Laureate Online Education Information Security Engineering © All rights reserved XXXXXXXXXXThe Information Security Engineering module, in all its parts: syllabus, guidelines, lectures, discussion...

1 answer below »

Laureate Online Education
Information Security Engineering
© All rights reserved 2000-2009. The Information Security Engineering module, in all its parts: syllabus, guidelines,
lectures, discussion questions, technical notes, images, projects and any additional material is copyrighted by Laureate
Online Education.
Information Security Engineering Seminar for Week 1
Introduction, Security Models and Security Protocols
WELCOME to this module on Information Security Engineering. Over the next few weeks
we will be exploring, thinking about and discussing ideas on the principles and practice of
building secure distributed systems. In particular, we will be covering topics including:
- basic cryptology such as encryption and authentication
- security models and security protocols
- password protection, authentication and access control
- secure networking and internetworking
- digital content protection
- hardware security
- intrusion detection
- security projects management and security evaluation
- practical considerations
We will become familiar with state-of-the-art techniques in Information Security
Engineering.
In our first seminar, we will learn about security engineering problems through examples.
We will look at several application areas and identify particular security-critical problems.
We will then move on to the unifying theme of security engineering: security protocols,
basic security models and related standard frameworks.
What does security mean in general?
Word “security” is overloaded and different people and specialists may mean different
things when using this word in different subject specific context. In our course we will
mostly deal with the following areas: computer systems security, network and
telecommunication systems security, computer and networking applications security, and
Information security in general.
Security in general means a set of principles, models, rules, and mechanisms to ensure
correct and reliable system or application operation and to achieve the following generic
security properties (of the secure system operation, subject or entity):
• Confidentiality
• Authenticity
Page 1 of 17
• Integrity
• Access control
• Availability
Such widely discussed and used security characteristic as privacy is actually a
combination of the few basic security properties and a privacy policy that may be different
in different environment and for different applications. These security properties are
applicable for both physical security, computer security, and human security. It may be an
interesting topic for discussion in the classroom how these generic security properties are
applied in different areas and to different entities. We will learn how to achieve these
security properties or characteristics in system operations and how to design secure
systems by applying security principles, models, mechanisms, and services.
What is security engineering?
One of the most challenging problems for human beings is to find a way to protect our
property and privacy. Typically, we have used locks, fences, signatures and laws to
protect hardware property. Now, in the information era, more and more of our property is
electronic-based and we need similarly effective mechanisms to protect it along with our
privacy.
In the textbook, the author uses three examples to illustrate this new area of information
security engineering. Let us review them briefly here.
Banks
All of us have to do business with banks. But have we ever thought carefully about the
underlying security needs of banking? And have we ever thought about the weakest links
in banking systems? In order to gain a thorough understanding of security issues in
information security engineering, we need to act as the ‘attacker’ for a moment and play
‘on both sides’. The textbook lists several reasons why security engineering is important to
a bank. Here we list in brief a few key concerns relating to banking security systems.
1. An ATM machine is the public face of bank, and an ATM machine means money.
Thus, ATM machines obviously represent a prime ‘hot spot’ for attackers. An
important job for security engineers is to design protocols to protect ATM machines
(both their hardware and software) and to protect the communications between ATM
machines and central bank systems.
2. Customer account-related data is confidential information that should be protected at
all costs. This information is stored on storage disks and mechanisms should be
established for protecting such data – even from insider access.
3. Bank data should always be backed up in several places to ensure data recovery
should disaster strike - such as an earthquake or terrorist attack.
4. Many banks are moving to the Internet, which means more attacking points are
available to the public.
Page 2 of 17
Military communication systems
For most of us, military security is one of the most mysterious areas of all. The Military
was one of the earliest departments to use security mechanisms to protect intelligence.
Most current academic research in security engineering is motivated by military
applications. The textbook lists several important security engineering applications at an
Air Force Base. Most security problems raised in the military environment are also of
relevance to civilian information systems. When information security is mentioned, people
often first think of authentication and confidentiality. However, for military communication
systems, authentication and confidentiality are not enough to ensure a secure system.
Here we list just two of the many, many security problems shared by military systems and
civilian applications which do not relate to classic problems of authentication and
confidentiality:
1. Routing protection. For most of the time, the message flow should also be protected
against traffic analysis attacks. We do not want the enemy to find out who is talking to
whom. In particular, we want to keep our spy in a safe place. In recent years, this
problem has been extensively studied by academic researchers. Indeed, several
applications have been written to address this. For those who are interested in
studying this area further, it is referred to the links provided at the end of this lecture.
2. Covert Channel. In the 1970s, in order to verify the second Strategic Arms Limitation
Treaty (SALT II) between the former U.S.S.R. and the U.S.A., both parties had to
authenticate messages. While concealing a covert channel in the message was not
possible (those are standardized and could be verified by the other party), they tried to
hide one in the authenticator called the subliminal channel. The capacity of this kind of
subliminal message was enough to reveal to the other party which silos were loaded
with a nuclear missile and which were empty. Clearly, using such a subliminal channel
could give an undesired advantage to one side to enable it to carry out a first strike.
