1 / 45

Data Security and Cryptology, XIII Database Security. Newtwork Security

Data Security and Cryptology, XIII Database Security. Newtwork Security. November 27th , 2013 Valdo Praust mois @ mois .ee Lecture Course in Estonian IT College Autumn 2013. Technical and Legal Views to Digital Signature.

anevay
Download Presentation

Data Security and Cryptology, XIII Database Security. Newtwork Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Data Security and Cryptology, XIII Database Security. Newtwork Security November 27th, 2013 Valdo Praust mois@mois.ee Lecture Course in Estonian IT College Autumn 2013

  2. Technical and Legal Views to Digital Signature A legal digital signature (digitaalallkiri, digiallkiri) is a legal concept which gives the document evidentary value as handwritten signature gives such a value to paper document A technical digital signature (digitaalsignatuur, sigisignatuur) is a technical or cryptotechnical construction which uses public-key cryptoalgorithm for achieving the integrity • Up to present the only known way for giving a legal digital signature is a using of technical digital signature • Each legal digital signature is (up to present) a technical digital signature. But each technical digital signature isn’t of course a legal digital signature – it needs some authorities called public key infrastructure

  3. Essence of (Legal) Digital Signature Digital signature uses the methods offered by a public-key cyrpotialgorihm (its use in digital signature or integrity acheiving mode) (A legal) digital signature (digitaalallkiri, digiallkiri) is an additional data set which is added to signable document (signable data set) and which is created by a signer(allkirjastaja) using both the signable document and a private key of a signer and is performed by mathematical operations

  4. Giving of a Digital Signature

  5. Verifying of a Digital Signature

  6. Private Key as a Chipcard Such a chip/device, where it’s impossible to read some internal values (keys) from the device, are called non-reverse-engineerable(pöördkonstrueerimatu) device

  7. Principles of Certification Certificates are usually issued by a special certificartion authorities(CAs, sertifitseerimiskeskus, sertifitseerimisteenuse osutaja) Binding of personal idenfication data (name, personal identification number) to public key is called certification(sertifitseerimine) A result of certification (by the means of digital signature) is a certificate(sertifikaat) which is always a digital document

  8. How Certificate(s) Act

  9. Certification Infrastructure • Certification infrastructure(sertifitseerimise taristu) or public-key infrastructure (PKI, avaliku võtme taristu) consists of five following mandatory components necessary for secure giving and verifying of digital signatures: • non-reverese-engineerably realized hardware-based public-key container • certification authority (CA) • validity of approval service (at the CA) • time-stamping authority • organization and coordination of services (usually in national level)

  10. Advantages of Digital Signature, I • If we get a digitally signed document and the signature verifies, then we must always be sure that the author of document has signed it using its real name, not a pseudonyme. Cerificates will be issued only to Estonian residents using their’ real name. • For a paper documents we can successfully sign a document using a pseudonyme. This fact will remain usually unnotable by the receiver of document (we usually don’t verify handwritten signatures)

  11. Advantages of Digital Signature, II • Digitally signed document is certainly signed by the person, which name is included into the signature (certificate). Only exception is the very rare case when the private key hasn’t kept by the signer • For a handwritten signature we can make a fake signatures (handwritten signatures’ verification probability is no more than 99%). Moreover, for each reading of paper document we do not verify (compare) the handwritten signature – we often do not have the necessary comparing material

  12. Advantages of Digital Signature, III • When digital signsature verifies successfully, we must always be sure that the document itself hasn’t changed after the signing process. It is ensured by the mathematical relationships between document, keys and signature. During the document preparation, we can’t think about possible forging methods • In the case of paper document we must always think about the possible forging methods when we prepare the document (especially for a cases of tables, empty boxes etc)

  13. Advantages of Digital Signature, IV • We can always prove the creating (signing) time of sigitally signed document. It is ensured by a presence of a time-stamp (which also includes the physical time) • For a paper document we can generally include there an arbitrary date (and it is not provable by the facts which are not related to the document content)

  14. Digital Document Must Remain Digital Forever If we print out the digitally signed document we always break the relations which give evidentiary value to a document The printout of digitally signed document must always be considered as a copy, not an original • Digital representation of a document allows to use wider elements of documents as a paper document (hypertext, mutimedia, hypermedia)

  15. Problems of Original and Copy of a Document For a paper documents we distinguish original and copies. There is always a certain (fixed) number of originals For a digital documents (at first sight) we can’t distinguish originals and copies – all entities of file (document) can be coinsidered as originals and their’ number isn’t fixed

  16. Evidentiary Value Problem, I Mein difference between paper documents and digital documents:evidentialy value of paper document is based on physical values which remain intact for a long-term perspective. Evidentiary value of digital document is based on mathematical properties of cryptoalgorithms which became breakable for a long-time perspective It is assumed that Moore’s rule applies at least next 30-50 years

  17. Evidentiary Value Problem, II Problem:the security properties of all contemporary cryptohgraphic algorithms has limited time horizon to apply (practical security).After 20-30 years a lot of them will be probably practically breakable It is reasonable, that Estonian (legal) digital siginatures, which are given between 2002 and 2011 and which base on RSA-1024 and SHA-1, will be practivally breakable (fakeable) after 20-30 years or even earlier

