certificates
The web-browser automatically validates certifi-cates by checking that the certificate name and thedomain name of the web-server are equal. Crimi-nals buy legitimate certificates with are automat-ically validated by browsers. This may be usedfor malicious phising attacks, e.g. a bank. Howev-er, this malicious certificates are legitimate certifi-cates. Server certificates validation is not authenti-cation.
7 Authentication
What is authentication? Identity: means ’same oneas last time’. First time authentication is not mean-ingful since there is no ’last time’. Authenticationrequires a first tie registration of identity in theform of a name within a domain. Registration maytake two forms: pre-authentication, from previousidentity e.g. a passport or creation of a new identi-ty, e.g. a new born baby.
7.1 The Concept of Identity
• Entity: a person, organization, agent, systemetc.
• Identity: a set of names, attributes of entityin a specific domain. An entity may havemultiple identities in one domain.
• Digital identity: digital representation ofnames, attributes in a way that is suitable forprocessing by computers.
• Names and attributes of entity: can be uniqueor ambiguous within a domain.
7.2 Entity Authentication
System authentication: verify identity/name ofsystem in a session. Person authentication: verifycorrectness of person’s claimed identity or name.This happens in a session and/or in access control.Identity and/or name may be recognized as name,role or attribute. Organization authentication ver-ify attribute of org., or its authorized representa-tive. This may require person authentication.
7.2.1 Limitation of User Authentication
Limitation applies to the start of a session be-tween user and the system. Assume that the us-er operates a terminal. Does not guarantee that re-ceived messages originate from the user or termi-nal. There may be a man-in-the-middle attack.
7.3 Message Authentication
This provides evidence that the message or datawas sent by a user or entity with a specificidentity. Strong message authentication requirescryptographic protection like MAC or DigSign.Weak message authentication only needs someform of electronic evidence, like senders phonenumber of a SMS message.
7.4 User Authentication
Stages of user authentication:
1. Registration: user contacts ID-provider, possi-bly with documentation. (Pre-authentication.)
2. Provisioning: ID-provider registers uniquename and issues credential.
3. Identification: user presents the unique nameto select his identity.
10
4. Verification of identity: provides ID with cre-dential.
Step 1 and 2 is the registration phase that is doneonly once, while step 3 and 4 is the authenticationphase that is done multiple times.
The ’thing’ used to preform authentication iscalled credential. This may also refer to a token ora authenticator. This may be passwords, pin-codes,smart cards etc.
7.4.1 Passwords
This is a simple and most-often-used authentica-tor, and it is something the user knows. The prob-lem with passwords is that it is easy to share, maybe forgotten, often easy to guess and may be writ-ten down. Some strategies for strong passwordsmay be computer generated passwords, proactivepassword checking and reactive password check-ing.
7.5 Digest Authentication
HTTP digest is a simple challenge response pro-tocol specified in RFC 2069. Server sends: WWW-authenticate = digest, realm = ’server domain’,nonce = ’some random number’. User specifiesuserID and password in browser window. Brows-er produces a password digest from nonce, userIDand password using a one-way hash function (e.g.SHA-1). Browser sends userID and digest to serv-er, that validates the digest.Passworddigest = H(nonce, userID, password).
7.6 ID-Based Authentication
Biometrics, why use it? It is convenient as it cannot be lost or forgotten. Provides for positive au-thentication → it is difficult to copy, share anddistribute. This kind of authentication is increas-ingly socially acceptable and is becoming less ex-pensive. Biometrics may also be used for iden-tification. Examples of this kind of authentica-tion may be fingerprints, facial recognition, eyeretina/scanning, hand geometry etc. The require-ments are that the characteristic of the personshould be universal and distinctive.
The safety risk considering biometrics is that at-tackers might want to ’steal’ body parts. Subjects
may also be put under duress to produce biomet-ric authenticator.
7.6.1 Modes of Operation
• Enrollment: analog capture of the user’s bio-metric attribute.
• Identification: capture of a new biometricsample, searching the database for storedsample.
• Verification: comparison of the new samplewith that of the user’s stored template.
7.6.2 Matching Algorithm
• True positive: legitimate user is accepted.
• True negative: attacker is rejected.
• False positive → False Acceptance Rate(FAR): attacker are accepted.
• False negatives→ False Rejection Rate (FRR):legitimate users are rejected.
• Tradeoff between FAR and FRR: FAR = (#accepted attackers) / (total # attackers), FRR= (# rejected users) / (total # users)
7.7 Object-Based Authentication
This is something you have, e.g. a token. Andtokens usually are synchronized One-Time-Password (OTP) generators. Using a passwordonly once significantly strengthens the securityof the authentication process. There are twogeneral methods for this: clock-based tokens andcounter-based tokens.
