COMPUTER

SECURITY
UNIT-2 : AUTHENTICATION, AUTHORIZATION,
CONFIDENTIALITY AND DATA INTEGRITY

1
 Computer Security Overview

•“The protection afforded to an

automated information system in order to
attain the applicable objectives of
preserving the integrity, availability and
The NIST Computer Security Handbook defines the term Computer Security as:
confidentiality of information system
resources”
•Includes hardware, software, firmware,
information/data and
telecommunications.
The CIA Triad
The CIA Triad
This definition introduces three key objectives that are at the heart of computer security:

• Confidentiality: This term covers two related concepts:

— Data confidentiality : 1 Assures that private or confidential information is not made available or disclosed to unauthorized
individuals.

— Privacy : Assures that individuals control or influence what information related to them may be collected and stored and by whom
and to whom that information may be disclosed.

• Integrity: This term covers two related concepts:

— Data integrity : Assures that information and programs are changed only in a specified and authorized manner.

— System integrity : Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent
unauthorized manipulation of the system.

• Availability: Assures that systems work promptly and service is not denied to authorized users.

4
 Key Security Concepts
Confidentiality Integrity Availability

• preserving authorized • guarding against improper • ensuring timely and

restrictions on information modification reliable access to and use
information access and or destruction, of information
disclosure. • including ensuring
• including means for information
protecting personal nonrepudiation and
privacy and proprietary authenticity
information
Levels of Impact
Low Moderate High
The loss could be
The loss could be The loss could be
expected to have
expected to have expected to have
a severe or
a limited adverse a serious adverse
catastrophic
effect on effect on
adverse effect on
organizational organizational
organizational
operations, operations,
operations,
organizational organizational
organizational
assets, or assets, or
assets, or
individuals individuals
individuals
 Computer Security Challenges
Computer security is both fascinating and complex. Some of the reasons follow:

1.Computer security is not as simple as it might first appear to the novice. The requirements seem to be
straightforward, but the mechanisms used to meet those requirements can be quite complex and subtle.
2. In developing a particular security mechanism or algorithm, one must always consider potential attacks (often
unexpected) on those security features.
3. Hence procedures used to provide particular services are often counterintuitive.
4. Having designed various security mechanisms, it is necessary to decide where to use them.
5. Security mechanisms typically involve more than a particular algorithm or protocol, but also require participants
to have secret information, leading to issues of creation, distribution, and protection of that secret information.
6. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the designer
or administrator who tries to close them.
7. There is a natural tendency on the part of users and system managers to perceive little benefit from security
investment until a security failure occurs.
8. Security requires regular monitoring, difficult in today's short-term environment.
9. Security is still too often an afterthought - incorporated after the design is complete.
10. Many users / security administrators view strong security as an impediment to efficient and user-friendly
operation of an information system or use of information.
Computer Security Terminology
Adversary (threat agent)
◦ An entity that attacks, or is a threat to, a system.

Attack
◦ An assault on system security that derives from an intelligent threat; a deliberate
attempt to evade security services and violate security policy of a system.
Countermeasure
◦ An action, device, procedure, or technique that reduces a threat, a vulnerability,
or an attack by eliminating or preventing it, by minimizing the harm it can cause,
or by discovering and reporting it so that corrective action can be taken.
 Computer Security Terminology
Risk
◦ An expectation of loss expressed as the probability that a particular threat
will exploit a particular vulnerability with a particular harmful result.
Security Policy
◦ A set of rules and practices that specify how a system or org provides
security services to protect sensitive and critical system resources.
System Resource (Asset)
◦ Data; a service provided by a system; a system capability; an item of system
equipment; a facility that houses system operations and equipment.

9
Computer Security Terminology
Threat
◦ A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security
and cause harm.
Vulnerability
◦ Flaw or weakness in a system's design, implementation, or operation
and management that could be exploited to violate the system's
security policy.

10
Security Concepts and Relationships

11
 Assets of a Computer System

D
H
S
C

a
o
o
m
m

afrtd
u
ni
c
at
i
o
n

w
ac

ta
iltes
a
n
d

ne
t
w

r
or

ae
ks
Assets of a Computer System
The assets of a computer system can be categorized as follows:
Hardware: Including computer systems and other data processing, data storage, and data
communications devices
Software: Including the operating system, system utilities, and applications.
Data: Including files and databases, as well as security-related data, such as password files.
Communication facilities and networks: Local and wide area network communication links,
bridges, routers, and so on.

