Encryption and Decryption using Vigenere with Cipher Block Chaining: Up to 50 dollars will be given

profileKnockKnockDragon
02-SecurityConcepts.pptx

Security Concepts Dr. Y. Chu CIS3360: Security in Computing 0R02 Spring 2018

1

Information

Textbook Chapter 1

Some of the slides and figures are from textbook slides distributed by Pearson

2

Computer Security Definition

The NIST Computer Security Handbook Definition

“The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”

Key points:

Confidentiality, integrity and availability

Confidentiality:

Data confidentiality: confidential information is not disclosed to unauthorized parties

Privacy: personal information should not be collected by unauthorized personnel

Integrity:

Data integrity: information should not be changed by unauthorized parties

System integrity: systems perform as intended free of unauthorized manipulation

Availability:

Systems work promptly and service is not denied to authorized user.

Information resources: hardware, software, firmware, information/data, and telecommunications

3

National Institute of Standards and Technology

Computer Security Objectives

4

CIA triad

FIPS PUB 199 characterization

Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information.

Integrity: Guarding against improper information modification or destruction, including ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.

Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.

Federal Information Processing Standards

Computer Security Objectives

5

Additional concepts

Authenticity: verifying that users are who they say they are and that each input arriving at the system came from a trusted source.

Accountability: Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.

Tools for Confidentiality

Encryption

Transform the information using a secrete so it is useful only to the intended recipient

Access Control

Rules and policies that limit access to confidential information

Authentication

Determine identity or role of a user

Authorization

Specify the access rights or privileges to resources

Physical Security

Use physical barriers to deny unauthorized access

For example, lock and security guards

6

Tools for Integrity

Backups

Periodic archiving of data.

Checksums

Computation of a function that maps the contents of a file to a numerical value

Data correcting codes

methods for storing data in such a way that small changes can be easily detected and automatically corrected.

7

Tools for Availability

Physical protections

Infrastructure meant to keep information available even in the event of physical challenges.

For example, back up power

Computational redundancies

Computers and storage devices that serve as fallbacks in the case of failures.

For example, back up storage

8

Levels of Impact

9

Examples

Low

The loss could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals

Moderate

The loss could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals

High

The loss could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals

Levels of Impact

Examples:

Confidentiality:

Student enrollment info: moderate

Faculty list: low or no rating

Integrity:

Patient allergy info: high

Online forum: moderate

Availability:

Critical service: high

University website: moderate

10

Computer Security Challenges

Computer security is not simple

Simple requirements, complex mechanisms

Must consider potential attacks

Counterintuitive procedures

Physical and logical placement needs to be determined

More algorithms and protocols may be involved

Attackers only need to find a single weakness, the developer needs to find all weaknesses

Benefit of security is not obvious until breech or failure occurs

Requires regular monitoring

Security is often an afterthought

Incorporated after the design is completed

Security is treated as an impediment to efficient and user-friendly operation

11

Computer Security Terminology

12

Table 1.1 of textbook

13

Security Concepts and Relationships

Resources

Assets of a Computer System

Hardware

Computer systems

Data processing and data storage

Data communications devices

Software

OS

System utilities

Applications

Data

files and databases

Security-related data, such as password files.

Communication facilities and networks

Local and wide area network communication links,

Bridges and routers etc.

14

Vulnerabilities and Threats

Categories of vulnerabilities

Corrupted (loss of integrity)

Leaky (loss of confidentiality)

Unavailable or very slow (loss of availability)

Threats

Capable of exploiting vulnerabilities

Represent potential security harm to an asset

15

CIA

Attacks

Attacks (threats carried out)

Passive

Attempt to learn or make use of information from the system that does not affect system resources

Active

Attempt to alter system resources or affect their operation

Insider

Initiated by an entity inside the security parameter

Outsider

Initiated from outside the perimeter

16

Countermeasures

Countermeasure: any means taken to deal with a security attack

Prevent

Detect

Recover

Despite countermeasures, residual vulnerabilities may remain

Countermeasures can themselves introduce new vulnerabilities

The goal is to minimize the residual level of risk to the assets

17

Threat Consequences

18

Table 1.2 in textbook

Attacks (Revisit)

Recall passive and active attacks

Passive attacks: attempts to learn or make use of information from the system but does not affect system resources.

