Professional Documents
Culture Documents
objectives of preserving the integrity, availability and confidentiality of information system resources
(includes hardware, software, firmware, information/data, and telecommunications).
Key Security Concepts
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means
for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized
disclosure of information.
Integrity: Guarding against improper information modification or destruction, and includes ensuring
information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or
destruction of information.
Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the
disruption of access to or use of information or an information system.
Although the use of the CIA triad to define security objectives is well established, some in the security field
feel that additional concepts are needed to present a complete picture. Two of the most commonly mentioned
are:
Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the
validity of a transmission, a message, or message originator.
Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely
to that entity.
Computer Security Challenges
1. not simple
6. battle of wits between attacker / admin
2. must consider potential attacks
7. not perceived on benefit until fails
3. procedures used counter-intuitive
8. requires regular monitoring
4. involve algorithms and secret info
9. too often an after-thought
5. must decide where to deploy mechanisms
10. regarded as impediment to using system
Computer security is both fascinating and complex. Some of the reasons follow:
1. Computer security is not as simple as it might first appear to the novice. The requirements seem to be
straightforward, but the mechanisms used to meet those requirements can be quite complex and subtle.
2. In developing a particular security mechanism or algorithm, one must always consider potential attacks
(often unexpected) on those security features.
3. Hence procedures used to provide particular services are often counterintuitive.
4. Having designed various security mechanisms, it is necessary to decide where to use them.
5. Security mechanisms typically involve more than a particular algorithm or protocol, but also require
participants to have secret information, leading to issues of creation, distribution, and protection of that secret
information.
6. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the
designer or administrator who tries to close them.
7. There is a natural tendency on the part of users and system managers to perceive little benefit from security
investment until a security failure occurs.
8. Security requires regular monitoring, difficult in today's short-term environment.
9. Security is still too often an afterthought - incorporated after the design is complete.
10. Many users / security administrators view strong security as an impediment to efficient and user-friendly
operation of an information system or use of information.
denial of service prevents or inhibits the normal use or management of communications facilities, or
the disruption of an entire network
Active attacks present the opposite characteristics of passive attacks. It is quite difficult to prevent active
attacks absolutely. Instead, the goal is to detect them and to recover from any disruption or delays caused by
them.
Security Functional Requirements
technical measures:
access control; identification & authentication; system & communication protection; system &
information integrity
management controls and procedures
awareness & training; audit & accountability; certification, accreditation, & security
assessments; contingency planning; maintenance; physical & environmental protection;
planning; personnel security; risk assessment; systems & services acquisition
overlapping technical and management:
configuration management; incident response; media protection
X.800 Security Architecture
X.800, Security Architecture for OSI
systematic way of defining requirements for security and characterizing approaches to satisfying them
defines:
security attacks - compromise security
security service - counter security
security mechanism - act to detect,
attacks
prevent, recover from attack
The OSI security architecture focuses on security attacks, mechanisms, and services. These can be defined
briefly as:
Security attack: Any action that compromises the security of information owned by an organization. cf.
network security attacks slide earlier
Security mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
cf. functional requirements from previous slide or Table 1.6 in text.
Security service: A service that enhances the security of the data processing systems and the information
transfers of an organization. The services are intended to counter security attacks, and they make use of
one or more security mechanisms to provide the service.
Security Taxonomy
Over time, the attacks on the Internet and Internet-attached systems have grown more sophisticated while the
amount of skill and knowledge required to mount an attack has declined, as shown here in Figure 1.6 from the
text. Attacks have become more automated and can cause greater amounts of damage. This increase in attacks
coincides with an increased use of the Internet and with increases in the complexity of protocols, applications,
and the Internet itself. Critical infrastructures increasingly rely on the Internet for operations. Individual users
rely on the security of the Internet, email, the Web, and Web-based applications to a greater extent than ever.
Thus, a wide range of technologies and tools are needed to counter the growing threat.
Computer Security Strategy
specification/policy
what is the security scheme supposed to do?
codify in policy and procedures
implementation/mechanisms
how does it do it?
prevention, detection, response, recovery
correctness/assurance
does it really work?
assurance, evaluation
Specification/policy: What is the security scheme supposed to do? A security policy is an informal
description of desired system behavior. In developing a security policy, a security manager needs to consider
the context, in terms of: value of the assets being protected; vulnerabilities of the system; potential threats and
the likelihood of attacks. Further, the manager must consider the following tradeoffs between Ease of use
versus security and Cost of security versus cost of failure and recovery.
Implementation/mechanisms: How does it do it? Security implementation involves four complementary
courses of action: prevention (ideal security scheme is when no attack is successful. Not practical in all cases,
is a reasonable goal), detection (when practical to detect security attacks), response (to halt the attack and
prevent further damage), recovery (from attack consequences, such as using a backup system).