7.7.1 Clock-Based OTP Tokens
The token displays time-dependent code on dis-play, the user have to copy the code to log in. Pos-session of the token is necessary to know the cor-rect value for the current time. Each code is com-puted for specific time window. Clocks must besynchronized. Example for this type of token isBankID.
11
7.7.2 Counter-Based OTP Tokens
Counter-based tokens generate a ’password’ resultvalue as a function of an internal counter and otherinternal data, without external inputs. HOTP isa HMAC-based OTP algorithm described in RFC4226: tokens that do not support any numericinput, and the value displayed on the token isdesigned to be easily read and entered by the user.
7.7.3 Challenge Response Systems
A challenge is sent in response to access request:a legitimate user can respond to the challenge bypreforming a task which requires use of informa-tion only available to the user. Advantage: sincethe challenge will be different each time, the re-sponse will be too. The dialohue can not be cap-tured and used at a later time. Could use symmet-ric or asymmetric crypto.
7.7.4 Contactless Cards
Conactless identification cards consist of a chipand an antenna. Does not need to come intocontact with the machine reader. When not withinthe range of a machine (RF) reader it is notpowered and so remains inactive. Suitable for usein hot, dirty, foggy environments.
7.7.5 Multi-Factor Authentication
When two or more authentication methods is usedto log in. Example: BankID and PIN-code.
7.7.6 Authentication Assurance
This gives trust in identity. It is a requirement fore-business. Authentication assurance: resourceshave different sensitivity levels. Authenticationhas a cost, stronger authentication→ higher cost.Authentication assurance level should match thesensitivity level.
Authentication Assurance Levels (AAL)
None Minimal Low Moderate HighLevel 0 Level 1 Level 2 Level 3 Level 4No reg. of id Minimal Low Moderate Highrequired confidence conf. conf. conf.
in the id in the id in the id in the idassertion assertion assertion assertion
Level 1 is used for online self-registration andself-chosen password. Pre-authentication by pro-viding person number. This provides little or noauthentication assurance.
Level 2 gives fixed password provisioned inperson or by mail to user’s address in nationalperson register. OPT calculator without PIN-code,provisioned in person or by mail. List of OTPprovisioned in person or by mail. Provides someauthentication assurance.
Level 3 uses OPT calculator with PIN-codeprovisioned separately in person or my mail toaddress in national person register. SMS-basedauthentication, where enrollment of mobile phoneis based on code provisioned in person or bymail. Personal public-key certificate with gov. PKI.Provides high authentication assurance.
Level 4 uses two-factor authentication, whereat least one must be dynamic and at least oneis provisioned in person. Also requires loggingand auditing by third party. Provides very highauthentication assurance.
8 Identity and Access Manage-ment
Identity representing and entities as digital identi-ties. Managing name spaces of unique identifiers.Mapping identities between domains.
Authentication is registration, provisioning andauthentication.
Access is authorization, access approval andaccounting (AAA).
8.1 Identity Management Types
1. Mgmt of user IDs and crentials on SP side.
2. Mgmt of user IDs and credentials on userside.
3. Mgmt of SP IDs and credentials on SP side.
12
4. Mgmt of SP IDs and credentials on user side.
SP = Service Provider.
8.2 Identity Domains
An identity domain is a network realm with aname space of unique names. Management struc-tures: single authority, e.g. user IDs in companynetwork. Hierarchical: e.g. Domain Name System(DNS). A single policy is normally applied in a do-main.
8.3 Single Sign-On
Low acceptance of new services that require sepa-rate user authentication. Silo model requires usersto provide same information to many serviceproviders. Silo model makes it difficult to offerbundled services, from different service providers.Service providers want better quality user infor-mation.
8.3.1 Single Domain SSO
Single authority that acts as identity provider (IdP)and credentials provider, single authority authen-ticates users. Advantages: well suited for serversunder single management, e.g. within large pri-vate and government organizations. Good usabili-ty. Disadvantages: Politically and technically dif-ficult to implement in open environments. Whotrusts authentication by other organizations?
Federated SSO Identify Federation: a set ofagreements, standards and technologies that en-able a group of SPs to recognize user identities andentitlements from other SPs. Identifier (and cre-dential) issuance as for the silo model. Mappingbetween a user’s different unique identifiers. Au-thentication by one SP, communicated as securityassertions to other SPs. Provides SSO in open en-vironments.
Advantages: improved usability (theoretically).Compatible with silo user-identity domains. Al-lows SPs to bundle services and collect user info.
Disadvantages: high technical and legal com-plexity. High trust requirements. Privacy issues.Unimaginable for all SPs to federate.
8.4 Open Identity Model
Single common identifier name space: based onURIs or XRIs. Multiple identity providers: eachIdP controls its own domain name, registers usersunder own domain name. Whoever controls adomain name can be IdP. IdP are involved in everyservice access: collect info about service access.