Eavesdropping

Traffic analysis

Active attacks: attempts to alter system resources or affect their operation

Replay

Masquerade

Modification of messages

Denial of service

19

Computer Assets and Threats

20

Table 1.3 in textbook

Security Requirements (Countermeasures)

FIPS PUB 200 (Minimum Security Requirements for Federal Information and Information Systems) enumerates 17 security-related areas (Table 1.4)

Technical measures:

Access control

Identification and authentication

System and communication protection

System and information integrity

Management controls:

Awareness and training

Audit and accountability

Certification, accreditation and security assessments

Contingency planning

Maintenance

Physical and environmental protection

Planning

Personnel security

Risk assessment

Systems and services acquisition

Overlap

Configuration management

Incident response

Media protection

21

Federal Information Processing Standards

Security Design Principles

National Centers of Academic Excellence

Economy of mechanism

keep it simple

Fail-safe defaults

default is lack of access

Complete mediation

do not rely on cached answers to grant access

Open design

Encryption algorithms are public, but keys are secret

Separation of privilege

multifactor user authentication

Least privilege

every process/user should have least privilege to perform task

Least common mechanism

separate user functions as much as possible

Psychological acceptability

security should intrude minimally with user work

Isolation

isolate systems/processes/files as much as possible

Encapsulation

object-oriented concept for protecting data

Modularity

use a modular architecture, to facilitate upgrades/maintenance

Layering

provide multiple layers of security

Least astonishment

programs and UIs should respond in understandable ways

22

Attack Surfaces

23

An attack surface consists of the reachable and exploitable vulnerabilities in a system

Three categories:

Network attack surface

Vulnerabilities over an enterprise network, wide-area network, or the Internet.

For example, network protocol vulnerabilities used for a denial-of-service

Software attack surface

Vulnerabilities in application, utility or operating system code. A particular focus in this category is Web server software.

For example, codes that processes incoming data, email, XML, office documents, and industry-specific custom data exchange formats

Human attack surface

Vulnerabilities created by personnel or outsiders, such as social engineering, human error, and trusted insiders.

For example, an employee with access to sensitive information vulnerable to a social engineering attack

Attack Trees

Branching, hierarchical data structure that represents a set of potential techniques for exploiting security vulnerabilities

Root node: attack goal

Subnode: subgoal

Leaf node: ways to initiate an attack

Each subnode is either AND-node or OR-node

Example: Internet banking Authentication (Figure 1.4)

24

Computer Security Strategy

Security policy

Formal statement of rules and practices that specify how a system provides security services to protect system resources

Security implementation

Involves four complementary actions

Prevention

Detection

Response

Recovery

Assurance

Degree of confidence that security measures work as intended to protect assets

Evaluation

Process of examining a computer product or system with respect to certain criteria

Involve testing and analytic or mathematical techniques

25

Summary

Computer security definition

Computer security objective (CIA triad)

Tools for CIA

Level of impact

Computer security challenges

Security terminology

Security concepts and relationship

Computer system assets

Vulnerabilities, threats, attacks and countermeasures

Threat consequences

Security requirements

Security design principles

Attack surfaces

Attack trees

Computer security strategy

26

Threat Consequence Threat Action (Attack) Unauthorized

Disclosure A circumstance or

event whereby an entity gains access to data for which the entity is not authorized.

Exposure: Sensitive data are directly released to an unauthorized entity.

Interception: An unauthorized entity directly accesses sensitive data traveling between authorized sources and destinations.

Inference: A threat action whereby an unauthorized entity indirectly accesses sensitive data (but not necessarily the data contained in the communication) by reasoning from characteristics or byproducts of communications.

