19CSE311- Computer Security

System Security and

Security Models

Amrita School of Computing, Bengaluru

Amrita Vishwa Vidyapeetham
 Email Security
 email is one of the most widely used and regarded network
services
 Previously message contents are not secure
– may be inspected either in transit
– or by suitably privileged users on destination system

 Internet email is not “secure”

– “Email is like a postcard” --- anybody can read it
– People can forge email with your name on it.
 Encryption is the only protection for email.
06-05-2024 2
Email Security Enhancements
 confidentiality
– protection from disclosure
 authentication
– of sender of message
 message integrity
– protection from modification
 non-repudiation of origin
– protection from denial by sender

06-05-2024 3
What’s Digitally Signed Mail?
 Mail signed with a private key.
 Mail signed with a secret key.  Signature verified with a public key.

06-05-2024 4
Pretty Good Privacy (PGP)
 widely used to secure email
 selected best available crypto algos to use
 integrated into a single program
 Functionality
– Encryption for confidentiality.
– Signature for non-repudiation/authenticity.
 Sign before encrypt, so signatures on unencrypted data
- can be detached and stored separately.
 PGP-processed data is base64 encoded

06-05-2024 5
PGP Algorithms
Broad range of algorithms supported:
 Symmetric encryption:
– CAST-128, IDEA 3DES, and others.
 Public key encryption of session keys:
– RSA or ElGamal, Diffie-Hellman
 Hashing:
– SHA-1, MD-5 and others.
 Signature:
– RSA, DSS and others.

06-05-2024 6
PGP Operation
Authentication – Digital Signature
Confidentiality – Message Encryption
Compression - ZIP
E-Mail Compatibility – Radix 64
Segmentation

06-05-2024 7
PGP Operation – Authentication
1. sender creates a message
2. SHA-1 used to generate 160-bit hash code of message
3. hash code is encrypted with RSA using the sender's private key, and result is
attached to message
4. receiver uses RSA or DSS with sender's public key to decrypt and recover hash code
5. receiver generates new hash code for message and compares with decrypted hash
code, if match, message is accepted as authentic

06-05-2024 8
PGP Operation – Confidentiality
1. sender generates message and random 128-bit number to be used as
session key for this message only
2. message is encrypted, using CAST-128 / IDEA/3DES with session key
3. session key is encrypted using RSA with recipient's public key, then attached to
message
4. receiver uses RSA with its private key to decrypt and recover session key
5. session key is used to decrypt message

06-05-2024 9
PGP Operation – Compression
 by default PGP compresses message after signing but before
encrypting
– so can store uncompressed message & signature for later verification
– because compression algorithm is non-deterministic; various
implementations of the algorithm achieve different tradeoffs in
running speed vs compression ratio and, as a result, produce different
compressed forms.
 uses ZIP compression algorithm

06-05-2024 10
PGP Operation – Email Compatibility
 when using PGP will have binary data to send (encrypted message
etc)
 however email was designed only for text
 hence PGP must encode raw binary data into printable ASCII
characters
 uses radix-64 algorithm
– maps 3 bytes to 4 printable chars
– also appends a CRC
 PGP also segments messages if too big - Segmentation &
Reassembly
06-05-2024 11
PGP Operation – Summary

06-05-2024 12
 PGP Message Ekub – Encry b’s Pub key
Ekra-Encry a’s Pri Key
Eks-Sess Key

PGP Session Keys

 need a session key for each message
– of varying sizes: 56-bit DES, 128-bit
CAST or IDEA, 168-bit Triple-DES
 generated using ANSI X12.17 mode
 uses random inputs taken from previous
uses and from keystroke timing of user

06-05-2024 13
 PGP Public & Private Keys
 since many public/private keys may be in use, need to identify which is actually
used to encrypt session key in a message
– could send full public-key with every message
– but this is inefficient
 rather use a key identifier based on key
– is least significant 64-bits of the key
– will be very likely be unique
 also use key ID in signatures