8.4.1 Characteristics
Self registration. Anybody can be IdProvider andserver, also you. Not all IdProviders are recog-nized as ’authorities’. A SP can specify which IdPsit accepts. Not suitable for sensitive services. Typi-cally targets online services with AAL-1. Vulnera-ble to multiple forms of abuse.
8.4.2 OpenID Business Model
For ID Providers it is a collection of market data,knows who uses which service and fragmentationof ID Provider market is a threat. For ServiceProviders (Relying Party): potentially more trafficand business. For users: avoid multiple identities,avoids typing passwords.
8.5 FEIDE
This is the Norwegian Id management systemwithing the national education sector. Users haveonly one username and password. Users accessweb-services via a central log-in service. Servicesare given what they need to know about theuser. Services are not given the users password,only information about the user. FEIDE haveformal agreements with the schools before theyare connected.
8.5.1 Technical Aspects
Based on SAML 2.0. Back end authenticate usersby using LDAP. One central identity provider(IdP) where service providers (SPs) are connected.Single Sign On when going between services.Single Log Out when logging out from a service.
8.6 Access Control
This controls how users and systems access oth-er systems and resources. Prevents unauthorizes
13
users to access to resources. Unauthorized accesscould compromise: confidentiality, integrity andavailability of information assets.
8.6.1 Authorization and Access Control
To authorize is to specify access permissions forroles, individuals, entities or processes. Authoritymay be delegated. Authorization policy is imple-mented in IT systems in the form of access rules.
Access Control Phases This goes as follows:Registration: Registration → Provisioning →
Authorization : OfflineOperation: Identification → Authentication →
Approval : OnlineTermination: De-registration → Revoke autho-
rization : Offline
8.6.2 Three Main Approaches
• Discretionary access control (DAC)
• Mandatory access control (MAC)
• Role-based access control (RBAC)
DAC Access rights to an object or resource aregranted at the discretion of the owner of the object.According to the Orange Book (TCSEC) DAC isimplemented as an Access Control List (ACL).Windows and Linux uses DAC.
ACL Attached to an object. Provides an accessrule for a list of subjects. Simple means of enforc-ing policy. Does not scale well. ACLs may be com-bined into an access control matrix covering accessrules for a set of objects.
MAC A central authority assigns access privi-leges. According to Orange Book MAC is imple-mented with security labels, e.g. security clearanceand classification levels. (SE)Linux includes MAC.
Labels Security Labels can be assigned to sub-jects and objects. Object labels are assigned accord-ing to sensitivity. Subject labels are determined bythe authorization policy.
Combined MAC and DAC A combination ofthese two access controls approaches is often used.MAC is applied first: if access is granted →discretionary system is invoked. Access grantedonly if both approaches permit. This ensures noowner may make sensitive information availableto unauthorized users.
RBAC Role based. Access rights are based on therole of the subject, rather than identity. Example:admin. RBAC may be combined with DAC andMAC.
9 Communication Security
Network security got two main areas: communi-cation security and perimeter security.
9.1 Communication Protocol Architec-ture
This is a layered structure of hardware and soft-ware that supports the exchange of data betweensystems as well as a distributed application (e.g.email). Each protocol consist of a set of rules for ex-changing messages. There are two standards: OSIreference model and TCP/IP protocol suite. Thelast one is most widely used.
9.1.1 Open Systems Interconnection
OSI is developed by the International Organiza-tion Standardization (ISO) and is a 7 layer model.Each layer preforms a subset of the required com-munication functions. Each layer provide servicesto the next higher layer.
14
ApplicationProvides access to OSI for users.PresentationProvides independence to the applicationfrom differences in data representation.SessionProvides the control structure forcommunication between applications.TransportProvides reliable, transparent transferof data between end points.NetworkProvides upper layers with independencefrom the data transmission andswitching technologies usedto connect systems.Data LinkProvides for the reliable transfer of informationacross the physical link.PhysicalConcerned with transmission of unstructuredbit stream over physical medium.
9.1.2 TCP/IP Protocol Architecture
Developed by the US Defense Advanced ResearchProject Agency (DARPA) for its packet switchednetwork (ARPANET). Used by the global Internet.No official model, but it is a working one.
9.1.3 OSI vs TCP/IP
OSI TCP/IP7 Application6 Presentation Application5 Session4 Transport Transport3 Network Internet2 Data Link Network Access1 Physical Physical
9.2 SSL/TLS
See your own paper on the case, stupid.