13
Vulnerabilities, Threats and Attacks
Vulnerabilities
◦ leaky (loss of confidentiality)
◦ corrupted (loss of integrity)
◦ unavailable or very slow (loss of availability)

Threats
◦ capable of exploiting vulnerabilities
◦ represent potential security harm

Attacks (threats carried out)

◦ passive or active attempt to alter/affect system resources
◦ insider or outsider

14
 means used to deal with
security attacks
Countermeasures
• prevent
• detect
• recover

may introduce new vulnerabilities

Residual vulnerabilities may remain

goal is to minimize residual level of

risk to the assets

15
Threat Consequences
Unauthorized disclosure is a threat to confidentiality. The following types of attacks can result in this threat
consequence:
• Exposure: This can be deliberate, as when an insider intentionally releases sensitive information, such as credit
card numbers, to an outsider. It can also be the result of a human, hardware, or software error, which results in an
entity gaining unauthorized knowledge of sensitive data. There have been numerous instances of this, such as
universities accidentally posting student confidential information on the Web.
• Interception: Interception is a common attack in the context of communications. On a shared local area
network (LAN), such as a wireless LAN or a broadcast Ethernet, any device attached to the LAN can receive a copy
of packets intended for another device. On the Internet, a determined hacker can gain access to e-mail traffic and
other data transfers. All of these situations create the potential for unauthorized access to data.
• Inference: An example of inference is known as traffic analysis, in which an adversary is able to gain
information from observing the pattern of traffic on a network, such as the amount of traffic between particular
pairs of hosts on the network. Another example is the inference of detailed information from a database by a user
who has only limited access; this is accomplished by repeated queries whose combined results enable inference.
• Intrusion: An example of intrusion is an adversary gaining unauthorized access to sensitive data by overcoming
the system’s access control protections.

16
Threat Consequences
Deception is a threat to either system integrity or data integrity. The following types of
attacks can result in this threat consequence:
• Masquerade: One example of masquerade is an attempt by an unauthorized user to gain
access to a system by posing as an authorized user; this could happen if the unauthorized user
has learned another user’s logon ID and password. Another example is malicious logic, such as
a Trojan horse, that appears to perform a useful or desirable function but actually gains
unauthorized access to system resources or tricks a user into executing other malicious logic.
• Falsification: This refers to the altering or replacing of valid data or the introduction of false
data into a file or database. For example, a student may alter his or her grades on a school
database.
• Repudiation: In this case, a user either denies sending data or a user denies receiving or
possessing the data.

17
Threat Consequences
Usurpation is a threat to system integrity. The following types of attacks can result in this
threat consequence:
• Misappropriation: This can include theft of service. An example is a distributed denial of
service attack, when malicious software is installed on a number of hosts to be used as platforms
to launch traffic at a target host. In this case, the malicious software makes unauthorized use of
processor and operating system resources.
• Misuse: Misuse can occur by means of either malicious logic or a hacker that has gained
unauthorized access to a system. In either case, security functions can be disabled or thwarted.

18
Threat Consequences
Disruption is a threat to availability or system integrity
Incapacitation: a result of physical destruction of or damage to system hardware
Corruption: system resources or services function in an unintended manner; unauthorized
modification
Obstruction: e.g. overload the system or interfere with communications

19
Scope of Computer Security

20
Computer and Network Assets

Jamming

21
Passive and Active Attacks
Passive attacks attempt to learn or make use of information from the system but does
not affect system resources
◦ eavesdropping/monitoring transmissions
◦ difficult to detect
◦ emphasis is on prevention rather than detection
◦ two types:
◦ message contents
◦ traffic analysis

Active attacks involve modification of the data stream

◦ goal is to detect them and then recover
◦ categories:
◦ masquerade
◦ replay
◦ modification of messages
◦ denial of service

22
 Security Functional Requirements
Computer security technical
measures
overlap computer security
Management controls and
technical measures and
procedures
management controls

• awareness & training

• access control • configuration management
• audit & accountability
• identification & authentication; • incident response
• certification, accreditation, &
• system & communication • media protection
security assessments
protection
• contingency planning
• system & information integrity
• maintenance
• physical & environmental
protection
• planning
• personnel security
• risk assessment
• systems & services acquisition

23
  Data Origin Authentication
Authentication  corroboration of the source of a data
Service  supports applications where there are no
prior interactions

assuring a communication is from the source Peer Entity Authentication

that it claims to be from
◦ interference by a third party masquerading as
one of the two legitimate parties
◦ corroboration of the identity of a peer entity
◦ confidence that an entity is not performing
◦ a masquerade or
◦ an unauthorized replay

24
 Access Control Nonrepudiation
Service Service

 prevents either sender or receiver

limit and control the access to host systems and
applications from denying a transmitted
message

each entity trying to gain access must first be

identified, or authenticated

25
 Data Confidentiality ◦ connection confidentiality
Service
◦ connectionless confidentiality

◦ selective-field confidentiality
protection of transmitted data from passive
attacks ◦ traffic-flow confidentiality

protects user data transmitted over a period

of time

26
 connectionless integrity service
Data ◦ provides protection against message modification
Integrity only
Service
connection-oriented integrity service
◦ assures that messages are received as sent
◦ no duplication, insertion modification,
can apply to a stream of messages, a single reordering, or replays
message, or selected fields within a
message

with and without recovery

27
 a variety of attacks can result in the loss of or
reduction in availability
◦ some of these attacks are amenable to
Availability authentication and encryption
Service ◦ some attacks require a physical action to
prevent or recover from loss of availability