  18. Solution to Evidentiary Value Problem Solution:we must oversign (ülesigneerimine) long-term preserved document before the previous signature will become practically breakable. Resinging must be performed by a new, stronger algorithms, which lasts again 10-30 years (before new oversigning) Probably, the oversigning will be a obligation of a digital archiving instance

  19. Essence of Oversigning Oversiging of a document by a archining instance can be considered as a statement “I saw the document in a verifiable form and the mathematical algorithms of the previous signature are not yet broken. I confirm it by a new digital signature which is based on stronger mathematics” It creates comparison and verificartion possibilities for the future. The moment of oversigning can be proved by a corresponding time-stamp

  20. Database Security – Source Point • It’s assumed that data is represented by a relational database(relatsiooniline andmebaas) - tables, their’ relationships, records, fields etc • It’s necessary to achieve a confidentiality separately for a different fields. We must ensure that there can be realized an access for a different subjects to different fields • It’s determined outside the database, who (which user groups) can read and create/change different data

  21. Database Security – Source Point • It’s necessary to ensure integrity for both the (sometimes multiple-changable) data and the whole database. Sometimes it’s necessary to determine the whole history of data entity (previous forms and all editors) • Usually it’s assumed, that different database users having a writing access to the same data

  22. The Simplest Approach: anApplication-Software Based The storing of different events (data adding, changing etc) will performed by application software Usersauthenticate itself using their’ user names and passwords Application software together with database works on server, which is directly accessable only by system administrators Shortcoming: database is stored (in uncrypted form) to server and administratirs can access (also can change) the data – risks concentration is quite high

  23. Errorness of Application Software Actually each application software has some errors (vulnerabilities). Sometimes these errors are critical allowing to access or change something by an unauthorized subject Usually there will issue patches in order to repair these vulnerabilities Cruel reality: between the publishing of vulnerability and making of a patch the software is often remained unprotected for the corresponding attacks

  24. Integrity of Full Database Sad reality: if we equip each record (field) of a database with a (legal) digital signature, it ensures the integrity of a record, but doesn’t ensure the integrity of full database There will remain the possibility to erase unauthorizedly and undetectedly the whole records (together with their digital signatures)

  25. Integrity versus Accountability Integrity (terviklus) means that we must determine the source (creator, creating time) of a data Accountability (jälitatavus) means that we must know all the history (all previous states, creators, changes, changing times etc) of a certain entity If there’s allowed the changing of previously stored data, then instead of integrity there’s often used and needed an accountability

  26. Ensuring the Integrity of Full Database Solution: additionally to digital signatures we must equip a database with the (cryptographical) mechnisms which tie different records to each other and therefore prevent their’ unnoticable erasing This can be done by a queue of cryptographic hash functions(next record must include the hash of the previous record) – so-called “local time-stamp” In these cases we can’t never erase something from the database

  27. Properties of Hash Queue Ensuring the Integrity Advantages: • Each erasing of full record will be always noticable (queue of hashes doesn’t verify) • We can also give the evidentiary value to a negative query results • The integrity of records itself can be protected by a digital signature • Disadvantages: • Needs the implementing of hash (hash queue) and their’ verifiability check in the level of database application software

  28. Ensuring the Confidentiality of a Database We cannot encrypt these attributes of a database which must be considered as secondary keys (used a basis for a search) These data must be available for a database engine (database environment) as a plaintext Ensuring the confidentiality of these data for a database administrators needs a special accessing achitecture or is impossible Other data (attributes that we don’t consider as secondary keys) can be replaced by a ciphertext (and be made unavailable for a database environment) with the appropriate key distribution system

  29. Most-of-Used Practical Solution to a Database Confidentiality Problem Principle:data are stored into disk in encrypted form - there is a hardware security module (HSM, riistvaraline turvamoodul) included to database which enables to encipher/decipher and to generate/hold a corresponding key We can’t read the used key from HSM, we can only generate and use it inside HSM In these cases there are currently only these data available in non-encrypted which are under processing – temporal isolation. Other data (stored data) are kept in encrypted form and it’s impossible to decrypt them without HSM HSM can be usually started by a special chipcard (sets of chipcards)

  30. Ensuring the Availability of a Database Usually is ensured by an arhciving or backuping (arhiveerimine, varundamine): we store the same data in many physical places The necessary condition: if we use (not enough trustable) third parties for backuping, then it’s reasonableto encrypt and digitally sign thearchieved data with creating corresponding key management system This allows to reduce the confidentiality risk

  31. Basics of “Network“ (Internet) • Contemporary WAN (Wide Area Network) is usually an Internet • Internet is a network which is based onTCP/IP protocolwhere all transfered information is divided to (and managed by) certain IP packets which are considered and transferred separately Each IP packet bears information about: • source (IP address) • destination (IP address) • name of service which part it is