PGP Key Rings

 each PGP user has a pair of keyrings:
– public-key ring contains all the public-keys of other PGP users known to this
user, indexed by key ID
– private-key ring contains the public/private key pair(s) for this user, indexed
06-05-2024 by key ID & encrypted keyed from a hashed passphrase 14
 PGP Message Generation

06-05-2024 15
 PGP Message Reception

06-05-2024 16
S/MIME (Secure/Multipurpose Internet Mail Extensions)
 security enhancement to MIME email
– original Internet RFC822 email was text only
– MIME provided support for varying content types and multi-part messages
– with encoding of binary data to textual form
– S/MIME added security enhancements
 have S/MIME support in various modern mail agents: MS Outlook,
Netscape etc

06-05-2024 17
What is S/MIME?
• When email was first developed, people could only send plain text messages
• MIME was developed in early 90s to allow people to send pictures, sound,
programs and general attachments -- “Multipurpose Internet Mail Extension”
• MIME has no security features, can be read along its route or forged (easily)
• S/MIME is a secure version of MIME

What does S/MIME give us?

• Secrecy – Only intended recipient can read the message. (A thick envelope
and trustworthy couriers.)
• Authentication – Recipient knows the message came from the apparent
sender. (An ink signature that you recognize.)
• Integrity – Recipient knows the message was not changed in route.
(Un-erasable ink in a letter.)
06-05-2024 18
 Public key certificate
• Public key certificates solve this problem (mostly)
• A public key certificate contains
• A person’s name
• That person’s public key
• Name of a trusted Certifying Authority (CA)
• Digital signature of the CA, using their private key
• Certificate can be verified with CA’s public key
• X.509 is most common format
So what is S/MIME?
• S/MIME puts all these techniques together to create a practical,
efficient, reasonably secure email protocol
• Standard (symmetric) cipher – RC2 or TripleDES
• Public key (asymmetric) cipher – RSA
06-05-2024
• Hashing – SHA-1 or MD5 19
 S/MIME for secrecy only
1. Alice’s email program creates a random key (session key) to be used in a
symmetric cipher.
2. Alice’s email program encrypts the message with the symmetric cipher
and session key.
3. Alice’s email program encrypts the session key with PKC and Bob's public
key.
4. Alice’s email program creates a package of: encrypted message, encrypted
session key, her X.509 certificate, names of encryption algorithms.
5. Alice’s email program sends package to Bob. This is an S/MIME email
message.
6. Bob’s email program receives package.
7. Bob's email program uses his private key (and named PKC method) to
decrypt the session key.
8. Bob’s email program uses session key (and named symmetric cipher) to
decrypt the message.
06-05-2024 20
 S/MIME for authentication only
1. Alice’s email program uses hash function to create message digest
2. Alice’s email program encrypts message digest with PKC and her private key
3. Alice’s email program creates a package of: original message, encrypted
message digest, her X.509 certificate, names of encryption algorithms
4. Alice’s email program sends package to Bob.
5. Bob's email program receives package
6. Bob’s email program verifies Alice’s X.509 certificate by testing signature of
CA
7. Bob’s email program gets Alice’s public key from his certificate
8. Bob's email program uses Alice’s public key to decrypt the message digest
9. Bob's email program independently computes the message digest, using the
same hash function
10. Bob's email program compares the two message digests to verify sender and
message integrity
06-05-2024 21
S/MIME for secrecy and authentication
1. Message is authenticated just as shown before
2. Authenticated package is made secret
3. Secret package is sent to recipient
4. Receiver uses his/her private key to decrypt session key
5. Receiver uses session key to decrypt rest of secret package,
yielding authenticated message
6. Receiver authenticates message

06-05-2024 22
Getting a digital identification
• A digital ID is
• Your name
• Public/private key pair
• Public key certificate for this ID
• Most popular vendors are www.Thawte.com and www.VeriSign.com
• Thawte is free, but VeriSign is only few $/year and simpler to use
• https://www.comparitech.com/blog/information-security/pgp-encryption-
gmail/#Setting_up_PGP_encryption