More details can be found in G. J. Simmons (1994). Obviously, covert channels are
also one of the security issues that affect civilian applications. The most classical
covert channels, now outdated in the digital age, are invisible inks. Traditionally,
covert channels have been studied within a multilevel computer, but covert channels
may also be established between computers. For example, computer viruses have
been suggested as a method for hiding communication, since a ‘well designed’ virus
must, by definition, have covert properties to avoid detection.
Hospitals
The textbook gives a very nice description of security problems in modern hospitals that
rely heavily on electronic information records. Though the textbook concentrates on
confidentiality and authentication, reliability is also important for hospitals. More and more
operations are carried out with the help of computers and other high intelligence
machines. In rare case, these electronic machines can fail. However, when it comes to
life-critical operations, we need a 100% guarantee that these machines are reliable. One
of the most important areas for security engineering is to build reliable information
systems.
Page 3 of 17
The home
The main market for information systems is shifting to the home. With more and more
residential utilities now managed by computers, security concerns are obviously attracting
more and more attention. In addition to those listed in the textbook, we can still imagine
many, many more.
Terms and Definitions
Like many other subjects, we have our own jargon in security engineering and you need to
read and understand all the definitions detailed in the textbook in Section 1.7. In particular,
you should also become familiar with the widely used names ’Alice’, ’Bob’, and ’Carol’.
You should also have a clear understanding of the following terms: ’subject’, ’principal’,
’group’, ’role’, ’identify’, ’trusted system’, ’confidentiality’, ’secrecy’, ’privacy’,
’authentication’, ’authorization’, ’vulnerability’ and ’security policy’. For more extended
security related terms definition please refer to RFC2828 – Internet Security Dictionary.
Two basic security models
In our daily life we use and interact with different types of systems and applications that
implement different security services. However, from the security engineering point of view
we can distinguish two basic types of systems: open internet/network based systems like
web based applications or network file sharing, and computer systems that typically
represented by operating systems. There are well defined security models for both types
of systems. The first one the Open System Interconnection (OSI) Security Architecture
described in standards X.800/ISO7894-2 that provide a framework for building open
systems and applications that interact over network (including Internet and web based
applications). The second security model is the Trusted Computing Base (TCB) that
defines how such trusted computing environments as operating systems are built and
operate.
However, the question how to secure interaction between trusted/protected operating
system environment and open network interconnection in a consistent way still remains a
problem and an active research topic in the distributed systems and applications security.
This issue became especially important with the development of the Web-Services based
computer Grids and Cloud Computing.
The essential difference between these two models is that the TCB which functionality is
mostly provided by the operating system security kernel is focused on the security of the
managed object which are the processes in the operating system run under the security
monitor control, and OSI security is focused on the security of independent distributed
systems interaction over open networking/Internet environment.
We will briefly discuss some general issues related to the two security models in this
lecture and will return to more detailed discussion on the TCB and Multi-Level Security
model in Seminar 4, and the Internet Security Architecture in Seminar 6.
Page 4 of 17
The OSI Security Architecture
Current Internet infrastructure and networking technologies are built in compliance with
the Open Systems Interconnection (OSI) model.
The OSI security architecture provides a common framework and approach for developing
secure protocols and applications, on one hand, and for evaluation and management of
different security services and procedures, on other hand. The OSI security architecture is
described in the ITU-T Recommendation X.800: Security Architecture for OSI that
specifies basic security services and mechanisms and their relation to the OSI layers. The
OSI security architecture is fully applicable to the Internet TCP/IP protocol stack due their
direct mapping at the Data link, network, and transport layers.
Security services, in the context of the OSI security architecture, are defined as services,
provided by a protocol layer of communicating or interacting systems, which ensure
adequate security of the systems or of data transfers. To ensure openness and
interoperability of communicating or interacting systems, the services are defined for
specific OSI layers and may use one or more security mechanisms. Security policies are
used to manage security services and can be a part of an application specific security
service implementation. X.500 divides all security services into five categories and thirteen
specific services presented in Table A.1 of the appendix A.
Security mechanisms can be defined as processes (that may be implemented as a
device or a program, or applied as a security management procedure) that are designed
to detect, prevent or recover from a potential security attacks.
Security mechanisms are divided into two groups: (1) specific security mechanisms, i.e.
those that can be incorporated into the specific OSI layer in order to provide some of the
services described in Table 1; (2) pervasive security mechanisms which are not specific to
any particular service or layer. Some of the pervasive security mechanisms can be
regarded as aspects of security management.
Definition of the X.800 security mechanisms is provided in Table A.2 of the appendix A.
Additionally, Table A.3 illustrates relationship between security services and security
mechanisms and security mechanisms, and Table A.2 provides a reference what security
services are used at what OSI layers.
The philosophy behind OSI security architecture is that security services and mechanisms
can be added independently using standard/specified interfaces (as illustrated in Fig. 1).
The following are inherited key features of the OSI/Internet security architecture:
• Internet/OSI model suggests that interconnected systems are managed
independently and communicated using protocols specific to each OSI/Internet
layers.