  32. Internet as a Collection of Services Internet consists of a lot of different services(teenused) which determine the type of information transferring principle and to which corresponds different protocols(protokollid) Examples: • e-mail (e-post, meil) –SMTP protocol • WWW(veeb)– HTTP protocol • FTP (file transfer) –FTP protocol • DNS– associates a name with IP address A a lot of services (protocols) are used for a Internet internal management and they are often hidden for a typical end user

  33. Threats from a Internet A symmetry principle: as well as we can access to the Internet (Internet services), as well the user from an Internet can access our computer or local network (services available there) • An unauthorized access to our computers/network/services • An eavesdropping of a confidential information - typical Internet-based protocols transfer non-encrypted information) • Changing of transferred information, so-called man-in-the middle attack (vahemeherünne) - typical Internet-based protocols transfer non-signed information • Denial-of-service attack, DOS (teenusetõkestusrünne)

  34. Shortcomings of an Open Internet Access Paradox:a hacker can easily access to your system or network Ina typical computer/LAN there operates a couple of services/protocols and some of them are certainly harmable and has some vulnerabilites It’s inevitable that application software and Internet serfvices has always some weaknesses sand vulnerabilities

  35. A Typical Solution: Firewall A multifunctional firewall:(tulemüür) a special gateway between Internet and your computer or local network) May be both, a hardware device or software product As a rule, controls all the traffic between Internet and physically secured computer or local network, allowing only some services/protocols in a pre-defined manner For a hardware device (local network separation) uses proxies for services and allows to use independent address space behind the firewall

  36. Advantages of a Firewall • Potential attacks are concentrated to one well-protected and well-designed point (firewall) instead of a couple of unsecure services and applications • Possibility to hide the topology of a local network • Possibility to save IP addresses (IPv6 alias IPng is not yet everywhere spread, number of “traditional” addresses are quite limited) • Possibililty to add FTP and/or WWW-server to the firewall (gateway)

  37. Main Shortcoming of a Firewall For an authorized users it hinders to access to the local resources (local network) from the other parts of Internet  Conclusion: it restricts the Internet-related remote access possibilities (virtual office, telecommuting, etc) As well as firewall blocks the unauthorized accesses from “big” Intetnet, it also blocks such a trials for an authorized users. A typical (“classical”) firewall is unable to distingush authorized access trials from unauthorized ones

  38. Solution for a Remote Access: Encryption and Signing A sad fact: typical Internet services (protocols) –http, telnet, ftp, nntp, smtp –are not secure, i.e. does not allow secure and authenticated communication. They can be easily both eavesdropped or changed by a classical man-in-the middle attack Hint for a secure remorte access:we must use both encryption (protects confidentiality) ja signing (protects integrity)

  39. Firewall + Secure Remote Access Client Secure Remote Access Client (turvaline kaugpöördusklient) uses the encryption and signing of transferrable data, ensuring both confidentiality and integrity of communication Is usually realized by TLS (SSL) protocol A secure remote access (as a connection unattackable by a man-in-.the middle attack) can be securely passed through firewalls This enables to restore the (secure) remote access for the systems including firewalls

  40. Virtual Private Network A typical Secure Remote Access Client is a suitable solution when we have one physical (physically protected) local area network and a lot of remote clients in different places (an example – a company and its’ telecommuters) But there arises another problem – a company with several (physically protected ) local networks in different places which we wish to use as a single system with its’ services, resources etc. Solution: a virtual private network (virtuaalne privaatvõrk), which connect different physically secured local networks together into one virtual private network with the united address space. The physical connection between different networks will be performed by using encrypted and signed (usually TLS-protected) data transfer via public Internet

  41. Virtual Private Network This technique allows to connect a couple of different physical networks Different local networks communicate with other local networks via Internet using special cryptowalls (krüptomüür) which often support TLS-protocol For a typical and user all different physical networks together seems to be as one big local network

  42. Virtual Private Network: Different Configurating Possibilities In order to get access to the public Internet, we can add a firewall to VPNs (at least to one of many physical networks): In these cases all traffic between VPN and “big” Internet will go through the firewall (despite of the physical location of current physical network)

  43. Virtual Private Network: Different Configurating Possibilities We can also add some firewalls in different networks, additional physical networks etc We can also add some secure remote acceess clients if it’s necessary

  44. Conclusion: Main (Classical) Means of Network Security Firewall(tulemüür) for a secure connection of a local network (single computer) to Internet Secure Remote Access Client(turvaline kaugtööklient) which allow a secure connection which may go even through fireewalls etc and enables autehntication of the related parties Virtual Private Networks(virtuaalsedprivaatvõrgud)which can connect different physically secured networks into one unique virtual network Asymbiosis of all above-mentioned means and components

  45. Necessary Additional Components Password management (paroolihaldus):who generates, how stored, how transferred and used etc Key management (võtmehaldus): who generates, how stored and kept, their’ relationship with passwords and devices etc Authentication means (autentimisvahendid): non-reverse-engineerable chipcards, HSMs, biometrics, passwords, etc Remainder: TLS (SSL) needs an additional information (certificate) during handshaking

More Related