06-05-2024 23
Database Terms
• Database administrator
• Database management system (DBMS)
• Record
• Field/element
• Schema
• Subschema
• Attribute
• Relation

06-05-2024 24
Database Security Requirements
• Physical integrity
• Logical integrity
• Element integrity
• Auditability
• Access control
• User authentication
• Availability

06-05-2024 25
 Database Security Requirements
• Physical database integrity: The data of a database are immune from physical
problems, such as power failures, and someone can reconstruct the database if it
is destroyed through a catastrophe.
• Logical database integrity: The structure of the database is preserved. With
logical integrity of a database, a modification to the value of one field does not
affect other fields.
• Element integrity: The data contained in each element are accurate.
• Auditability: It is possible to track who or what has accessed (or modified) the
elements in the database.
• Access control: A user is allowed to access only authorized data, and different
users can be restricted to different modes of access (such as read or write).
• User authentication: Every user is positively identified, both for the audit trail and
for permission to access certain data.
• Availability: Users can access the database in general and all the data for which
they are authorized.
26
06-05-2024
 Reliability and Integrity
• Reliability: in the context of databases, reliability is the ability to run
for long periods without failing
• Database integrity: concern that the database as a whole is protected
against damage
• Element integrity: concern that the value of a specific data element is
written or changed only by authorized users
• Element accuracy: concern that only correct values are written into
the elements of a database

06-05-2024 27
 Two-Phase Update
• Phase 1: Intent
▪ DBMS does everything it can, other than making changes to the database, to
prepare for the update
• Collects records, opens files, locks out users, makes calculations
▪ DBMS commits by writing a commit flag to the database
• Phase 2: Write
▪ DBMS completes all write operations
▪ DBMS removes the commit flag
• If the DBMS fails during either phase 1 or phase 2, it can be restarted and
repeat that phase without causing harm

06-05-2024 28
Other Database Security Concerns
• Error detection and correction codes to protect data integrity
• For recovery purposes, a database can maintain a change log,
allowing it to repeat changes as necessary when recovering from
failure
• Databases use locks and atomic operations to maintain consistency
• Writes are treated as atomic operations
• Records are locked during write so they cannot be read in a partially updated
state

06-05-2024 29
Sensitive Data
• Inherently sensitive
▪ Passwords, locations of weapons
• From a sensitive source
▪ Confidential information
• Declared sensitive
▪ Classified document, name of an anonymous donor
• Part of a sensitive attribute or record
▪ Salary attribute in an employment database
• Sensitive in relation to previously disclosed information
▪ An encrypted file combined with the password to open it

06-05-2024 30
 Types of Disclosures
• Exact data
• Bounds
• Negative result
• Existence
• Probable value
• Direct inference
• Inference by arithmetic
• Aggregation
• Hidden data attributes
• File tags
• Geotags

06-05-2024 31
Direct Inference
• Inference is a way to infer or derive sensitive data from non sensitive data. It’s a
subtle vulnerability in database security.

06-05-2024 32
 Direct Attack
• In a direct attack, a user tries to determine values of
sensitive fields by seeking them directly with queries that
yield few records.
• The most successful technique is to form a query so specific
that it matches exactly one data item.

06-05-2024 33
 Inference by Arithmetic

06-05-2024 34
 Sum Count, mean and median
• This report reveals that no female
living in Grey is receiving financial
aid. This approach often allows us
to determine a negative result.

