450 likes | 557 Views
Data Security and Cryptology , II Common Ways to Secure Digital Data . Security Threats , Classification. September 10th , 2014 Valdo Praust mois @ mois .ee Lecture Course in Estonian IT College Autumn 2014. What We Protect: Information.
E N D
DataSecurity and Cryptology, IICommonWaystoSecureDigitalData.SecurityThreats, Classification September 10th, 2014 Valdo Praust mois@mois.ee Lecture Course in Estonian IT College Autumn 2014
What We Protect: Information Information(informatsioon, teave)– a knowledge concerning any objects, such as facts, events, things, processes or ideas, which have a special meaning in certain contexts The concept “information” isheavily related tothemoregeneralconcept – knowledge. Itassumesthatthereis a factwhisisknown (an object), andthepersonwhoknowsthefact (the subject) Informationitselfdoesnothavethe practicalshape. The practicalshapeof information will occure whenwe also consider the practical representation of information (and then it is called - data)
What We Protect: Data Data(andmed)– reinterpretable formalized representation of aninformation in sucha form whichissuitable for transfer, processing and/or interpretation Data are always the presentation of information,usually in a pre-agreed form (which allows to transfer the information beared by the data from one subject to another) The same data can be interpreted differently by the different subjects having a different background (for example, “hallitus” inEstonian and inFinnish)
Data Format Data format(andmevorming, vorming) — a desciption how different type of information – text, picture, voice, video etc – is coded into the queue of 0’s and 1’s A pre-agreed (standardised) data format gives to data (to data file) a concrete and unique meaning. If we have data but do not have the data format desciption, then we do not have the information, carried by the data
From Data Format to Meaning Different data formats are supported by a different application software which usually allow to write the file in certain format, or to made the content of data (information) human-perceptable etc. A typical end-user usually don’t know anything about different data formats and interpretation. He/she usually associates the certain format only to the certain software which is able to interpretate these format(s). End user usually receives only an human-perceptable form, prepared by the software, so-calles WYSIWYG (What You See Is What You Get, in Estonian adekvaatkuva)
Necessity of Data Security If we possess (or process) the data then the information carried by the data has always value for us (for our business process). It does not depend either the infomation is represented by the digital nor by the paper-based data Information security (infoturve) or data security (andmeturve) is a discipline concerning the maintaining these values/properties of information (performed in practice by the maintaining the properties of data)
Components of Information Security • Infortmation security (infoturve) or data security (andmeturve) is a complex concept consisting of following three properties (goals): • information availability (käideldavus) • information integrity (terviklus) • information confidentiality (konfidentsiaalsus) These three properties – called branches or goals of secrity – must be maintained for all information/data items we possess
About Different Concepts • The following four concepts: • information security (infoturve) • information protection (infokaitse) • data security (andmeturve) • data protection (andmekaitse) • are widely taken synonyms It’s mainly a question about traditions and culture where we use which concept.For example in Europe the concept data protection is often used in a context of protection of personal data (isikuandmete kaitse)
Data Availability Dataavailabilty(andmete käideldavus) isa timely and convenient access and usage of information carried by the datafor all authorized persons and otherentities Availability is the most important component of data security– the worst thing which must be happened is that data are no more available for the subjects which need them during business process (maybe destroyed forever)
Data Integrity Data integrity(andmete terviklus) is a ensuring that data are originated (information was stored into the data) by a certain source and haven’t been altered (both by an accident or by a deliberate act or by the fake) Integrity are thesecondimportantsecuritybranch (bytheavailability) In the business process we usually assume that the data are firmly related to the creator/source of the data, creation timeetc
Data Confidentiality Data confidentiality (andmete konfidentsiaalsus ehk salastatus ehk salastus) is the availability of the information, carried by the data, only by the authorized subjects (and strict non-availability for other subjects) In a pre-comuter world it was the only brach of data (information) security
Security of Data vs IT Assets Security of data (security of information beared by the data) is ensured by the securing the (IT) assets surrounding the data • IT assets include: • IT equipment (hardware, communication devices, power supplies etc) • data communication channels • software (both system and application software) • but it also must include: • organization (its structure and operation) • personnel • data carriers (incl. documents) • infrastructure (buildings, offices etc)
Standard Model of Security Harming • Threats(ohud) influence the data (via IT assets) • Threats use the vulnerabilities(nõrkused, turvaaugud) of IT assets or components of IT system • Threats with co-influence the vulnerabilites will determine the risk or security risk(risk, turvarisk) • When a certain risk realises, there will appear a security loss or security breach or security incident(turvakadu, turvarike, turvaintsident) • In order to minimize the risks there’s necessary to minimise vulnerabilities using safeguards of security measures(turvameetmeid)