Client ServerClient Hello →
Server HelloServer Certificate
← Server Key Ex-changeClient CertificateRequestServer Done
Client CertificateClient Key Ex-change
→
Certificate VerifyClient FinishedMessage
← Change CipherSpecServer FinishedMessage
9.3 IP Layer Security
This is the standard for secure communicationsover the Internet Protocol (IP) networks. It usesencryption, authentication and key managementalgorithms. It is based on an end-to-end securitymodel at the IP level. Provides a security architec-ture for both IPv4 and IPv6 (mandatory for IPv6and optional for IPv4). It’s a layer 3 security: oper-ates on the network layer of OSI and Internet layerof TCP.
9.3.1 IPSec Security Services
Message Confidentiality Protects against unau-thorized data disclosure. Accomplished by the useof encryption mechanisms.
Traffic Analysis Protection A person monitoringnetwork traffic cannot know which parties arecommunicating, how often, or how much data isbeing sent. Provided by concealing IP datagramdetails such ad source and destination address.
Message Integrity IPSec can determine if datahas been changed (intentionally or unintentional-ly) during transit. Integrity of data can be assuredby using a MAC.
15
Message Replay Protection The same data is notdelivered multiple times, and data is not deliveredgrossly out of order. However, IPSec does notensure that data is delivered in the exact order inwhich it is sent.
Peer Authentication Each IPSec endpoint con-firms the identity of the other IPSec endpoint withwhich it wishes to communicate. Ensures that net-work traffic is being sent from the expected host.
Network Access Control Filtering can ensureusers only have access to certain network re-sources and can only use certain types of networktraffic.
9.3.2 Gateway-to-Gateway Architecture
Provides secure network communication betweentwo networks. Establish a VPN connection be-tween the two gateways. Network traffic is routedthrough the IPSec connection. Only protects databetween those two gateways.
9.3.3 Host-to-Gateway Architecture
Commonly used to provide secure remote ac-cess. The organization deploys a VPN gatewayonto their network; each remote access user thenestablishes a VPN connection between the localcomputer (host) and the VPN gateway. As withthe gateway-to-gateway model, the VPN gatewaymay be a dedicated device or a part of anothernetwork device. Most often used when connectionhosts on unsecured networks to resources on se-cured networks, such as linking traveling employ-ees around the world to headquarters over the In-ternet.
9.3.4 Host-to-Host Architecture
Typically used for special purpose needs, suchas system administrators preforming remote man-agement of a single server. Only model that pro-vides end-to-end protection for data throughoutits transit. Resource-insensitive to implement andmaintain in terms of user and host management.All user systems and servers that will participatein VPNs need to have VPN software installed.
Key establishment is often accomplished througha manual process.
10 Perimeter Security
This may be firewalls, intrusion detection systemsand LAN security.
10.1 Firewalls
A firewall is a check point that protects the internalnetworks against attack from outside network.The check point function applies rules to decidewhich traffic can pass in and out.
If the level of risk associated with maintaining aconnection between an organization’s internal net-work and the Internet (or other network(s)) is un-acceptable, the most effective way of treating therisk is to avoid the risk altogether and disconnectcompletely. If this is not possible, then firewallsmay provide effective control for reducing the risklevel to an acceptable level.
Firewalls are often the first line of defenceagainst external attacks, but should not be the onlydefence.
A firewall prevents unauthorized access to orfrom a private network. System admins mustdefine criteria for what is (un)authorized. Alltraffic that passes though the firewall must meetthis specified criteria.
Firewalls may be implemented in both hard-ware and software, or a combination of both.
They are frequently used to prevent unautho-rized Internet users from accessing private net-works connected to the Internet, especially in-tranets.
Firewalls must be effectively administrated andupdated with the latest patches.
Some description of different types of firewallsfollows:
10.1.1 Router Packet Filter
This is a network router function that ac-cepts/rejects packets based on headers is referredto as a packet filter. Packet filters examine eachpacket’s headers and make decisions based onattributes such as:
16
• Source or destination IP addresses
• Source or destination port numbers
• Protocol (UDP, TCP or ICMP
• ICMP message type
• And which interface the packet arrived on
A packet filter examines each packet that at-tempts to pass through the filter. This is done forboth directions. Each packet is examined indepen-dently of other packets that may be part of thesame connection, unaware of session states at in-ternal or external hosts.
10.1.2 Host-Based Packet Filters
Routers are commonly used as packet filters, inaddition to normal routing duties. A host maypreform packet filtering as well as other duties,such as web serving. In this case the packet filter isdesigned to protect the hist itself, not other hosts.
Common packet filter software includes:
• IPChains for Linux
• TCP wrappers for various Unix
• IP filter for Sun Solaris
10.1.3 Stateful Packet Filters
Stateful packet filters take account of the currentstate of a connection. They are more ’intelligent’than simple packet filters. They are also able torecognize if a particular packet is part of an es-tablished connection by ’remembering’ recent traf-fic history. This makes the definition of filteringrules easier to accomplish and therefore potential-ly more secure.
A stateful packet filter keeps track of sessions.Though it can be subject to Denial of Service (DOS)attacks.