06-05-2024 35
Inference vs Aggregation
• Inference is difficult to control because it can occur from algebraic calculations beyond
the scope of database management systems.
• Aggregation is nearly impossible for a dbms to control because combining the data can
occur outside the system, even by multiple users.
Aggregation
• Related to the inference problem is aggregation, which means building sensitive results
from less sensitive inputs.
Eg: You think of police investigation- starting with entire population-narrowing the analysis –
single person.
• But- if police officers- work – in parallel-
• list of possible suspects –
• another may have a list with possible motive –
• another may have list of capable person.
• When the intersection of these lists is single person, the police have their prime suspect.
06-05-2024 36
 Hidden data Attributes
• Objects such as pictures, music files, and documents are actually complex data
structures having properties or attributes that add meaning to the data. These
properties called meta data, are not displayed with the picture or document, but they
are not concealed; infact numerous applications support selecting , searching , sorting
and editing based on metadata.
File tags
• One use of attributes is tags for pictures.
• Tag for documents: Each document has properties that include the name of
author, author’s organization, data created and data last saved etc.
Geo tags
• Someone took a photo of his car- front of his house. ( Geotagging problem)
• Problem of geotagging - between 1 to 5 percent of photos at sites such as flickr, youtube, etc
contain header data that gives the location where the pictures were taken.

06-05-2024 37
Preventing Disclosure: (Data Suppression and modification)
• There are no perfect solutions to inference and aggregation problems.
• 3 approaches to control them are:
• First two methods - used- to limit queries accepted or to limit data provided in response to
a query.
• Third method applies only to data released.
1. Suppress obviously sensitive information
2. Keep track of what each user knows based on past queries
3. Mask or cover the data
• Data Suppression blocks release of sensitive data
• Data concealing releases part or approximation of sensitive data

06-05-2024 38
Suppression Techniques
• Limited response suppression
Eliminates certain low-frequency elements from being displayed
• Combined results
Ranges, rounding, sums, averages
• Random sample
• Blocking small sample sizes
• Random data perturbation
Randomly add or subtract a small error value to/from actual values
• Swapping
Randomly swapping values for individual records while keeping statistical results the
same

06-05-2024 39
Integrity Constraints
• In Database security, integrity constraints are pre-defined set of rules that
are applied on the table fields(columns) or relations to ensure that the
overall validity, integrity, and consistency of the data present in the
database table is maintained.
• Evaluation of all the conditions or rules mentioned in the integrity
constraint is done every time a table insert, update, delete, or alter
operation is performed.
• The data can be inserted, updated, deleted, or altered only if the result of
the constraint comes out to be True.
• Thus, integrity constraints are useful in preventing any accidental damage
to the database by an authorized user.

06-05-2024 40
Types of Integrity Constraints
There are four types of integrity constraints:
1.Domain Constraint
2.Entity Constraint
3.Referential Integrity Constraint
4.Key Constraint

06-05-2024 41
Domain Constraint
• Contains a certain set of rules or conditions to restrict the kind
of attributes or values a column can hold in the database table.
• The data type of a domain can be string, integer, character, Date,
Time, currency, etc.

In the below student's table, the value A in the last row last column violates the domain
integrity constraint because the Class attribute contains only integer values while A is a
character.
Roll No Name Age Class
101 Adam 14 6
102 Steve 16 8
103 David 8 4
104 Bruce 18 12
105 Tim 6 A
06-05-2024 42
Entity Integrity Constraint
• Used to ensure that the primary key cannot be null.
• A primary key is used to identify individual records in a table and if
the primary key has a null value, then we can't identify those
records.
• There can be null values anywhere in the table except the primary
key column.
In the below employee's table, the ID column is the primary key and contains a null
value in the last row which violates the entity integrity constraint.
ID Name Salary
1101 Jackson 40000
1102 Harry 60000
1103 Steve 80000
1104 Ash 1800000
James 36000
06-05-2024 43
 Referential Integrity Constraint
• Referential Integrity Constraint ensures that there must always exist a valid
relationship between two relational database tables.
• valid relationship between the two tables confirms that a foreign key exists in a table.
• It should always reference a corresponding value or attribute in the other table or be
null.
• Consider an Employee and a Department table where Dept_ID acts as a foreign key
between the two tables. • Dept_ID acts as a foreign key
Employee Table Department Table in the Employee table and a
primary key in the
ID Name Salary Dept_ID Department table.
Dept_ID Dept_Name
1101 Jackson 40000 3 • Row having DeptID=4 violates
1 Sales
1102 Harry 60000 2 the referential integrity
2 HR constraint since DeptID 4 is
1103 Steve 80000 4
3 Technical not defined as a primary key
1104 Ash 1800000 3 column in the Department
table.
1105 James 36000 1
06-05-2024 44
Key constraint
• Keys are the set of entities that are used to identify an entity within its entity
set uniquely.
• There could be multiple keys in a single entity set, but out of these multiple
keys, only one key will be the primary key.
• A primary key can only contain unique and not null values in the relational
database table.
• The last row of the student's table
Roll No Name Age Class violates the key integrity constraint
101 Adam 14 6 since Roll No 102 is repeated twice in
the primary key column.
102 Steve 16 8
103 David 8 4
• A primary key must be unique and not
null therefore duplicate values are not
104 Bruce 18 12 allowed in the Roll No column of the
102 Tim 6 2 above student's table.