Main Properties of Digital Data (from the security point of view) • A great but indirect value of a data (information): it’s very hard to measure it • Portativity: data which can be stored by the very small and easily movable carriers can possess a huge value for our business process • Possibility of avoiding the physical contact: the physical and virtual structures are usually very different • Disclosure of security losses especially for integrity and confidentiality losses
Security and Residual Risk NB!It does not matter how many safeguards we implement, we never achieve the absolute security. If we implement more safeguards we only minimise the probability that security (availability, integrity of confidentiality) will be harmed but it will never fall into zero Instead of absolute security usually the concept acceptable residual risk by the business process ((äriprotsessi jaoks) aktsepteeritav jääkrisk) is used An acceptable residual risk is a situation where the total price of all implemented safeguards is approximately equal to the forecasted total loss of security (measured by the amount of money)
Paper-BasedDataSecurity Availabilityis ensuredbyanappropriate preservation of data (conditions!) andbyusingsuitable handling procedures (frompeopletopeople, recordmanagementrules) Integrityisensuredbythephysicalshapeof a document - data must betransferredtothepapersheetbythepermanentmethod, documentisequippedwithhandwrittensignatureofthecreator Confidentialityisensuredbythestoring and transportingofdocumentin a secureway The common ways to achieve the availability, integrity and confidentiality (i.e. security) of digital data are very different from the above-presented. The most differece lies on usability of cryptograhy (which bases on mathemathics) as an essential tool
PeculiaritiesofSecuringDigitalData • Cryptography is a very essential tool for achieving both confidentiality and integrity.The metods for archiving confidentiality and integrity are completly different from the methods used in the paper document practice • The essential part is an authentication (in a front of computer or information system) – ensuring for a technical device/entity, who is using it (which is usually followed by granting appropriate right for executing, reading, writing etc. access) • Availability is often ensured by the network(Intrenet). Several distributed client-server systems are very wide-spread
TheRoleofCryptography Encryption or enciphering (krüpteerimine, šifreerimine) is a technique where data are converted to the certain non-readable form. The converting process usually uses a special amount of data which are usually kept secret – a key (võti) • This basic technique can be used: • For ensuring the confidentiality– without the key it’s impossible to decipher the data, i.e. to get the information beared by the (encrypted) data • For ensuring the integrity– without a special private key it’s impossible to change the data without the notice. It allows to associate the data with the certaing subjects (it also a basic principle of digital signature)
AvailabilityofDigitalData • Main methods: • regular backuping • appropriatly working IT systems • an appropriate digital record management system (digidokumendihaldus) • transmitting of data via data networks (Internet)
IntegrityofDigitalData • Threemainpossibilities: • Touse a client-servertechnique and such a IT systemabletologgingwhohascreated/changeddifferentdata. Mass-used, buthas a veryharmablesecurity • Totiethedatacarrier and datastoredtoitpermanentlytogether. Itexcludes all network-basedapplication (and a goode-world) • Tousedigitalsignature (digisignatuur, digiallkiri) in order toassociatethedigitaldata and their’ creatorcryptographically(mathematically).Itis a mostsecureway and anonlywaytouseinenhanced-security (enhanced-integrity) systems
ConfidentialityofDigitalData • Twodifferentapproches (usedmixedlyinpractice): • Tostore/transportthe (uncrypted) datasecurely • Toencryptthedata and tohandletheenrypteddataasusual (public) data.Encryptingalwaysaddsanadditionalproblem – a keymanagement (võtmehaldus) problem If the confidential information are transferred via the common network (network which wires aren’t physically secured) then the encryption must be always mandatory
What Are SecurityThreats? A threat (oht) is an external potential violation of (information) security A threatmightbe: • potentianviolationofavailability • potentianviolationofintegrity • potentianviolationofconfidentiality • A threatisalwaysconsideredasanexternalinfluence, i.e. causedbythesubjectsand/orpropertiesnotinvolvedinourinformationsystem (our IT assets)
ClassificationofThreats (Security) threats can be classified: By the harmable goal (availability, integrity, confidentiality) By the source (by the which subject the potential harm is caused) By the type of IT asset being harmed By the importance of (potential) damage (how big it wil be) Usually, the two first classifications are used in practice
ThreatsClassification bytheSource 1. Spontaneousoraccidentialthreats(stiihilised ohud): environmentalthreats(keskkonnaohud) technicalfailures and defects(tehnilised ohud ja defektid) humanthreats and failures(inimohud) 2. Deliberateactsorattacks(ründed) which are characterizedby a clearintentional(human) activity (selge tahtlik (inim)tegevus)
SpontaneousorAccidentialThreats Spontaneous (accidential) threats(stiihilised ohud) canbecausedby: • theforcemajeure(vääramatu (looduslik) jõud), whichcanbebothoccasional (lightning, flooding) orregular (wearing, materialfatigue, contaminationetc) • humanfailures (inimvead) whichcancausedbyinadequateskills, negligence, mis-management, environmentalfactorsetc
PeculiaritiesofSpontaneousThreats Threats withthemost serious consequences areusuallyseveral management and decision-making errors at all lifecycles (inthe formercyclestheresults are usually stronger) Practice (the available threat statistics) shows that the impact of the accidential (spontaneous) threats to IT assets is usually greater than an impact of several attacks. Unfortunately, this fact is often non-acknowledged