Stateful packet filters are sometimes called dy-namic packet filters due to their ability to add rules’on the fly’. For example: can recognize an outgo-ing connection request from an internal client be-ing sent to an external server. And will add a tem-porary rule to allow the reply traffic back throughthe firewall. When session is finished, the tempo-rary rule is deleted.
Common software packages include:
• IPTables for Linux
• Checkpoint firewall-1
• Cisco PIX (integrated hardware and software)
• Microsoft Internet Security and AccelerationServer
Strengths and Weaknesses Its strengths is lowoverhead and high throughput. And it supportsalmost any application. Its weaknesses thoughis that it do not usually interpret applicationdata/commands: may allow insecure operationsto occur. It allows direct connection between hostsinside and outside firewall.
10.1.4 Personal Firewalls
This is a program designed to protect the comput-er it is installed on. Personal firewalls are frequent-ly used by home users to protect themselves fromthe Internet. They are usually a stateful packet fil-ter. Some products include anti-virus software aswell (usually at extra cost).
10.1.5 Circuit Level Gateways
A circuit level gateway is a special type of appli-cation level gateway with reduced security check-ing. It acts as a relay of TCP/UDP layer data ratherthan application data, and usually no analysis ofthe application layer data is preformed. Connec-tions are validated before allowing data to be ex-changed. It is able to identify a particular pack-et as being part of a particular connection. Gothigh performance possible due to limited securi-ty checking. Similar strengths and weaknesses tostateful packet filters except, can examine applica-tion layer data to a certain extent, but not up to ap-plication level gateway standards. E.g. some con-trol/blocking of insecure FTP commands.
10.1.6 Application Level Gateway
This acts as a relay of application level traffic. Alsoknown as an application proxy because the fire-wall needs to act on behalf of the client. Usuallyconfigured to support only specific applications or
17
specific features of an application: each applica-tion supported bu a specific gateway in the fire-wall.
How it works
1. Client sends a request to the server, whichis intercepted by the firewall (applicationgateway).
2. Firewall sends the request to the server onbehalf of the client.
3. Sever sends reply back to the firewall. Fire-wall sends reply to the client.
4. Both client and the server think they arecommunicating with each other, not knowingthe firewall exists. It is transparent.
10.1.7 Deep Inspection Application Gateways
Deep packet inspection looks at application con-tent instead of individual or multiple packets. Itkeeps track of application content across multi-ple packets. Potentially unlimited level of detail intraffic filtering.
Like packet 1 contains IP header, UDP headerand payload data. Deep inspection only look atpayload data, that is application parameters fore.g. Facebook.
10.1.8 TLS/HTTPS Traffic Inspection
As known, TLS is designed for end-to-end en-cryption, so a firewall may not inspect. In or-der to inspect TLS, terminate TLS connections atgateway. An SysAdmin must create internal PKIroot and issue internal server certificated with thename of external servers (e.g. Facebook). Inter-nal users/hosts will receive server certificate fromgateway and believe that the certificate comesfrom the external server. Causes clear text gap atgateway, but it is transparent to users.
10.2 IPv4 Addresses
IPv4 addresses of 32 bits→ 232 = 4, 294, 967, 296unique addresses. Represented as four decimalbytes separated by dots. For the University of Osloit is: 129.240.8.200.
10.3 Network Address Translation(NAT)
This translates public ↔ private addresses andports. The possibilities are: static mapping (perma-nent mapping of public to private addresses), dy-namic mapping (mapping of public to private ad-dresses when needed, unmapped when no longerneeded), port address translation (PAT) (multipleinternal addresses mapped to same public addressbut with different port numbers).
NAT helps enforce control over outbound con-nections, restrict incoming traffic, conceal inter-nal network configuration and prevents port scan-ning. Can not be used with protocols that require aseparate back-channel, protocols that encrypt TCPheaders, embed TCP address info and IPv6.
10.4 Screened Bastion-Host
This is a dedicated firewall that comes in additionto the packet filtering routers. Its functions areproxy for services in the internal network, NAT,protocol gateway for different link layer protocols.
10.5 Intrusion Detection Systems
Intrusion detection systems (IDS) are automatedsystems (programs) that detect suspicious events.IDS can be either host-based or network-based.A host based IDS is designed to detect intrusionsonly on the host it is installed on: monitor changesto host’s operating system files and traffic sent tothe host. Network based IDS (NIDS) are designedto detect intrusions on one or more networksegments, usually deployed to protect a number ofhosts: monitor network(s) looking for suspicioustraffic.
What should be detected? Attempted and suc-cessful break-ins, attacks by legitimate users (forexample, illegitimate use of root privileges), trojanhorse malware, viruses and worms, denial of ser-vice attacks.
10.5.1 Intrusion Detection Techniques
Misuse detection Must know in advance whatattacker will do (how?). Can only detect knownattacks.
