Tel: 020 8456 3550
CHAPTER 3
Security Engineering
SECURITY ARCHITECTURE & DESIGN OBJECTIVES
* Part I:
* Principles of Secure Design
* Trusted Computer Base Elements
* Security Perimeter
* Reference Monitor
* Security Kernel
* Security Models
* Computer/Security Architecture
* Security Models
* Security Evaluation Criteria
* Part II
* Cryptography
PRINCIPLES OF SECURE DESIGN
*An information system’s architecture must satisfy the defined business and security requirements.
*Security should be built into an information system by design.
*When designing system architecture, security and business requirements needs to be carefully balanced.
*Tradeoffs are involved in reaching a balance between security and business requirements.
*Security should be integrated into the design, as opposed to added later
PRINCIPLES OF SECURE DESIGN
CONTINUED
* The security requirements of an information system are driven by the security policy of the organization that will use the system.
* To incorporate the abstract goals of a security policy into an information system’s architecture, you will need to use security models.
* A security model lays out the framework and mathematical models that act as security-related specifications for a system architecture.
* The system architecture, in turn, is the overall design of the components – such as hardware, operating systems, applications, and networks – of an information system.
This design should meet the specifications provided by the security model.
SECURITY ARCHITECTURE
* Security architecture is part of the overall architecture of an information system. It directs how the components included in the system architecture should be organized to ensure that security requirements are met. The security architecture of an information system should include:
*A description of the locations in the overall architecture where security measures should be placed.
*A description of how various components of the architecture should interact to ensure security.
*The security specifications to be followed when designing and developing the system.
COMPUTER ARCHITECTURE
* The Central Processing Unit (CPU) – Processes the instructionsprovided by the various applications/programs. To do this the CPU needs to access such instructions from their memory locations.
* The CPU can access the memory locations in its cache, along with memory locations in the random access memory (RAM). These types of memory are called primary memory.
* The major components.
The Arithmetic Logic Unit (ALU)
Control Unit (coordinates instruction execution)
Registers that act as temporary memory locations and store the memory addresses of the instructions and data that needs processing by the CPU.
COMPUTER ARCHITECTURE
*Program: An Application *Process: A program loaded into memory *Thread: Each individual instruction within a process *Multiprogramming: no true isolation *Multiprocessing – more than one CPU
*Multi threading— in the past multiple CPUs were needed. Today multi-core processors provide this.
*Operating System Architecture *Process Activity
*Memory Management *Memory Types – RAM, ROM, etc.. *Virtual Memory *CPU Modes & Protection Rings
CPU MODES & PROTECTION RINGS
* Protection Rings provide a security mechanism for an operating system by creating boundaries between the various processes operating on a system and also ensures that processes do not affect each other or harm critical system components.
* Ring 0 – Operating system kernel (supervisor /privilege mode)
* Ring 1 – Remaining parts of the operating system (OS)
* Ring 2 – Operating system and I/O drivers and OS utilities
* Ring 3 – Applications (Programs) and user activity
SYSTEM ARCHITECTURE
* Defined Subset of Subjects and Objects
* Trusted Computing Base (TCB)
* Security Perimeter
* Reference Monitor
* Security Kernel
The Security kernel enforces the reference monitor concept.
Must facilitate isolation of processes
Must be invoked at every access attempt.
Must be small enough to be tested and verified in a comprehensive manner.
* Security Policy – a set of rules on how resources are managed within a computer system.
* Least Privilege – one process has no more privileges than it needs.
SECURITY MODELS
* State Machine Models
* **The Bell-LaPadula Model
* **The Biba Model
* The Clark-Wilson Model
* The Brewer & Nash Model
* The Information Flow Model
* The Non-Interference Model
* The Lattice Model
Security Models
* State Machine Models
* The state of a system is its snapshot at any one particular moment. The state machine model describes subjects, objects, and sequences in a system. The focus of this model is to capture the system’s state and ensure its security.
* When an object accepts input, the value of the state variable is modified. For a subject to access this object or modify the object value, the subject should have appropriate access rights.
* State transitions refer to activities that alter a systems state.
Confidentiality models:
Bell & LaPadula) * Developed by David Elliot Bell and Len LaPadula
* This model focuses on data confidentiality and access to classified information.
* A Formal Model developed for the DoD multilevel security policy
* This formal model divides entities in an information system into subjects and objects.
* Model is built on the concept of a state machine with different allowable states (i.e. Secure state)
Bell & LaPadula Confidentiality Model * Has 3 rules:
* Simple Security Property – “no read up”
A subject cannot read data from a security level higher than subject’s security level.