Correctness/assurance: Does it really work? Have the concepts of assurance and evaluation. Assurance as
the degree of confidence one has that the security measures, both technical and operational, work as intended
to protect the system and the information it processes. Evaluation is the process of examining a computer
product or system with respect to certain criteria. Evaluation involves testing, and may also involve formal
analytic or mathematical techniques.
Ch. 2
Cryptographic Tools
cryptographic algorithms important element in security services
review various types of elements
symmetric encryption
digital signatures and key management
public-key (asymmetric) encryption
secure hash functions
example is use to encrypt stored data
Symmetric Encryption
Plaintext: This is the original message or data that is fed into the algorithm as input.
Encryption algorithm: The encryption algorithm performs various substitutions and transformations on the
plaintext.
Secret key: The secret key is also input to the encryption algorithm. The exact substitutions and
transformations performed by the algorithm depend on the key.
Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the secret
key. For a given message, two different keys will produce two different ciphertexts.
Decryption algorithm: This is essentially the encryption algorithm run in reverse. It takes the ciphertext
and the secret key and produces the original plaintext.
There are two requirements for secure use of symmetric encryption:
1. We need a strong encryption algorithm.
2. Sender and receiver must have secure obtained, & keep secure, the secret key.
Attacking Symmetric Encryption
cryptanalysis
rely on nature of the algorithm
plus some knowledge of plaintext characteristics
even some sample plaintext-ciphertext pairs
exploits characteristics of algorithm to deduce specific plaintext or key
brute-force attack
try all possible keys on some ciphertext until get an intelligible translation into plaintext
Symmetric Encryption Algorithms
DES and Triple-DES
Data Encryption Standard (DES) is the most widely used encryption scheme
uses 64 bit plaintext block and 56 bit key to produce a 64 bit ciphertext block
concerns about algorithm & use of 56-bit key
Triple-DES
repeats basic DES algorithm three times
using either two or three unique keys
much more secure but also much slower
Advanced Encryption Standard (AES)
needed a better replacement for DES
NIST called for proposals in 1997
selected Rijndael in Nov 2001
published as FIPS 197
symmetric block cipher
uses 128 bit data & 128/192/256 bit keys
kunci private. Hal tersebut merupakan kelebihan pada sistem asymmetric karena user cukup menyimpan secara
rahasia kunci private miliknya, sedangkan kunci publik dapat disebarkan ke seluruh user yang ingin
berkomunikasi dengannya tanpa perlu khawatir orang yang tidak berhak dapat membuka pesan menggunakan
kunci publik yang telah disebar tersebut.
Pada sistem symmetric, kunci yang digunakan untuk encrypt dan decrypt adalah sama, sehingga user
yang saling berkomunikasi menggunakan sistem symmetric harus saling berkirim kunci yang sama karena jika
mereka tidak menggunakan kunci yang sama maka pesan tidak dapat terbuka di sisi penerima. Jika terdapat
seseorang yang berada di tengah2 proses kirim terima kunci dan berhasil mendapatkan kunci tersebut maka maka
semua pesan dapat terbuka. Berbeda dengan sistem asymmetric, user hanya perlu mengirimkan kunci publik
supaya orang lain dapat berkomunikasi dengan dirinya.
Authentication Asimetris
A user encrypts data using his or her own private key. Anyone who knows the corresponding public key will
then be able to decrypt the message. This is directed toward providing authentication and/or data integrity. If
a user is able to successfully recover the plaintext from Bobs ciphertext using Bobs public key, this indicates
that only Bob could have encrypted the plaintext, thus providing authentication. Further, no one but Bob would
be able to modify the plaintext because only Bob could encrypt the plaintext with Bobs private key. This can
be adapted to provide authentication or data integrity. Suppose that Bob wants to send a message to Alice and,
although it is not important that the message be kept secret, he wants Alice to be certain that the message is
indeed from him. In this case Bob could use his own private key to encrypt the message. Here the entire
message is encrypted, which, although validating both author and contents, requires a great deal of storage
and additional processing cost.
Public Key Requirements
1. computationally easy to create key pairs
2. computationally easy for sender knowing public key to encrypt messages
3. computationally easy for receiver knowing private key to decrypt ciphertext
4. computationally infeasible for opponent to determine private key from public key
5. computationally infeasible for opponent to otherwise recover original message
6. useful if either key can be used for each role
Public Key Algorithms
RSA (Rivest, Shamir, Adleman)
developed in 1977
only widely accepted public-key encryption alg
given tech advances need 1024+ bit keys
Diffie-Hellman key exchange algorithm
only allows exchange of a secret key
Digital Signature Standard (DSS)
provides only a digital signature function with SHA-1
Elliptic curve cryptography (ECC)
new, security like RSA, but with much smaller keys
Random Numbers
random numbers have a range of uses
requirements:
randomness
based on statistical tests for uniform distribution and independence
unpredictability
successive values not related to previous
clearly true for truly random numbers
but more commonly use generator
Random numbers play an important role in the use of encryption for various network security applications,
such as in the generation of: keys for public-key algorithms, stream keys in a stream cipher, for temporary
session keys, and in key distribution scenarios.