◦ depends on proper management and control

of system resources
a service that protects a system to ensure
its availability
◦ being accessible and usable upon
demand by an authorized system
entity

28
Security Implementation

Prevention Detection

Complementary courses
of action

Recovery Response

29
Security Mechanism
Feature designed to
◦ Prevent attackers from violating security policy
◦ Detect attackers’ violation of security policy
◦ Response to mitigate attack
◦ Recover continue to function correctly even if attack succeeds

No single mechanism that will support all services

◦ Authentication, authorization, availability, confidentiality, integrity, non-repudiation

30
Fundamental Security Design Principles
Economy of Complete
Fail-safe defaults Open design
mechanism mediation

Separation of Least common Psychological

Least privilege
privilege mechanism acceptability

Isolation Encapsulation Modularity Layering

Least
astonishment
 Attack Surfaces
Consist of the reachable and exploitable vulnerabilities in a system

Examples:
Code that processes
An employee with
Open ports on incoming data,
access to sensitive
outward facing Web Services available email, XML, office
Interfaces, SQL, and information
and other servers, on the inside of a documents, and
Web forms vulnerable to a
and code listening firewall industry-specific
social engineering
on those ports custom data
attack
exchange formats
 Attack Surface Categories
Network Attack
Surface
Vulnerabilities over an
enterprise network, wide-
area network, or the Internet
Included in this category are
network protocol
vulnerabilities, such as those
used for a denial-of-service
attack, disruption of
communications links, and
various forms of intruder
attacks
Software Attack Human Attack
Surface Surface
Vulnerabilities in application,
utility, or operating system
code
Vulnerabilities created by
personnel or outsiders, such
as social engineering, human
error, and trusted insiders
Particular focus is Web server
software
Defense in Depth and Attack Surface
 Computer Security Strategy

Implementation & Correctness &

Specification & Policy
Mechanisms Assurance

what is the security

scheme supposed to how does it do it? Does it really work?
do?

35
Computer
Security Policy
Security Strategy
Security
• Formal statement of rules Implementation
and practices that specify or • Involves four complementary
regulate how a system or courses of action:
organization provides • Prevention
security services to protect
• Detection
sensitive and critical system
resources • Response
• Recovery

Assurance Evaluation
• The degree of confidence one
• Process of examining a
has that the security
computer product or system
measures, both technical and
with respect to certain
operation, work as intended
criteria
to protect the system and the
information it processes
Security Policy
formal statement of rules and practices that specify or regulate security services
Factors to consider:
◦ value of the protected assets
◦ vulnerabilities of the system
◦ potential threats and the likelihood of attacks

Trade-offs to consider:
◦ ease of use versus security
◦ cost of security versus cost of failure and recovery

37
Assurance and Evaluation
Assurance
◦ the degree of confidence one has that the security measures work as intended
◦ both system design and implementation

Evaluation
◦ process of examining a system with respect to certain criteria
◦ involves testing and formal analytic or mathematical techniques

38
 The Seventies
John Draper
◦ a.k.a. Captain Crunch
◦ “If I do what I do, it is only to explore a system”

In 1971, built Bluebox

◦ with Steve Jobs and Steve Wozniak
                                  

39
The Eighties
Robert Morris worm - 1988
◦ Developed to measure the size of the Internet
◦ However, a computer could be infected multiple times
◦ Brought down a large fraction of the Internet
◦ ~ 6K computers

◦ Academic interest in network security

40
 The Nineties
Kevin Mitnick
◦ First hacker on FBI’s Most Wanted list
◦ Hacked into many networks
◦ including FBI
◦ Stole intellectual property
◦ including 20K credit card numbers
◦ In 1995, caught 2nd time
◦ served five years in prison

41
Code-Red Worm
On July 19, 2001, more than 359,000
computers connected to the Internet were
infected in less than 14 hours

Spread

42
Sapphire Worm
was the fastest computer worm in history
◦ doubled in size every 8.5 seconds
◦ infected more than 90 percent of vulnerable hosts within 10 minutes.

43
 DoS attack on SCO
On Dec 11, 2003
◦ Attack on web and FTP servers of SCO
◦ a software company focusing on UNIX systems

◦ SYN flood of 50K packet-per-second

◦ SCO responded to more than 700 million attack packets over 32 hours

44
 Witty Worm
25 March 2004
◦ reached its peak activity after approximately 45 minutes
◦ at which point the majority of vulnerable hosts had been infected

World
USA

45
 Nyxem Email Virus
 Jan 15, 2006: infected about 1M computers within two weeks
– At least 45K of the infected computers were also compromised by other forms of spyware or
botware

•Spread

46
 Sipscan Botnet
 a botnet-orchestrated stealth scan of the entire
IPv4 address space
 31 Jan–12 Feb 2011

• probing

47