* *_Security Property – “no write down”
* A subject cannot write data to a security level lower than the subject’s security level.
* Strong * Property – “no read/write up or down”.
* A subject with read/write privilege can perform read/write functions only at the subject’s security levels.
Integrity models (e.g., Biba, Clark and Wilson)
* Biba Integrity Model
* Developed by Kenneth J. Biba in 1977 based on a set
of access control rules designed to ensure data integrity
2. No subject can depend on an object of lesser integrity
3. Based on a hierarchical lattice of integrity levels
4. Authorized users must perform correct and safe procedures to protect data integrity
Biba Integrity Model
* The Rules:
* Simple integrity axiom – “no read down” – ASubject cannot read data from an object of lower integrity level.
* * Integrity axiom – “no write up” – A Subject cannot write data to an object at a higher integrity level.
* Invocation property – A subject cannot invoke (call upon) subjects at a higher integrity level.
Commercial Models
Integrity models – Clark-Wilson Model Model Characteristics:
Clark Wilson enforces well-formed transactions through the use of the access triple:
UserTransformation ProcedureCDI (Constrained Data Item)
Deals with all three integrity goals SEPARATION of DUTIES * Prevents unauthorized users from making modifications
* Prevents authorized users from making improper modifications
* Maintain internal and external consistency – reinforces separation of duties
Commercial Models – Continued
Brewer-Nash Model – a.k.a. Chinese Wall
Developed to combat conflict of interest in databases housing competitor information * Publish in 1989 to ensure fair competition
* Defines a wall and a set of rules to ensure that no subject accesses objects on the other side of the wall
* Way of separating competitors data within the same integrated database
Information flow model
* Data is compartmentalized based on classification and the need to know
* Model seeks to eliminate covert channels
* Model ensures that information always flows from a low security level to a higher security level and from a high integrity level to a low integrity level.
* Whatever component directly affects the flow of information must dominate all
components involved with the flow of information
Non-interference Model
Model Characteristics:
* Model ensures that actions at a higher security level does not interfere with the actions at a lower security level.
* The goal of this model is to protect the state of an entity at the lower security level by actions at the higher security level so that data does not pass through covert or timing channels.
Lattice Model
Model Characteristics
* Model consists of a set of objects constrained between the least upper bound and the greatest lower bound values.
* The least upper bound is the value that defines the least level of object access rights granted to a subject.
* The greatest lower bound is value that defines the maximum level of object access rights granted to a subject
* The goal of this model is to protect the confidentiality of an object and only allow access by an authorized subject.
Secure Modes of Operation
* Single State
* Multi State
* Compartmented
* Dedicated
**See Document entitled Single, Multi, Compartmented Dedicated. ***
EVALUATION CRITERIA
Why Evaluate? To carefully examine the security-related components of a system
Trust vs. Assurance
* The Orange Book (TCSEC)
* The Orange Book & the Rainbow Series
* ITSEC (Information Technology Security Evaluation Criteria)
* Common Criteria
Trusted Computer Security Evaluation
Criteria (TCSEC)
* Developed by the National Computer Security Center (NCSC)
* Also known as the Orange Book
* Based on the Bell-LaPadulla model (deals with only confidentiality)
* Uses a hierarchically ordered series of evaluation classes
* Defines Trust and Assurance, but does not allow for them to be evaluated independently
Trusted Computer Security Evaluation Criteria (TCSEC) aka
“The Orange Book”
Ratings: *A1 – Verified Protection * B1, B2, B3 – Mandatory Protection
* C1, C2 – Discretionary Protection
*D – Minimal Security
Information Tech Security Evaluation
Criteria (ITSEC)
*Created by some European nations in 1991 as a standard to evaluate security attributes of computer systems
*The First Criteria to evaluate functionality and assurance separately *F1 toF10 rates for functionality *E0 to E6 for assurance
COMMON CRITERIA ISO 15408
*Protection Profile *Target of evaluation *Security target *Evaluation Assurance Level (EAL 1-7) *Evaluation packages
Common Criteria (CC) Ratings
Rated as Evaluation Assurance Level (EAL) 1 through 7
* EAL 1 – Functionally tested
* EAL 2 – Structurally tested
* EAL 3 – Methodically tested and checked
* EAL 4 – Methodically designed, tested, and reviewed
* EAL 5 – Semi formally designed and tested
* EAL 6 – Semi-formally verified designed and tested
* EAL 7 – Formally verified designed and tested
Certification & Accreditation * Certification:
A process that ensures systems and major applications adhere to formal and established security requirements that are well documented and authorized.