EnvironmentalThreats • lightning • fire • flooding • inappropriate temperature and humidity • dust and contamination • electromagnetic perturbations • mis- or non-operability of external infrastructures
TechnicalFailuresand Defects • accident in IT infrastructure • hardware defects and failures • failures and disturbances of connection lines (network(s)) • defects and failures of data carriers • defects and failures of security means (devices)
HumanThreats and Failures Loss of staff (inimkaod): illness death strike Occasional events (juhuslikud äpardused): mistakes during work operations erasing and/or destroying of data/device by an accident false line connections
Attacks Attacks or deliberate acts (ründed)are always based on humans who make a certain intended or deliberate action (sihilik tegevus) to harm the security goals (lead by a personal interest, private or state intelligence, hooliganism etc) Attacks are usually classified by the attacksources, attacking methods and attackable objects
SourcesofAttack 1. Authorized users of IT systems Available stastics show that they are the most important source. Main motives: • providing illegal (financial) profit • revenge of hired/harried people • political / ideological 2. Intelligence (economical, state-based, military etc) agents 3. Crackers, often also mis-called hackers (kräkkerid, häkkerid) an increasing factor 4. Other(in Estonia mainly criminal element)
AttackChannels Instant contactwith an attackable object (IT component/device, personal, infrastrcture etc) Networks (mass-used for all client-server systems). The most common attacking way (channel) Portable data carriers (memory sticks etc) – were historically important but during last years are again very actual
AttacksClassificationbyMethods physical attacks mis-use of resources blocking of resources interception (eavesdropping) fabrication system manipulation attacks to security mechanisms attacking software or malware (ründe(tark)vara, pahavara, kahjurvara)
PhysicalAttacks Physical attacks(füüsilised ründed) harm mainly the availability and integrity Important branches: physical attack to infrastructure (wires, antennas, power supplies etc) vandalism unauthorized entering to house/rooms/territory theft manipulation or destruction of IT equipment or devices
Mis-useofResources Mis-use of resources (ressursside väärkasutus) may harm all goals of security - availability, integrity and confidentiality Moreimportantexamples: • unauthorizeduseof IT system • mis-useofuserrights • mis-useofsystemadministrationrights • theftoftelephone (orsimilar) service Resourse misuse threat is extremly great during the conversion, maitenance, repairing and/or upgrading tasks performed by the external parties
BlockingofResources Blocking of resources (ressursside blokeerimine) harms mainly the availability In most of cases it means the blocking (denial) of services (teenusetõkestusrünne), for example: overloading of network (branches) mass-execution of tasks filling of all disk space (quota) Tme most common and known branch of it is a distributed denial of service (DDOS) attack (hajus ummistusrünne)
Interception (Eavesdropping) Interception(infopüük), often also called to eavesdropping, is an attack to confidentiality by any unauthorized subject Main branches: voice interception in rooms (hidden microphone, computer microphone, mal-using of smartphone etc) interception of telephone calls (both by interception of wires and modification of used devices) unauthorized reading or copying of stored data
Interception (Eavesdropping) Main branches (continue) : reading of residual information (jääkteave) from printer, copy machine etc eavesdropping of wires (with the analyzing the eavesdropped information with special equipment/software) unauthorized copying on data (carriers) during the transport, maitenance work etc) inappropriate deleting of data or destructing of data carriers with the subsequent unauthorized reading
Fabrication (Faking) Fabrication (võltsing), sometimes called also faking is the entering of faked items into system. Harms mainly integrity Examples: playback of earlier recording messages (sõnumite taasesitus) - passwords, bank transactions etc masquerade attack (teesklusrünne) - equipping of messages with false requisites (name, user name password, money amount etc) social engineering (suhtlemisosavus), “presenting of own people” by mail, phone, physically etc denial (salgamine) of getting or sending the message
SystemManipulation Manipulation (manipuleerimine) is the unauthorized changing of IT system. Harms mainly integrity, but also other goals • Examples: • manipulation of data or software (false data, unauthorized changing of access rights or functionality etc) • manipulation of lines • manipulation of data during transfer (via vulnerabilites) • attack via service ports (when they are insufficiently secured)
AttackstoSecurityMechanisms … can harm all three goals of security. Harming level of depends of a concrete mechanism or/and architecture Main attacking objects are often authentication systems and cryptosystems, for example: systematic guessing of passwords (via password scanner etc) theft of passwords via keylogger interception of of PIN-code practical cryptranalysis of crytpoalghoritm or -protocol
AttackSoftware … can be divided into three main branches: legal products with its documented features malware (pahavara, kurivara) -Trojans, viruses etc special programs for attacking the different security mechanisms (safeguards)
ClassicalTypesofMalware logical bomb (loogikapomm) Trojan Horse or Trojan (trooja hobune) worm (uss) virus (viirus) dropper (pipett): a programm which install virus or Trojan During last years the spread of different malware is heavily increased. It’s always very important to keep the anti-malware software and all application software up-to-date (last virus definitions, updates etc)