Intrusion: An unauthorized entity gains access to sensitive data by circumventing a system's security protections.

Deception A circumstance or

event that may result in an authorized entity receiving false data and believing it to be true.

Masquerade: An unauthorized entity gains access to a system or performs a malicious act by posing as an authorized entity.

Falsification: False data deceive an authorized entity. Repudiation: An entity deceives another by falsely denying

responsibility for an act.

Disruption A circumstance or

event that interrupts or prevents the correct operation of system services and functions.

Incapacitation: Prevents or interrupts system operation by disabling a system component.

Corruption: Undesirably alters system operation by adversely modifying system functions or data.

Obstruction: A threat action that interrupts delivery of system services by hindering system operation.

Usurpation A circumstance or

event that results in control of system services or functions by an unauthorized entity.

Misappropriation: An entity assumes unauthorized logical or physical control of a system resource.

Misuse: Causes a system component to perform a function or service that is detrimental to system security.

Threat Consequence Threat Action (Attack)

Unauthorized

Disclosure

A circumstance or

event whereby an

entity gains access to

data for which the

entity is not

authorized.

Exposure: Sensitive data are directly released to an

unauthorized entity.

Interception: An unauthorized entity directly accesses

sensitive data traveling between authorized sources and

destinations.

Inference: A threat action whereby an unauthorized entity

indirectly accesses sensitive data (but not necessarily the

data contained in the communication) by reasoning from

characteristics or byproducts of communications.

Intrusion: An unauthorized entity gains access to sensitive

data by circumventing a system's security protections.

Deception

A circumstance or

event that may result

in an authorized entity

receiving false data

and believing it to be

true.

Masquerade: An unauthorized entity gains access to a

system or performs a malicious act by posing as an

authorized entity.

Falsification: False data deceive an authorized entity.

Repudiation: An entity deceives another by falsely denying

responsibility for an act.

Disruption

A circumstance or

event that interrupts

or prevents the correct

operation of system

services and

functions.

Incapacitation: Prevents or interrupts system operation by

disabling a system component.

Corruption: Undesirably alters system operation by

adversely modifying system functions or data.

Obstruction: A threat action that interrupts delivery of

system services by hindering system operation.

Usurpation

A circumstance or

event that results in

control of system

services or functions

by an unauthorized

entity.

Misappropriation: An entity assumes unauthorized logical

or physical control of a system resource.

Misuse: Causes a system component to perform a function

or service that is detrimental to system security.

Availability Confidentiality Integrity

Hardware Equipment is stolen or disabled, thus denying service.

An unencrypted CD- ROM or DVD is stolen.

Software Programs are deleted, denying access to users. An unauthorized copy of software is made.

A working program is modified, either to cause it to fail during execution or to cause it to do some unintended task.

Data Files are deleted, denying access to users.

An unauthorized read of data is performed. An analysis of statistical data reveals underlying data.

Existing files are modified or new files are fabricated.

Communication Lines and Networks

Messages are destroyed or deleted. Communication lines or networks are rendered unavailable.

Messages are read. The traffic pattern of messages is observed.

Messages are modified, delayed, reordered, or duplicated. False messages are fabricated.

Availability Confidentiality Integrity

Hardware

Equipment is stolen or

disabled, thus denying

service.

An unencrypted CD-

ROM or DVD is stolen.

Software

Programs are deleted,

denying access to users.

An unauthorized copy

of software is made.

A working program is

modified, either to

cause it to fail during

execution or to cause it

to do some unintended

task.

Data

Files are deleted,

denying access to users.

An unauthorized read

of data is performed.

An analysis of

statistical data reveals

underlying data.

Existing files are

modified or new files

are fabricated.

Communication

Lines and

Networks

Messages are destroyed

or deleted.

Communication lines

or networks are

rendered unavailable.

Messages are read. The

traffic pattern of

messages is observed.

Messages are modified,

delayed, reordered, or

duplicated. False

messages are

fabricated.