740 likes | 754 Views
Chapter 8 – Common Access Control. Access Control Objectives. Confidentiality (includes privacy) Integrity Availability . Access Control Processes. Identification Authentication Authorization Logging Monitoring . Common Access Controls. Password
E N D
Chapter 8 – Common Access Control EECS4482 2016
Access Control Objectives • Confidentiality (includes privacy) • Integrity • Availability EECS4482 2016
Access Control Processes • Identification • Authentication • Authorization • Logging • Monitoring EECS4482 2016
Common Access Controls • Password • Two-factor authentication • Biometrics • Access control lists for granting authorization to information • Locks EECS4482 2016
Common Access Controls • Encryption • Anti-virus • Patching • Firewall • Intrusion detection system • Intrusion prevention system Collectively called defence in depth EECS4482 2016
Passwords • Should not be shared • Should be changed by user • Should be changed frequently and upon compromise (suspected unauthorized disclosure) EECS4482 2016
Passwords • Long, at least 8 characters • Alphanumeric • Hashed (one-way scrambling) • System should allow only a few attempts before locking out account EECS4482 2016
Password Cracking Methods • Dictionary attacks – try scrambling the common names and all dictionary words • Brute force – try scrambling all possible combinations of characters, most time consuming • Systematic deduction – try name followed by month, etc. • Hacker community has tables of hashes, called rainbow tables to help in cracking. EECS4482 2016
Passwords • An 8-letter password is 676 times stronger than a 6-letter password. • A user chosen 6- character alphanumeric Word password can be cracked in 7 seconds. • A 6-character alphanumeric password is 6 times stronger than a 6-letter password. • A completely random 8-character alphanumeric is virtually uncrackable with a modern PC, takes about a year. • Strength should depend on user’s privilege and locality of system. EECS4482 2016
Two-factor Authentication (general or application) • Used to compensate for the inherent weaknesses of passwords, i.e., guessing and hacking. • Uses what the user has and what the user knows. • Examples are to use a token with a dynamic password and ATM. EECS4482 2016
Biometrics (general or application) • Can include fingerprint, hand geometry, voice etc. • Held back by privacy concerns. • Not recognised legally in place of signature EECS4482 2016
Operating System Security (general control) • Use a standard checklist for configuration • Locks down workstation access by employees to prevent unauthorized installation of software • Use scanning software to detect vulnerabilities before implementation and periodically • Use automated patching tools to install security fixes. EECS4482 2016
Firewall • Can be hardware based only, e.g., a router. • Can be a server with sophisticated software, more granular and reliable than a router, provides better logs. • Can use artificial intelligence to check for patterns. EECS4482 2016
Firewall • Every organization that hosts a web site should have a firewall to protect its internal network from hackers • The firewall would block traffic that is definitely unacceptable. EECS4482 2016
Firewall • A typical firewall uses rules to determine whether traffic is acceptable, e.g., port scanning is not allowed by some organizations. • A data packet typically consists of a source Internet Protocol (IP) address, a port and a destination Internet Protocol address. EECS4482 2016
Firewall • A port is a logical connection point in a network device including a computer. • It is used to standardize Internet traffic, e.g., web browsing uses port 80, e-commerce uses port 443. EECS4482 2016
TECHNOLOGIES AND TOOLS FOR SECURITY AND CONTROL Firewalls, Intrusion Detection Systems, and Antivirus Software (continued) • Network address translation (NAT) • Provides an additional layer of protection • Conceals the IP address of the host computer to sniffer programs. EECS4482 2016
Firewall Management • Firewall should not be remotely administerable in order to reduce the risk of hacking. • Firewall logs should be reviewed frequently to avoid the log getting full and firewall collapsing. EECS4482 2016
Virus Protection • Companies around the world spend about US $20 billion a year to clean up viruses • All critical servers are protected • All internet email is scanned • Automated identification of workstations that do not have up-to-date signature files • Organizations should block common virus file types to be proactive EECS4482 2016
SYSTEM VULNERABILITY AND ABUSE Malicious Software: Viruses, Worms, Trojan Horses, and Spyware • Computer viruses: • Rogue software programs that attach to other programs in order to be executed, usually without user knowledge or permission • Deliver a “payload” • Can spread by email attachments EECS4482 2016
SYSTEM VULNERABILITY AND ABUSE Malicious Software (continued) • Worms: • Programs that copy themselves from one computer to another over networks • Can destroy data, programs, and halt operation of computer networks • Most common payload is to tie up a network to deny service. EECS4482 2016
Worm • Unlike a virus, an Internet worm requires no user interaction to infect a computer. A computer only has to be on a network. • If the computer has the security hole targeted by the worm, it will be infected. • Main control is patching. EECS4482 2016
Virtual Private Network • To secure remote access to company systems by staff or contractors. • Should require two-factor authentication. • Encrypts the data like eBusiness. EECS4482 2016
Intrusion Detection System • Screens traffic that passes a firewall to build pattern. • Alerts security administrator of questionable or unacceptablepattern. • Administrator can then decide, with management guidance if significant, to place a firewall rule to block further traffic of this pattern. EECS4482 2016
Intrusion Prevention System • Screens traffic that passes a firewall to build pattern. • Rejects highly questionable or unacceptable traffic. • More effective than firewalls but may have false positive. Deployed to protect highly sensitive servers. EECS4482 2016
Encryption • Uses mathematics to scramble data. • Uses a key and an algorithm . Commercial algorithms are public knowledge. • Symmetric key. • Asymmetric keys (private/public key pair). • Can prevent sniffing, i.e., unauthorized interception of data transmission. EECS4482 2016
Symmetric Key Encryption • The same key is used to decrypt and encrypt • Simple to encrypt and decrypt • Large number of keys required for one-on-one secret communication • Number of keys for N people is N(N-1)/2 • Need to secure the key EECS4482 2016