18
Anomaly detection Using a model of normalsystem behavior, try to detect deviations andabnormalities. Can potentially detect unknownattacks.
10.5.2 Port Scanning
Many vulnerabilities are OS-specific: bugs in im-plementation, default configuration. Port scan isoften a prelude to an attack. Attacker tries manyports on many IP addresses, for example lookingfor an old version of some daemon with an un-patched buffer overflow. If characteristic behaviordetected, mount attack.
10.5.3 Attacking and Evading NIDS
Overload NIDS with huge data streams, thenattempt the intrusion. Use encryption to hidepacket content. Split malicious data into multiplepackets.
10.5.4 Intrusion Detection Problems
Lack of training data with real attacks: but lotsof ’normal’ network traffic, system call data. Datadrift: statistical methods detect changes in behav-ior, attacker can attack gradually and incremental-ly. Discriminating characteristics hard to specify:many attackers may be withing bounds of ’nor-mal’ range of activities. False identifications arevery costly: SysAdmin will spend many hours ex-amining evidence.
10.5.5 Intrusion Detection Errors
False negatives: attack is not detected. Big problemin signature-based misuse detection.
False positives: harmless behavior is classifiedas an attack. Big problem in statistical anomalydetection.
Both types of IDS suffer from both error types.
10.5.6 Intrusion Prevention Systems
Intrusion prevention systems (IPS) is a relativelynew term that may mean different things. Mostcommonly, a IPS is a combination of an IDS and afirewall. A system that detects an attack and maystop it as well. It may be an extension of an NIDS.
10.6 Honeypots
This is a computer configured to detect networkattacks or malicious behavior. It appears to be partof a network, and seems to contain information ora resource of value to attackers. But honeypots areisolated, are never advertised and are continuous-ly monitored. All connections to honeypots are perdefinition malicious. Can be used to extract attacksignatures.
10.7 WLAN Security
10.7.1 802.11 Wireless LAN Security
Only authorized terminals (or users) may getaccess though WLAN. Should be impossible toset up rogue AP. Interception of traffic by radioswithin range should be impossible.
WEP (’99) WPA(’03)
WPA2(’04)akaRSN
Auth. andkey gen.
WEP EAP EAP
Encryption RC4 RC4 +TKIP
CCMPAESCTRP(orTKIP)
Integrity None MichaelMIC
CCMPAESCBC-MAC
Notation of Table
• WPA: WiFi Protected Access
• EAP: Extensible Authentication Protocol
• RC4: Rivest Cipher 4 (stream cipher)
• TKIP: Temporal-Key Integrity Protocol
• Michel MIC: A type of Message IntegrityCheck
• CCMP: Counter Mode with Cipher BlockChaining Message Authentication Protocol
19
11 Application and OperationsSecurity
Application security: malicious software, attackson applications.
11.1 Malware
Malicious content comes in many different formsand got different effects. It is difficult to knowwhen infected. More advanced forms emerge.Malware is a growing concern.
There are different types of malicious programs.They can either be independent or need a hostprogram. Independent malware may be wormsand zombies. Malware that needs a host programcan be trapdoors, logic bombs, trojans and viruses.Viruses, worms and zombies are replicate.
How do computers get infected? Direct attacksfrom the network, as worms or exploitation ofapplication vulnerabilities such as SQL injectionor buffer overflows. Accessing a malicious orinfected website or starting an application from awebsite. Installing infected software.
11.1.1 Backdoor or Trapdoor
This is a secret entry point into a program, allowsthose who know access bypassing usual securityprocedures. Have been commonly used by devel-opers for testing. A threat when left in productionprograms allowing exploited by attackers.
11.1.2 Logic Bomb
One of the oldest types of malicious software.Code embedded in legitimate program. Acti-vated when specified conditions met: e.g. pres-ence/absence of some file, particular date/time,particular user. It causes damage when triggered:modify/delete files/disks, halt machine, etc.
11.1.3 Trojan Horse
A program with hidden side-effects. The programis usually superficially attractive: e.g. a game.Performs additional tasks when executed, allowsattacker to indirectly gain access they do not havedirectly. Often used to propagate a virus/worm orto install a backdoor.
11.1.4 Viruses
A piece of software that infects programs: modify-ing programs to include a copy of the virus, so itexecutes secretly when host program is run. Spe-cific to operating system and hardware: taking ad-vantage of their details and weaknesses. A typicalvirus goes through phases of: dormant, propaga-tion, triggering, execution.
11.1.5 Worms
Replicating program that propagates over net:using email, remote login. It has phases like avirus. May disguise itself as a system process. Oneof the best known worms is Morris Worm.
Mobile Phone Worms First appeared on mobilephones in 2004. They communicate via Bluetoothor MMS. They disable phone, delete data on thephone or send premium-prices messages.