It is usually performed by a vendor.
* Accreditation:
A formal declaration by a Designated Accrediting Authority (DAA) that information systems are approved to operate at an acceptable level of risk based on the implementation of an approved set of technical, managerial, and procedural safeguards.
TRUSTED RECOVERY
* System reboot, emergency system restart, system cold start
* No compromise of protection mechanisms or possibility of bypassing them
* Preparing system for failure and recovering the system
* Failure of system cannot be used to breach security
MODULE 3 PART II: CRYPTOGRAPHY
* Historical uses of Cryptography
* Security Services provided by cryptography
* Definitions and terms
* Symmetric Cryptography
* Asymmetric Cryptography
* Hybrid Cryptography
* Integrity through Hashing, MACs and Digital Signatures
* Public Key Infrastructure
* IPSec
* Attacks on Cryptography
CRYPTOGRAPHY IN HISTORY
* Caesar Cipher
* Scytale
* Vignere
* Vernam
* Enigma Machine and Purple Machine
CAESAR CIPHER
* Simple Substitution
* Shift Characters 3 spaces
* A=D, B=E, C=F, etc..
* Substitution Ciphers are subject to pattern analysis
SCYTALE
* Spartans used this cipher to communicate messages to generals in the field
* Wrapped tape around a rod
* Diameter of the rod is the pre-agreed upon secret (key)
VIGNERE
* First polyalphabetic cipher
* Key word is agreed upon ahead of time
* First letter of the key is matched up against first letter of the message, and so on
CRYPTOGRAPHY IN WARFARE
* Enigma Machine/Purple Machine
* Used by the Germans/Japanese in WWII
* Breaking the cryptography of these devices is credited with reducing the length of the war.
VERNAM CIPHER
* One Time Pad
* Only mathematically unbreakable form of cryptography
Key must be used only once
Pad must be at least as long as the message
Key pad is statistically unpredictable
Key Pad must be delivered and stored securely
SECURITY SERVICES PROVIDED BY CRYPTOGRAPHY
* Privacy: Prevents unauthorized disclosure of information
* Authenticity: Verifies the claimed identity
* Integrity: Detects modification or corruption
* Non-Repudiation: Combines authenticity and integrity. A sender can’t dispute having sent a message, nor its contents.
DEFINITIONS AND CONCEPTS
Plain Text + Initialization Vector + Algorithm (aka Cipher) + Key
=
Cipher Text
INITIALIZATION VECTOR
* Here are some random numbers (I promise, they’re really random!)
7 5 2 3 4 9 4
If we start at track 0 and +7 +5 – 2 +3 + 4 +9 -4
We still don’t have randomness. Vary the starting pointand that will make the process more random
Very similar to a “seed” or a “salt”
ALGORITHM
ELEMENTS OF CRYPTOGRAPHY
* Desirable Qualities of an Algorithm
Confusion
Diffusion
Avalanche
Permutations
Open—Kerckhoff’s Principle
* Desirable Qualities of a Key
* Long
* Random
* Secret
DEFINITIONS AND CONCEPTS
* Plain text is unencrypted text
* Initialization Vector (IV) adds randomness to the beginning of the process
* Algorithm is the collection of math functions that can be performed
* Key: Instruction set on how to use the algorithm
CRYPTOGRAPHY
Cryptography
Asymmetric
Symmetric
Discrete Logarithms
FactorizationStream
Block
RSA
Diffie -Hellman
RC-4
AES/3DES
ECC
El Gamal
STREAM CIPHERS XOR
If Values are:
Alike0Different1
BLOCK CIPHERS
SYMMETRIC CRYPTOGRAPHY
* Symmetric = Same
* In symmetric cryptography the same key is used to both encrypt and decrypt
* Very fast means of encrypting/decrypting with good strength for privacy
* Preferred means of protecting privacy data
* Also can be called “Private Key” “Secret Key” or “Shared Key” Cryptography
STREAM VS. BLOCK
* Stream Ciphers encrypt one bit (up to one byte) of data at a time.
Transposition, Substitution, XOR
Very fast and efficient
Not as Secure
RC-4 is the only stream cipher necessary for the test
* Block Ciphers chunk data into blocks. Each chunk goes through a series of math functions called S-boxes
DRAWBACKS TO SYMMETRIC CRYPTOGRAPHY
ASYMMETRIC CRYPTOGRAPHY
* Every user has a key pair.
* Public key is made available to anyone who requests it
* Private key is only available to that user and must not be disclosed or shared
* The keys are mathematically related so that anything encrypted with one key can only be decrypted by the other.
