Encryption and Decryption using Vigenere with Cipher Block Chaining: Up to 50 dollars will be given
Security Concepts Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018
1
Information
Textbook Chapter 1
Some of the slides and figures are from textbook slides distributed by Pearson
2
Computer Security Definition
The NIST Computer Security Handbook Definition
“The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
Key points:
Confidentiality, integrity and availability
Confidentiality:
Data confidentiality: confidential information is not disclosed to unauthorized parties
Privacy: personal information should not be collected by unauthorized personnel
Integrity:
Data integrity: information should not be changed by unauthorized parties
System integrity: systems perform as intended free of unauthorized manipulation
Availability:
Systems work promptly and service is not denied to authorized user.
Information resources: hardware, software, firmware, information/data, and telecommunications
3
National Institute of Standards and Technology
Computer Security Objectives
4
CIA triad
FIPS PUB 199 characterization
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information.
Integrity: Guarding against improper information modification or destruction, including ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.
Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.
Federal Information Processing Standards
Computer Security Objectives
5
Additional concepts
Authenticity: verifying that users are who they say they are and that each input arriving at the system came from a trusted source.
Accountability: Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.
Tools for Confidentiality
Encryption
Transform the information using a secrete so it is useful only to the intended recipient
Access Control
Rules and policies that limit access to confidential information
Authentication
Determine identity or role of a user
Authorization
Specify the access rights or privileges to resources
Physical Security
Use physical barriers to deny unauthorized access
For example, lock and security guards
6
Tools for Integrity
Backups
Periodic archiving of data.
Checksums
Computation of a function that maps the contents of a file to a numerical value
Data correcting codes
methods for storing data in such a way that small changes can be easily detected and automatically corrected.
7
Tools for Availability
Physical protections
Infrastructure meant to keep information available even in the event of physical challenges.
For example, back up power
Computational redundancies
Computers and storage devices that serve as fallbacks in the case of failures.
For example, back up storage
8
Levels of Impact
9
Examples
Low
The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals
Moderate
The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals
High
The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals
Levels of Impact
Examples:
Confidentiality:
Student enrollment info: moderate
Faculty list: low or no rating
Integrity:
Patient allergy info: high
Online forum: moderate
Availability:
Critical service: high
University website: moderate
10
Computer Security Challenges
Computer security is not simple
Simple requirements, complex mechanisms
Must consider potential attacks
Counterintuitive procedures
Physical and logical placement needs to be determined
More algorithms and protocols may be involved
Attackers only need to find a single weakness, the developer needs to find all weaknesses
Benefit of security is not obvious until breech or failure occurs
Requires regular monitoring
Security is often an afterthought
Incorporated after the design is completed
Security is treated as an impediment to efficient and user-friendly operation
11
Computer Security Terminology
12
Table 1.1 of textbook
13
Security Concepts and Relationships
Resources
Assets of a Computer System
Hardware
Computer systems
Data processing and data storage
Data communications devices
Software
OS
System utilities
Applications
Data
files and databases
Security-related data, such as password files.
Communication facilities and networks
Local and wide area network communication links,
Bridges and routers etc.
14
Vulnerabilities and Threats
Categories of vulnerabilities
Corrupted (loss of integrity)
Leaky (loss of confidentiality)
Unavailable or very slow (loss of availability)
Threats
Capable of exploiting vulnerabilities
Represent potential security harm to an asset
15
CIA
Attacks
Attacks (threats carried out)
Passive
Attempt to learn or make use of information from the system that does not affect system resources
Active
Attempt to alter system resources or affect their operation
Insider
Initiated by an entity inside the security parameter
Outsider
Initiated from outside the perimeter
16
Countermeasures
Countermeasure: any means taken to deal with a security attack
Prevent
Detect
Recover
Despite countermeasures, residual vulnerabilities may remain
Countermeasures can themselves introduce new vulnerabilities
The goal is to minimize the residual level of risk to the assets
17
Threat Consequences
18
Table 1.2 in textbook
Attacks (Revisit)
Recall passive and active attacks
Passive attacks: attempts to learn or make use of information from the system but does not affect system resources.
Eavesdropping
Traffic analysis
Active attacks: attempts to alter system resources or affect their operation
Replay
Masquerade
Modification of messages
Denial of service
19
Computer Assets and Threats
20
Table 1.3 in textbook
Security Requirements (Countermeasures)
FIPS PUB 200 (Minimum Security Requirements for Federal Information and Information Systems) enumerates 17 security-related areas (Table 1.4)
Technical measures:
Access control
Identification and authentication
System and communication protection
System and information integrity
Management controls:
Awareness and training
Audit and accountability
Certification, accreditation and security assessments
Contingency planning
Maintenance
Physical and environmental protection
Planning
Personnel security
Risk assessment
Systems and services acquisition
Overlap
Configuration management
Incident response
Media protection
21
Federal Information Processing Standards
Security Design Principles
National Centers of Academic Excellence
Economy of mechanism
keep it simple
Fail-safe defaults
default is lack of access
Complete mediation
do not rely on cached answers to grant access
Open design
Encryption algorithms are public, but keys are secret
Separation of privilege
multifactor user authentication
Least privilege
every process/user should have least privilege to perform task
Least common mechanism
separate user functions as much as possible
Psychological acceptability
security should intrude minimally with user work
Isolation
isolate systems/processes/files as much as possible
Encapsulation
object-oriented concept for protecting data
Modularity
use a modular architecture, to facilitate upgrades/maintenance
Layering
provide multiple layers of security
Least astonishment
programs and UIs should respond in understandable ways
22
Attack Surfaces
23
An attack surface consists of the reachable and exploitable vulnerabilities in a system
Three categories:
Network attack surface
Vulnerabilities over an enterprise network, wide-area network, or the Internet.
