TU3263 Security Elements in Computer Systems

Lecture notes by William Stallings and Lawrie Brown

1

What is computer security? the protection given to information systems in order to preserve the confidentiality, integrity, and availability (CIA) of information system resources
Resources includes: hardware, software, firmware, information/data, and telecommunications

Provide security of computers against intruders (e.g., hackers) and malicious software (e.g., viruses)

Cryptography: is a technique for ensuring the secrecy and/or authenticity of information What kind of information needs to be protected? Where can you find cryptography application?

What other systems that needs high security protection? Cryptography will be covered in Part 2 and Part 5

Called CIA triad

Confidentiality
preserve authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information.

Integrity:
Guard against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.
Non-repudiation: someone cannot deny something
E.g.: Alice cannot denied that she has sent Bob a message

Authenticity: genuine or valid, not being a fake or forgery A loss of integrity is the unauthorized modification or destruction of information.

Availability:
Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.

Additional two concepts:

Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.
Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. One must held account/responsible for its own activity

Three levels of impact on organizations/individuals should there be a breach of security (a state where CIA is lost):
Low Moderate High

10

Low: The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.
Example: a sheet of paper containing names of patients is lost
NAME Ahmad Park Jae-sang Rajoo Mei Chu WARD NO 23 4 34 21

11

Moderate: The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals
Example: a message between a nurse and a doctor is intercepted Containing a patients personal information (such as name, address, age, gender, contact no, medication), and current medical condition
Ahmad b. Ali Government servent No 21, Lorong Haji Talib, KL Age: 34 Contact no: 013-12345678 Medication condition: bypass heart, need medication every two hours.

12

Abu b. Ali Government Servent High: The loss could be expected to have a severe or No 21, Lorong Haji Talib, KL catastrophic adverse effect on organizational operations, Age: 40 Contact no: 013-12345678 organizational assets, or individuals Diagnose as: HIV carrier Medical history: frequent outdoor patients for flu, high fever Example: a message between doctors is intercepted Treatment: monthly visit to check blood condition,.. Prescription:. Containing a patients detailed medical information, such as

diagnosis, medical history, test results, current treatment, and prescriptions

What

would happen if this information falls to the wrong

hand?

13

What are needed?

Confidentiality, Availability, Integrity, Authenticity, Accountability?

14

1.

not simple
Not easy to achieve security requirements. The security processes are complex

2.

must consider potential attacks

When designing the security process, must consider the potential attack Success attacks always focus on the weakness of the security process

3.

procedures used counter-intuitive

Often, security processes are complex, It is hard enough to understand the system requirements statements from user, and therefore elaborate security processes are deemed not needed. until various aspect of threats are considered, that elaborate security mechanisms make sense
15

4.

involve algorithms and secret info

Users might need to keep secret information of the security processes with them to make the process useful- issues: how to keep/distribute this secret info

5.

6.

must decide where to deploy mechanisms battle of wits between attacker / admin
Attacker needs only to find a weakness and exploit them Admin needs to eliminate all weakness

7.

not perceived on benefit until fails

Until one is attacked, then only one feels regret taking security lightly

16

8. 9.

requires regular monitoring too often an after-thought incorporated after the design is complete
Should design security process during the system development

10.

regarded as impediment/ hindrance to using system

Because of the overhead, sometime making the system slower

17

security attack:
Any action that compromises the security of information owned by an organization.

security mechanism:
A process (or a device) that is designed to detect, prevent, or recover from a security attack.

security service:
A process or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

18

threat a potential for violation of security, a possible danger that might exploit a vulnerability
Vulnerability: a weakness in the security system, e.g. in procedures, design, or implementation, that might be exploited to cause loss or harm. E.g.: No authorization mechanism (such as login and pwd) to enter a system is vulnerable to attacks

attack an assault on system security, a deliberate attempt to evade security services Two types of attacks: passive and active

19

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Two types of passive attacks are:

release of message contents traffic analysis - monitor traffic flow to determine location and identity of communicating hosts and could observe the frequency and length of messages being exchanged

These attacks are difficult to detect because they do not involve any alteration of the data

20

21

22

Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:
Masquerade of one entity as some other Replay previous messages Modify/alter (part of) messages in transit to produce an unauthorized effect Denial of service - prevents or inhibits the normal use or management of communications facilities

1. 2. 3. 4.

23

24

Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely, because of the wide variety of potential physical, software, and network vulnerabilities. Instead, the goal is to detect active attacks and to recover from any disruption or delays caused by them.

25

feature designed to detect, prevent, or recover from a security attack no single mechanism that will support all services required however one particular element underlies many of the security mechanisms in use:
cryptographic techniques

26

specific security mechanisms (protocol layer specific):

encipherment, digital signatures, access controls, data integrity, authentication exchange, traffic padding, routing control, notarization

pervasive security mechanisms:

trusted functionality, security labels, event detection, security audit trails, security recovery

27

 enhance security of data processing systems and information transfers of an organization intended to counter security attacks using one or more security mechanisms often replicates functions, normally associated with physical documents
which, for example, have signatures, dates; need protection from disclosure, tampering or destruction; be notarized or witnessed; be recorded or licensed

28

Authentication - assurance that communicating entity is the one claimed Access Control - prevention of the unauthorized use of a resource Data Confidentiality protection of data from unauthorized disclosure Data Integrity - assurance that data received is as sent by an authorized entity Non-Repudiation - protection against denial by one of the parties in a communication Availability resource accessible/usable

29

topic roadmap & standards organizations security concepts:

confidentiality, integrity, availability

X.800 security architecture security attacks, services, mechanisms

30