Worm Countermeasures Overlaps with anti-virus techniques. Worms also cause significant netactivity. Worm defense approaches include:
• Signature-based worm scan filtering.
• Filter-based worm containment.
• Payload-classification-based worm contain-ment.
• Threshold random walk scan detection.
• Rate limiting and rate halting.
11.2 Distributed Denial of Service At-tacks
Distributed Denial of Service (DDoS) attacks forma significant security threat. Making networkedsystems unavailable: by flooding with uselesstraffic. Uses large numbers of ’zombies’.
11.2.1 Constructing an Attack Network
Must infect large numbers of zombies. Needs:
1. Software to implement the DDoS attack.
2. An unpatched vulnerability on many sys-tems.
20
3. Scanning strategy to find vulnerable systems.
11.2.2 DDoS Countermeasures
Three broad lines of defense:
1. Attack prevention and preemption (before)
2. Attack detection and filtering (during)
3. Attack source traceback and ident (after)
Huge range of attack possibilities. Hence evolv-ing countermeasures.
11.2.3 Botnet
This is a collection of software agent (robots) thatrun autonomously and automatically. Execute ma-licious functions in a coordinated way. A botnet idnamed after the malicious software, but there canbe multiple botnets using the same malicious soft-ware, but operated by different criminal groups.
11.3 SQL
Structures Query Language (SQL): inferface torelational database systems. Allows for insert,update, delete and retrieval of data in a database.
11.3.1 SQL Injection
It is the ability to inject SQL commands intothe database engine through existing application.Occurs in flaw in web application, not in databaseor web server. No matter how patched yoursystem is, no matter how many ports you close,an attacker can get complete ownership of ourdatabase.
Some possibilities:
• Brute forcing passwords using attacked serv-er to do the processing.
• Interact with OS, reading and writing files.
• Gather IP information though reverse lookup.
• Start FTP service on attacked server.
• File uploading.
Prevention of SQL Injection Check and filteruser input: length limit on input (most attacks de-pend on long query strings), different types of in-puts have specific language and syntax associatedwith them (e.g. name, email etc), do not allow sus-picious keywords.
Prevent SQL Injection and Cross-Site Script-ing (XSS) Attacks SCRUB Error handling: errormessages divulge information that can be used byhacker, error messages must not reveal potentiallysensitive information. VALIDATE all user enteredparamters.
12 Operations Security
Military Operations Security (OPSEC) is a processthat identifies critical information related to mili-tary operations, and then executes selected mea-sures that eliminate or reduce adversary exploita-tion of this information.
Commercial Operations Security is to applysecurity principles and practices to computer andbusiness operations.
12.1 Due Diligence and Due Care
In general, due diligence is to make necessary in-vestigations in order to be well informed. Infor-mation security due diligence is the process ofinvestigating security risks: risk assessment is anessential element of due diligence. To show duecare means that a company implements securitypolicies, procedures, technologies and standardsthat balances the security risks. Practicing due dili-gence and due care together means that a compa-ny acts responsibly by taking the necessary stepsto protect the company, it’s assets, and employees.
12.2 Patch Management
1. Provide patch management infrastructure →requires procedures staff end computing en-vironment.
2. Research newly released patches → compat-ibility issues, authenticity and integrity ofpatches.
21
3. Test new patches on isolated platforms →patches often break functions, so better outfirst.
4. Deploy patches to production platforms →progressive, from leas sensitive to most sen-sitive systems.
5. Validate, log and report patching activities.
12.3 Top 20 Security Controls
Top 20 Controls were agreed upon by US consor-tium brought together by John Gilligan and theCenter for Strategic and International Studies.
1. Inventory of authorized and unauthorizeddevices.
2. Inventory of authorized and unauthorizedsoftware.
3. Secure configurations for hardware and soft-ware on laptops, workstations and servers.
4. Secure configurations for network devicessuch as firewalls, routers and switches.
5. Boundary defense.
6. Maintenance, monitoring and analysis of se-curity audit logs.
7. Application software security.
8. Controlled use of administrative privileges.
9. Controlled access based on the need to know.
10. Continuous vulnerability assessment and re-mediation.
11. Account monitoring and control.
12. Malware defense.
13. Limitation and control of network ports, pro-tocols and services.
14. Wireless device control.
15. Data loss prevention.
16. Secure network engineering.
17. Penetration tests and red team exercises.
18. Incident response capability.
19. Data recovery capability.
20. Security skills assessment and appropriatetraining to fill gaps.
13 Privacy and Regulatory Re-quirements
13.1 Regulation of IT Security
Regulation is a term used for governmental con-trol over society’s stakeholders actions. Laws pro-vide the grounds for regulation. Regulation fol-lows political decisions, and usually relates toexisting legal frameworks and societal demands.Regulation is often the result of either new riskfor society, or persisting conflicts on the unregu-lated market, e.g. market failure. Self-regulation ofstakeholders is another way of regulation.