06-05-2024 45
 Multi-phase commit protocols
• In a local database system, for committing a transaction, the transaction manager has
to only convey the decision to commit to the recovery manager.
• However, in a distributed system, the transaction manager should convey the
decision to commit to all the servers in the various sites where the transaction is
being executed and uniformly enforce the decision.
• When processing is complete at each site, it reaches the partially committed
transaction state and waits for all other transactions to reach their partially
committed states.
• When it receives the message that all the sites are ready to commit, it starts to
commit.
• In a distributed system, either all sites commit or none of them does.
Different distributed commit protocols are:
• One-phase commit
• Two-phase commit
06-05-2024
• Three-phase commit 46
 Distributed One-phase Commit
• Distributed one-phase commit is the simplest commit protocol.
• Let us consider that there is a controlling site and a number of slave sites where
the transaction is being executed.

The steps in distributed commit are −

• After each slave has locally completed its transaction, it sends a “DONE” message
to the controlling site.
• The slaves wait for “Commit” or “Abort” message from the controlling site. This
waiting time is called window of vulnerability.
• When the controlling site receives “DONE” message from each slave, it makes a
decision to commit or abort. This is called the commit point. Then, it sends this
message to all the slaves.
• On receiving this message, a slave either commits or aborts and then sends an
acknowledgement message to the controlling site.

06-05-2024 47
 Distributed Two-phase Commit
• Distributed two-phase commit reduces the vulnerability of one-phase commit
protocols. The steps performed in the two phases are as follows −
Phase 1: Prepare Phase
• After each slave has locally completed its transaction, it sends a “DONE” message
to the controlling site. When the controlling site has received “DONE” message
from all slaves, it sends a “Prepare” message to the slaves.
• The slaves vote on whether they still want to commit or not. If a slave wants to
commit, it sends a “Ready” message.
• A slave that does not want to commit sends a “Not Ready” message. This may
happen when the slave has conflicting concurrent transactions or there is a
timeout.

06-05-2024 48
 Distributed Two-phase Commit
Phase 2: Commit/Abort Phase
• After the controlling site has received “Ready” message from all the slaves −
▪ The controlling site sends a “Global Commit” message to the slaves.
▪ The slaves apply the transaction and send a “Commit ACK” message to the
controlling site.
▪ When the controlling site receives “Commit ACK” message from all the slaves, it
considers the transaction as committed.
• After the controlling site has received the first “Not Ready” message from any slave
▪ The controlling site sends a “Global Abort” message to the slaves.
▪ The slaves abort the transaction and send a “Abort ACK” message to the
controlling site.
▪ When the controlling site receives “Abort ACK” message from all the slaves, it
considers the transaction as aborted.

06-05-2024 49
 Distributed Three-phase Commit
The steps in distributed three-phase commit are as follows −
• Phase 1: Prepare Phase
steps are same as in distributed two-phase commit.
• Phase 2: Prepare to Commit Phase
controlling site issues an “Enter Prepared State” broadcast message.
slave sites vote “OK” in response.
• Phase 3: Commit / Abort Phase
steps are same as two-phase commit except that “Commit ACK”/”Abort ACK”
message is not required.

06-05-2024 50