P.A.I.N SERVICES THROUGH
ASYMMETRIC CRYPTOGRAPHY AND HASHING
* Privacy: Receiver’s Public Key
* Authenticity: Sender’s Private Key
* Integrity (not asymmetric OR symmetric)
* Non-Repudiation: Hash encrypted Sender’s Private Key
SSL/TLS HYBRID CRYPTOGRAPHY
SUMMARY OF SYMMETRIC vs. ASYMMETRIC
COMMON SYMMETRIC ALGORITHM
DES 3DES
AES
RC-4
RC-5 Two Fish BlowfishIDEA
CAST
MARS Skipjack
COMMON ASYMMETRIC ALGORITHMS
* DSA
* RSA
* ECC (Elliptical Curve Cryptography)
* El Gamal
* Diffie Hellman
* Knapsack
THE BUDDY SYSTEM FOR ASYMMETRIC ALGORITHMS
* RSA and DSA
* ECC and El Gamal
* DH (Diffie Hellman) and Knapsack
RSA
* Named for Rivest, Shamir, and Adleman, the creator
* Currently the standard for Digital Signatures
* Uses the idea that there is no efficient way to factor the product of large prime numbers
* The math used for RSA is sometimes referred to as a trap-door function
* ****Factorization*****
DIFFIE-HELLMAN
* The first asymmetric algorithm
* Secure key-agreement without pre-shared secrets
* Based on discrete logarithms in a finite field
DIFFIE HELLMAN KEY AGREEMENT
ECC (ELLIPTICAL CURVE CRYPTOGRAPHY)
* Based upon plotting points upon a curve
* Very efficient, but only designed to work within certain environments
* Frequently used for handheld devices due to their limited processing capability
REVIEW SYMMETRIC VS. ASYMMETRIC
* Symmetric
Fast
Out of band key exchange
No integrity, authenticity or authenticity
Not Scalable
* Asymmetric
Slow
Scales to large organizations well
Provides non-repudiation
Key exchange does not require exchange of any secret information
HYBRID CRYPTOGRAPHY IN SSL/TLS
* Client initiates a secure connection
* Server responds by sending it’s public key to the client
* The client then generates a symmetric session key.
* Client encrypts uses the server’s public key to encrypt the session key.
* Client sends the session key (encrypted with the server’s public key) to the server
* Server uses it’s private key to decrypt the session key
* Now that a symmetric session key has been distributed, both parties have a secure channel across which to communicate.
INTEGRITY * Data gets modified
Accidentally through corruption
Intentionally through malicious alteration
* Hash: only good for accidental modification
* MAC: Provides reasonable authenticity and integrity not strong enough to be non-repudiation (because it uses a symmetric key)
* Digital Signatures: Can detect both malicious and accidental modification, but requires an overhead. Provides true non-repudiation
HASHING
HASHING
* Digital representation of the contents of the file
* If the file changes, the hash will change
* One way math
* When two different documents produce the same hash it is called a collision
* A birthday attack is an attempt to cause collisions. It is based on the idea that it is easier to find two hashes that happen to match than to produce a specific hash.
HASHING ALGORITHMS
* Variable length message, fixed length has
* MD-5 used to be the standard with a 128 bit hash
* SHA-1 160 bit replaced MD-5 for the most part
* SHA-256 is becoming very frequently used
* RipeMD, Tiger, Whirlpool, HAVAL are lesser known hashing algorithms
HASHING
A hash creates a digital representation of a message. However, there is nothing about a hash that guarantees the origin of the message, or the authenticity of the hash itself. Therefore it is only useful in detecting unintentional modification, like corruption.
DIGITAL SIGNATURE
MAC (MESSAGE AUTHENTICATION CODE)
* Message + Symmetric Number +Hashing algorithm
HMAC
* Integrity and (reasonable) authenticity
* A MAC does not provide true authenticity (symmetric)
DIGITAL SIGNATURE
* Message is hashed.
* Hash is encrypted by Sender’s Private Key.
* SHA-1 is generally used for the hash
* RSA is the asymmetric encryption algorithm that encrypts the hash with the sender’s private key.
PKI PUBLIC KEY INFRASTRUCTURES
What’s wrong with this picture?
WHAT PREVENTS MITM ATTACKS
A Authentication
B Remember Encryption can NOT thwart a MITM attack
C Authentication is what prevents MITM
HOW DO WE PROVE OUR IDENTITY?
Name?
Expiration Date
Class?
Serial Number?
Is it standardized?
Is it issued by a trusted authority?