Pseudorandom verses Random Numbers
often use algorithmic technique to create pseudorandom numbers
which satisfy statistical randomness tests
but likely to be predictable
true random number generators use a nondeterministic source
e.g. radiation, gas discharge, leaky capacitors
increasingly provided on modern processors
Cryptographic applications typically make use of algorithmic techniques for random number generation.
These algorithms are deterministic and therefore produce sequences of numbers that are not statistically
random. However, if the algorithm is good, the resulting sequences will pass many reasonable tests of
randomness. Such numbers are referred to as pseudorandom numbers.
A true random number generator (TRNG) uses a nondeterministic source to produce randomness. Most
operate by measuring unpredictable natural processes, such as pulse detectors of ionizing radiation events,
gas discharge tubes, and leaky capacitors. Increasingly have true random sources in modern computer
chips.
Practical Application: Encryption of Stored Data
common to encrypt transmitted data
much less common for stored data
which can be copied, backed up, recovered
approaches to encrypt stored data:
back-end appliance
library based tape encryption
background laptop/PC data encryption
Some more recent approaches for doing this include:
Back-end appliance: a hardware device that sits between servers and storage systems and encrypts all data
going from the server to the storage system and decrypts data going in the opposite direction.
Library-based tape encryption: provided by means of a co-processor board embedded in the tape drive
and tape library hardware. The co-processor encrypts data using a nonreadable key configured into the board.
The tapes can then be sent off-site to a facility that has the same tape drive hardware.
Background laptop and PC data encryption: software products that provide encryption that is transparent
to the application and the user. Some encrypt all or designated files and folder,. others create a virtual disk
locally on the hard drive or on a network storage device, with all data on the virtual disk encrypted. Various
key management solutions are offered to restrict access to the owner of the data.
Ch. 3
User Authentication
fundamental security building block
basis of access control & user accountability
is the process of verifying an identity claimed by or for a system entity
has two steps:
identification - specify identifier
verification - bind entity (person) and identifier
distinct from message authentication
The process of verifying an identity claimed by or for a system entity. An authentication process consists of
two steps:
Identification step: Presenting an identifier to the security system. (Identifiers should be assigned
carefully, because authenticated identities are the basis for other security services, such as access
control service.)
Verification step: Presenting or generating authentication information that corroborates the binding
between the entity and the identifier.
In essence, identification is the means by which a user provides a claimed identity to the system; user
authentication is the means of establishing the validity of the claim. Note that user authentication is distinct
from message authentication.
Means of User Authentication
four means of authenticating user's identity
based one something the individual
knows - e.g. password, PIN
possesses - e.g. key, token, smartcard
is (static biometrics) - e.g. fingerprint, retina
does (dynamic biometrics) - e.g. voice, sign
can use alone or combined
all can provide user authentication
all have issues
There are four general means of authenticating a user's identity, which can be used alone or in combination:
Something the individual knows: Examples includes a password, a personal identification number
(PIN), or answers to a prearranged set of questions.
Something the individual possesses: Examples include electronic keycards, smart cards, and physical
keys. This type of authenticator is referred to as a token.
Something the individual is (static biometrics): Examples include recognition by fingerprint, retina,
and face.
Something the individual does (dynamic biometrics): Examples include recognition by voice pattern,
handwriting characteristics, and typing rhythm.
Password Authentication
widely used user authentication method
user provides name/login and password
system compares password with that saved for specified login
authenticates ID of user logging and
that the user is authorized to access system
determines the users privileges
is used in discretionary access control
Password Vulnerabilities
offline dictionary attack
specific account attack
popular password attack
password guessing against single user
workstation hijacking
exploiting user mistakes
exploiting multiple password use
electronic monitoring
We can identify the following attack strategies and countermeasures:
Offline dictionary attack: A determined hacker may bypass access controls and gain access to the system
password file. The attacker then compares the password hashes against hashes of commonly used
passwords.
Specific account attack: The attacker targets a specific account and submits password guesses until the
correct password is discovered.
Popular password attack: The attacker chooses a popular password and try it against a wide range of user
IDs.
Password guessing against single user: The attacker attempts to gain knowledge about the account holder
and system password policies and uses that knowledge to guess the password.
characters, An alternative is to trade off space for time by precomputing potential hash values. In this approach
the attacker generates a large dictionary of possible passwords. For each password, the attacker generates the
hash values associated with each possible salt value.