Application of Encryption • eBusiness • Virtual private network • eMail • Stored data • Digital signature • Wireless network EECS4482 2016
Asymmetric Encryption • A pair of key is generated by a user, a private key and a corresponding public key. • The public key can be disclosed. The private key is secured. • People can use the public key to encrypt material. • Use of private key should require a passphrase. EECS4482 2016
Asymmetric Encryption • The corresponding private key is needed to decrypt. • The 2 keys cannot be reengineered, i.e., you cannot use the public key to derive the private key. • Longer keys than symmetric and therefore a longer process to encrypt and decrypt. EECS4482 2016
Asymmetric Encryption • Needed for email encryption. • Used for e-commerce, digital certificates and digital signatures. • Number of keys for N users is 2N. EECS4482 2016
TECHNOLOGIES AND TOOLS FOR SECURITY AND CONTROL Encryption and Public Key Infrastructure • Digital signature: • A digital code attached to an electronically transmitted message that is used to verify the origin and contents of a message • Digital certificates: • Data files used to establish the identity of users and electronic assets for protection of online transactions. EECS4482 2016
TECHNOLOGIES AND TOOLS FOR SECURITY AND CONTROL Public Key Infrastructure • A set of policy, procedures and servers used to operate a public key environment. • There is a public key server that holds everybody’s public key for retrieval by programs that use encryption. • There are servers used to authenticate users that activate private keys. EECS4482 2016
Limitation of Encryption • If key is lost, data cannot be decrypted. • Rogue parties can delete an encrypted file without knowing the key; therefore access control list is important. • Encrypted email attachments are generally deleted by the anti-virus program. EECS4482 2016
Digital Signature • A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and to ensure that the original content of the message or document that has been sent is unchanged. EECS4482 2016
Digital Signature • The sender uses an algorithm to compute a hash (garbled digest) of the document • Sender uses its private key to encrypt the hash. • Recipient uses same algorithm to hash the plain text document when received. • Recipient uses the public key to decrypt the digital signature and compare to the hash the recipient created, to confirm integrity. EECS4482 2016
Digital Certificate • An electronic business card that establishes your credentials when doing business or other transactions on the Web. • It is issued and digitally signed by a certification authority. It contains your name, a serial number, expiration dates, the certificate authority’s name and public key, and your public key. • People can use the certificate authority’s public key to verify the signature. EECS4482 2016
Certificate Authority • An organization that issues digital certificates to companies and individuals • An organization can issue digital certificates to its own customers or employees to authenticate local transactions • The certificate authority will do due diligence to confirm the existence and authenticity of the party before issuing a certificate. EECS4482 2016
eBusiness Encryption • Uses both symmetric keys and asymmetric keys • Enforced by the merchant • Merchant sends its certificate and public key to the browser EECS4482 2016
eBusiness Encryption • Browser generates a symmetric key based on the Secure Socket Layer (SSL) standard, usually 128 bits. • Browser encrypts the symmetric key with the merchant’s public key • Browser authenticates the digital certificate • Encrypted symmetric key is sent to merchant EECS4482 2016
eBusiness Encryption • Merchant decrypts the symmetric key with its private key • The symmetric key is used for all subsequent transfer of information between the 2 parties until the user logs off. EECS4482 2016
Secure Electronic Transaction (SET) • Not widely used in North America because it is less flexible than traditional eBusiness SSL encryption. • Used more in Hong Kong, Japan and South Korea for wealthy clients. EECS4482 2016
SET Process A customer receives a “personal” digital certificate from the credit card issuing financial institution, along with a private key. The customer stores it on the hard disk or a memory disk. The financial institution requires the customer to protect it with a pass phrase. EECS4482 2016
SET Process When the customer buys something on a web site, s/he sends his or her digital certificate to the merchant, which sends a copy of it to the financial institution. The customer is required to use a passphrase to send the personal certificate. S/he also downloads the merchant’s and the financial institution’s digital certificates. EECS4482 2016
SET Process • The customer’s browser hashes the purchase order and the credit card information separately to form two message digests. • The customer signs the message digests to form a composite digital signature. • The digital signature is sent to the merchant which in turn forwards a copy of it to the financial institution. EECS4482 2016
SET Process The customer uses the merchant’s public key to encrypt the purchase order and s/he uses the financial institution’s public key to encrypt the credit card information. The merchant forwards the credit card information along with the amount to be charged to the financial institution. EECS4482 2016
SET Process • The merchant and the financial institution use the customer’s public key to decrypt the digital signature. • The merchant and financial institution use their private keys to decrypt the purchase order and credit card info. EECS4482 2016
SET Process • The merchant and the financial institution independently computes the message digests of the purchase order and credit card info respectively. • The independently computed message digests are then compared to the message digests in the decrypted digital signature. EECS4482 2016
SET Process • Now the merchant and the financial institution/ePayment vendor have authenticated the purchase and credit/ePayment card information separately and independently. • The credit information is not known to the merchant and the purchase order (except the final amount) is not known to the card issuing financial institution or payment vendor. EECS4482 2016
SET PRocess The financial institution or payment vendor sends a code to the merchant indicating payment is approved or declined. EECS4482 2016