13.1.1 Who Regulates IT?
The government are the source of most regulation→ even in the areas where government attentionspawned effective self-regulation. Post og Teletil-synet and Datatilsynet are specific supervisory au-thorities that regulate IT in Norway, among others.
13.1.2 Regulatory Frameworks
Electronic Signatures in Europe The goal is toprovide a harmonized framework for the provi-sion and use of electronic signatures in Europe.Defines terms, applicability of e-signatures, re-sponsibilities of certificate authorities (CAs), liabil-ity and security requirements.
Data Protection OECD guidelines define inter-national basis for collection, use and transfer ofpersonal data. Regional (e.g. EU-wide) formula-tion of common data protection rules for harmo-nized services. National implementation and su-pervision in national laws and law systems by thenational governments. Datatilsynet is the supervi-sory authority in Norway. In Norway, privacy caneasily be weakened though new laws (e.g. Skat-teliste, road toll etc). Some countries require databreach publications.
22
13.2 Data Protection Regulation
Protection is the ’right to be left alone’. Compli-cations with data protection can be geographi-cally: USA vs. Europe (safe harbor). Legally: ju-risdictions differences in different locations. Sec-toral (USA): industry self-regulation with occa-sional sectoral regulation (e.g. health data). Fu-ture challenges: interpretation of personal datathrough others in wrong contexts.
13.2.1 EU Directive on Data Protection
Created a harmonized space for handling person-al information in EU and EFTA/EØS countries.Rules based on OECD.
• Transparency, legitimate purpose, propor-tionality.
• Supervisory authority and public register ofprocessing operations.
• Transfer of personal data to third countries.
However, in most member states, a violation ofprivacy laws is not a capital crime of great interestto the government solicitor.
13.2.2 Cross-Border Issues
Today’s Internet services and mobile networksapps are located in many countries. They can bemoved easily, along with their data. Consequence:safe harbor agreement EU-USA. The regulationwas made for central data centers, not for cloudcomputing and global mobile phone networks.
13.2.3 Tension With Other Laws
Data retention for intelligence/criminal investiga-tion. Specific tax laws, e.g. Norway’s Skattelisteand Norway’s scanning of credit card payments.
13.2.4 Application of Data Protection Laws
Comlex issue: analysis of various, possibility con-tradictory laws. Future introduction of new laws.Corss-border service or system mobility. User ex-perience should not be impaired. Privacy manage-ment cost can be significant.
Privacy design vs. Business Model is a difficultchallenge. Data minimization might be the ’bestguess’.
13.3 EU Draft Recommendations
1. RFID operators shall conduct privacy riskassessments.
2. Risk assessments should honor stakes, andcover all stakeholders.
3. Mandatory to take appropriate technical andorganizational measures to mitigate the pri-vacy risks.
4. Assign a responsible person for audit andadaption of the above.
5. Privacy and security risk management shallbe aligned.
6. The privacy risk assessment summary mustbe published latest upon deployment of theRFID application.
13.4 Norwegian Regulation
General rules in ’personopplysningsloven’ applyto RFID applications. No specific regulation hasbeen implemented. However, Datatilsynet has al-ready commented several RFID-based projectsand formulated stringent requirements, e.g. in thecase of passports.
13.5 Privacy Enhancing Technology
Privacy Enhancing Technology (PET), definition:A collection of IT artifacts that are used to min-imize personal data, secure the use and storageof personal data, secure the use and storage ofpersonal data, and enable the secure and privacy-preserving management of personal data. Manyflavors and purposes, ranging from self-defense tocorporate information management. Encryption isa building block for PET, but not enough to pro-vide pseudonumity, anonymity or unlikability oftransactions.
PET development inspired by the legal perspec-tive on basic human rights. Technology-centric ap-proach. PET research focused on information hid-
23
ing and control. Much focus on the end user andhis action options.
13.6 Browser Cookie Manipulation
Swaps and manages cookies. Random cookie ex-change with other users. Goal: control sending andstorage of own browser cookies. Attack user pro-filing websites through fake cookies or other peo-ples cookies - created entropy, destroys databasevalue.
13.7 Is Privacy Different from Securi-ty?
Privacy protection uses most known securitymethods to build protocols. The goals of privacy,however, are more than integrity, confidentiality,availability and non-repudiation: unobservability,unlikability, unidentifiability, anonymity.
Referanser
[1] Audun Jøsang, All lectures of INF3510. Univer-sity of Oslo, Oslo, Sping 2012.
[2] Lothar Fritsch, Privacy and Regulatory Require-ments. Norsk Regningssentral, Oslo, Spring2012.
24