Password Choices
users may pick short passwords
e.g. 3% were 3 chars or less, easily guessed
system can reject choices that are too short
users may pick guessable passwords
so crackers use lists of likely passwords
e.g. one study of 14000 encrypted passwords guessed nearly 1/4 of them
would take about 1 hour on fastest systems to compute all variants, and only need 1 break!
Password File Access Control
can block offline guessing attacks by denying access to encrypted passwords
make available only to privileged users
often using a separate shadow password file
still have vulnerabilities
exploit O/S bug
access from unprotected backup media
accident with permissions making it
sniff passwords in unprotected network
readable
traffic
users with same password on other
systems
One way to thwart a password attack is to deny the opponent access to the password file. If the hashed
password portion of the file is accessible only by a privileged user, then the opponent cannot read it without
already knowing the password of a privileged user. Often, the hashed passwords are kept in a separate file
from the user IDs, referred to as a shadow password file. Special attention is paid to making the shadow
password file protected from unauthorized access. Although password file protection is certainly
worthwhile, there remain vulnerabilities: a hacker may be able to exploit a software vulnerability in the
operating system to bypass the access control system long enough to extract the password file; an accident
of protection might render the password file readable; some users may use the same password on other
less protected or compromised machines; a lack of or weakness in physical security (e.g. of backups) may
provide opportunities for a hacker to access a copy of the file; passwords may be captured by sniffing
network traffic.
Using Better Passwords
clearly have problems with passwords
goal to eliminate guessable passwords
whilst still easy for user to remember
techniques:
user education
reactive password checking
computer-generated passwords
proactive password checking
Four basic techniques are in use:
User education - Users can be told the importance of using hard-to-guess passwords and can be provided
with guidelines for selecting strong passwords. Can be problematic when have a large user population or
a lot of turnover, and because many users will simply ignore the guidelines.
Computer-generated passwords - have a history of poor acceptance by users, if random in nature, users
will not remember them, if pronounceable, the user may still be tempted to write it down.
Reactive password checking - where the system periodically runs its own password cracker to find
guessable passwords.The system cancels any passwords that are guessed and notifies the user. Can be
costly in resources to implement.
Proactive password checking - where user selects own password which the system then checks to see if
it is is allowable and, if not, rejects it. It must strike a balance between user acceptability and strength.
Likely the best solution.
alone. An adversary must gain physical possession of the card (or be able to duplicate it) plus must gain
knowledge of the PIN. Among the potential drawbacks are the following [NIST95]:
Requires special reader: This increases the cost of using the token and creates the requirement to maintain
the security of the readers hardware and software.
Token loss: A lost token temporarily prevents its owner from gaining system access. Thus there is an
administrative cost in replacing the lost token. In addition, if the token is found, stolen, or forged, then an
adversary now need only determine the PIN to gain unauthorized access.
User dissatisfaction: Although users may have no difficulty in accepting the use of a memory card for
ATM access, its use for computer access may be deemed inconvenient.
Smartcard
credit-card like
has own processor, memory, I/O ports
wired or wireless access by reader
ROM, EEPROM, RAM memory
may have crypto co-processor
executes protocol to authenticate with reader/computer
also have USB dongles
Biometric Authentication
authenticate user based on one of their physical characteristics
Biometric Accuracy
can plot characteristic curve
pick threshold balancing error rates
The iris system had no false matches in over 2 million cross-comparisons. Note that over a broad range of
false match rates, the face biometric is the worst performer.
Remote User Authentication
authentication over network more complex
problems of eavesdropping, replay
generally use challenge-response
user sends identity
host responds with random number
user computes f(r,h(P)) and sends back
host compares value from user with own computed value, if match user authenticated
protects against a number of attacks
Authentication Security Issues
client attacks
replay
host attacks
trojan horse
eavesdropping
denial-of-service
Client attacks are those in which an adversary attempts to achieve user authentication without access to the
remote host or to the intervening communications path. The adversary attempts to masquerade as a legitimate
user. e.g. in a password-based system, the adversary may attempt to guess the likely user password. Host
attacks are directed at the user file at the host where passwords,token passcodes, or biometric templates are
stored. Eavesdropping refers to an adversarys attempt to learn the password by observing the user, finding a
written copy of the password, keystroke logging, etc. Replay attacks involve an adversary repeating a
previously captured user response. The most common countermeasure to such attacks is the challengeresponse protocol. In a Trojan horse attack, an application or physical device masquerades as an authentic
application or device for the purpose of capturing a user password, passcode, or biometric. The adversary can
then use the captured information to masquerade as a legitimate user. A denial-of-service attack attempts to
disable a user authentication service by flooding the service with numerous authentication attempts.
FMR : Suatu keadaan dimana sistem mengenal imposter sebagai user asli
FNMR : Suatu keadaan dimana sistem tidak dapat menerima user asli