For example, network protocol vulnerabilities used for a denial-of-service
Software attack surface
Vulnerabilities in application, utility or operating system code. A particular focus in this category is Web server software.
For example, codes that processes incoming data, email, XML, office documents, and industry-specific custom data exchange formats
Human attack surface
Vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders.
For example, an employee with access to sensitive information vulnerable to a social engineering attack
Attack Trees
Branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities
Root node: attack goal
Subnode: subgoal
Leaf node: ways to initiate an attack
Each subnode is either AND-node or OR-node
Example: Internet banking Authentication (Figure 1.4)
24
Computer Security Strategy
Security policy
Formal statement of rules and practices that specify how a system provides security services to protect system resources
Security implementation
Involves four complementary actions
Prevention
Detection
Response
Recovery
Assurance
Degree of confidence that security measures work as intended to protect assets
Evaluation
Process of examining a computer product or system with respect to certain criteria
Involve testing and analytic or mathematical techniques
25
Summary
Computer security definition
Computer security objective (CIA triad)
Tools for CIA
Level of impact
Computer security challenges
Security terminology
Security concepts and relationship
Computer system assets
Vulnerabilities, threats, attacks and countermeasures
Threat consequences
Security requirements
Security design principles
Attack surfaces
Attack trees
Computer security strategy
26
Threat Consequence Threat Action (Attack) Unauthorized
Disclosure A circumstance or
event whereby an entity gains access to data for which the entity is not authorized.
Exposure: Sensitive data are directly released to an unauthorized entity.
Interception: An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations.
Inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications.
Intrusion: An unauthorized entity gains access to sensitive data by circumventing a system's security protections.
Deception A circumstance or
event that may result in an authorized entity receiving false data and believing it to be true.
Masquerade: An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity.
Falsification: False data deceive an authorized entity. Repudiation: An entity deceives another by falsely denying
responsibility for an act.
Disruption A circumstance or
event that interrupts or prevents the correct operation of system services and functions.
Incapacitation: Prevents or interrupts system operation by disabling a system component.
Corruption: Undesirably alters system operation by adversely modifying system functions or data.
Obstruction: A threat action that interrupts delivery of system services by hindering system operation.
Usurpation A circumstance or
event that results in control of system services or functions by an unauthorized entity.
Misappropriation: An entity assumes unauthorized logical or physical control of a system resource.
Misuse: Causes a system component to perform a function or service that is detrimental to system security.
Threat Consequence Threat Action (Attack)
Unauthorized
Disclosure
A circumstance or
event whereby an
entity gains access to
data for which the
entity is not
authorized.
Exposure: Sensitive data are directly released to an
unauthorized entity.
Interception: An unauthorized entity directly accesses
sensitive data traveling between authorized sources and
destinations.
Inference: A threat action whereby an unauthorized entity
indirectly accesses sensitive data (but not necessarily the
data contained in the communication) by reasoning from
characteristics or byproducts of communications.
Intrusion: An unauthorized entity gains access to sensitive
data by circumventing a system's security protections.
Deception
A circumstance or
event that may result
in an authorized entity
receiving false data
and believing it to be
true.
Masquerade: An unauthorized entity gains access to a
system or performs a malicious act by posing as an
authorized entity.
Falsification: False data deceive an authorized entity.
Repudiation: An entity deceives another by falsely denying
responsibility for an act.
Disruption
A circumstance or
event that interrupts
or prevents the correct
operation of system
services and
functions.
Incapacitation: Prevents or interrupts system operation by
disabling a system component.
Corruption: Undesirably alters system operation by
adversely modifying system functions or data.
Obstruction: A threat action that interrupts delivery of
system services by hindering system operation.
Usurpation
A circumstance or
event that results in
control of system
services or functions
by an unauthorized
entity.
Misappropriation: An entity assumes unauthorized logical
or physical control of a system resource.
Misuse: Causes a system component to perform a function
or service that is detrimental to system security.
Availability Confidentiality Integrity
Hardware Equipment is stolen or disabled, thus denying service.
An unencrypted CD- ROM or DVD is stolen.
Software Programs are deleted, denying access to users. An unauthorized copy of software is made.
A working program is modified, either to cause it to fail during execution or to cause it to do some unintended task.
Data Files are deleted, denying access to users.
An unauthorized read of data is performed. An analysis of statistical data reveals underlying data.
Existing files are modified or new files are fabricated.
Communication Lines and Networks
Messages are destroyed or deleted. Communication lines or networks are rendered unavailable.
Messages are read. The traffic pattern of messages is observed.
Messages are modified, delayed, reordered, or duplicated. False messages are fabricated.
Availability Confidentiality Integrity
Hardware
Equipment is stolen or
disabled, thus denying
service.
An unencrypted CD-
ROM or DVD is stolen.
Software
Programs are deleted,
denying access to users.
An unauthorized copy
of software is made.
A working program is
modified, either to
cause it to fail during
execution or to cause it
to do some unintended
task.
Data
Files are deleted,
denying access to users.
An unauthorized read
of data is performed.
An analysis of
statistical data reveals
underlying data.
Existing files are
modified or new files
are fabricated.
Communication
Lines and
Networks
Messages are destroyed
or deleted.
Communication lines
or networks are
rendered unavailable.
Messages are read. The
traffic pattern of
messages is observed.
Messages are modified,
delayed, reordered, or
duplicated. False
messages are
fabricated.