CERTIFICATES
* X.509 v.4 standard
* Provides authenticity of a server’s public key
* Necessary to avoid MITM attacks with server’s using SSL or TLS
* Digitally signed by Certificate Authority
PKI (PUBLIC KEY INFRASTRUCTURE)
* Certificate Authority (CA)
* Registration Authority (RA)
* Certificate Repository
* Certificate Revocation List
CERTIFICATE CONTENTS
CERTIFICATE REVOCATION
* CRL: CA publishes CRL. Client is responsible for downloading to see if a certificate has been revoked.
* OCSP (Online Certificate Status Protocol) Streamlines the process of verifying whether or not a certificate has been revoked.
TRUSTED CERTIFICATE AUTHORITIES
ENCRYPTING DATA IN TRANSIT
* Protect Data as it traverses the network
* Most protocols like IP, HTTP FTP are not inherently secure
ENCRYPTING DATA IN TRANSIT: SSL/TLS
IPSEC
IPSEC is an encapsulation framework. Tunnel vs. Transport mode dictates what portion of the IP Packet is to be encapsulated.
IPSEC SUB-PROTOCOLS
AH (Authentication Header) Provides integrity, authenticity, and non – repudiation through the use of an ICV (Integrity Check Value). The ICV is run on the entire packet (header, data, trailer) except for particular fields in the header that are dynamic (like TTL, etc..). NO
CONFIDENTIALITY
ESP (Encapsulating Security Payload) Provides authenticity and integrity through a MAC (no non-repudiation since a MAC is symmetric). The main service provided is ENCRYPTION. ICV is run on payload only.
IKE: Internet Key Exchange—No Security Services. Just management of secure connection
Oakley: Uses Diffie Hellman to agree upon a key
ISAKMP (Internet Security Association and Key Management Protocol) Manages Keys, Security Associations (SAs)and Security Parameters Index (SPI)
SECURITY ASSOCIATIONS AND SPIS
Security
Association
There will be at least two SAs for every secure connection
SSH (SECURE SHELL) Secure alternative to unsecure remote administrative protocols
Telnet, FTP, R-utilitites (Rlogin, etc..) transmit credentials in clear text
SSH sets up a secure tunnel
IMPLEMENTATION OF CRYPTOGRAPHY:
DIGITAL ENVELOPES IN S/MIME
* S/MIME (Secure Multipart Internet Mail Exchange) : Standards based secure email by creating a digital envelope Sender functions:
Calculate hash value on message Encrypt message with session key Encrypt hash value with private key
Encrypt session key with receiver’s public key
Receiver functions:
Decrypt session key with private key
Decrypt hash value with sender’s public key
Decrypt message
Calculate hash value and compare with one sent
CRYPTOGRAPHY: PGP (PRETTY GOOD PRIVACY)
Proprietary mail standard from Phil Zimmerman
Free, but proprietary software must be installed
Uses Web of Trust
Passphrases instead of passwords
Learned keys are stored in a file called the key ring
PROTECTING CONFIDENTIALITY OF DATA REST
Data stored on local drives must be protected
Log off of workstations not in use
Use encryption within the operating system (ex: EFS in Windows environment)
Whole Drive Encryption: Protect Hard Drive in the event the disk is stolen
TPM
USB
Directory Services
ATTACKS ON CRYPTOGRAPHY
Ciphertext Only: Attacker has captured encrypted text on the network. Usually means all the attacker can do is brute force
Known Plain Text: The attacker has captured cipher text, but also knows what a portion of the message is in plain text (like an automatic signature)
Chosen Plaintext: Attacker can see the full text encrypted and decrypted. Usually the attacker has initiated the message
Chosen Ciphertext: An attacker can see whatever they want in plain or ciphertext. They have compromised a workstation. Sometimes called a lunchtime or midnight attack.
ATTACKS ON CRYPTOGRAPHY CONTINUED
Meet in the Middle (Not to be confused with Man in the Middle). These attacks are targeted towards algorithms like 3DES where there are multiple key. An attacker tries to learn what each key does individually.
SECURITY ENGINEERING REVIEW
Part I Security Architecture andDesign:
Trusted Computer Base Elements
Security Perimeter
Reference Monitor
Security Kernel
Security Models
Computer/Security Architecture
Security Models
Security Evaluation Criteria
Part II Cryptography Historical uses of Cryptography
Security Services provided by cryptography
Definitions and terms
Symmetric Cryptography Asymmetric Cryptography
Hybrid Cryptography
Integrity through Hashing, MACs and Digital Signatures
Public Key Infrastructure
IPSec
Attacks on Cryptography