• Trust relations between systems established mutually or via 3rd trusted party, a
group of system can create an administrative and/or trust domain.
Page 5 of 17
• Public Key Infrastructure (PKI) provides a basis for trust management,
authentication and key exchange
• Communication and security protocols can use a session related security context.
Security
Security
OSI Reference
Application layer
Presentation layer
Session layer
Transport layer
Network layer
Data layer
Physical layer
7
6
5
4
3
2
1
Enciphermen
Digital signature
Access
Data
Authenticatio
Notarisatio
Traffic
Routing
Authentication
Access control
Confidentiality
Non-repudiation
Availability
Figure 1. Relation between OSI security services, mechanisms and OSI reference model
layers
Multi-layer Security vs Multi-level security
The two mentioned above security models created a basis for defining two related
practical security models: Multi-layer security and Multi-level security.
Multi-layer security means the following:
1) security layers are defined according to the OSI reference model, i.e. data layer,
network, transport, application, what can be mapped into e.g. NE/node, router/network,
application
2) security services and security mechanisms are defined in such a way that they can be
applied to network/security layers independently (“orthogonally”). This means e.g. that
many (the same) security services are can be used at different networking layers
Multi-level security means the following:
1) Security levels are defined as:
• object/document/resource security classification level, e.g. public, secret, top secret,
Page 6 of 17
• subject/user/requestor clearance level that allows access to this resources.
2) the system corresponds to the Trusted Computing Base (TCB) model and uses
centralised security management model (aka Reference Monitor (RM) in TCB). This can
be explained as similar to OS security.
RM regulates the access of subjects to objects on the basis of their security parameters:
the access privileges (security clearance) of subjects, and the protection attributes
(classification level) of objects.
Security Threats and Attacks
Security threats model is a part of any security architecture. To develop right security
measures, engineers need to understand what security threats exist in the specific
operational environment and against what security attacks the future application must be
protected.
Vulnerability, threat, and attack definition according to RFC2828:
Vulnerability
A flaw or weakness in a system's design, implementation, or operation and
management that could be exploited to violate the system's security policy.
Threat
A potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could breach security and cause harm. That is, a threat
is a possible danger that might exploit a vulnerability.
Attack
An assault on system security that derives from an intelligent threat, i.e., an intelligent
act that is a deliberate attempt (especially in the sense of a method or technique) to
evade security services and violate the security policy of a system. Attack may consist
of one or more steps taken by attacker to achieve an unauthorised result. Successful
attack may lead to intrusion and further escalated as an incident.
Opponents or attackers try various ways to attack a protocol using one of two main
techniques:
The Passive Attack
Passive attacks involve eavesdropping on, or the monitoring of, protocol execution. The
goal of the opponent is to obtain information that is being transmitted. Two types of
attacks are involved here: the release of message contents and traffic analysis.
The release of message contents is easily understood. A message flow in the protocol
may contain sensitive or confidential information. Our aim is to prevent the opponent from
learning the contents of these messages.
The second passive attack, traffic analysis, is more subtle. Suppose that we had a way of
masking the contents of messages or other information traffic so that opponents, even if
Page 7 of 17
they captured the message, could not extract the information from the message. A
common technique for masking contents is encryption. If we had encryption protection in
place, an opponent might still be able to observe the pattern of these messages. The
opponent could determine the contents of the message by observing where the message
is sent to. In the case of a hospital records transmission protocol for example, if the
opponent observes that the data of a patient were sent to the AIDS center, then, with high
probability, it could be deduced that this patient might be infected with AIDS.
The Active Attack
The second major category of attacks on protocols is the active attack. This involves some
modification of the data stream or the creation of a false stream and can be subdivided
into four categories: masquerade, replay, modification of messages, and denial of service.
A masquerade takes place when one entity pretends to be another. For example, the
authentication sequence can be captured and replayed after a valid authentication
sequence has taken place, thus enabling an authorized entity with few privileges to obtain
extra privileges by impersonating an entity that has those privileges.
Replay involves the passive capture of a data unit and the later retransmission of this
data.
Modification of messages simply means that some portion of a legitimate message is
altered, or that messages are delayed or reordered in the protocol.
Denial of service prevents or inhibits the protocol being executed.
Our textbook provides a detailed description of protocols and analyzes the security
properties of several protocols. More realistic attacks could be combinations of those we
have mentioned above.
Protocols
If security engineering has a unifying theme, it is the study of security protocols. Roughly
speaking, a protocol is a series of steps, involving two or more parties, designed to
accomplish a task. A ’series of steps’ means that the protocol is step-by-step and each is
executed in turn. No step can be taken before the previous step is finished. Although a
principal can perform a series of steps to accomplish a task, this does not mean it is a
protocol. Finally, the phrase ’designed to accomplish a task’ means that the protocol must
achieve something. A protocol could be as simple as swiping a badge through a reader in
order to enter a building. It is easy to design protocols, but it is generally hard to guarantee
that a protocol is secure. It is possible that an innocuous protocol that has been used for
many years is subsequently found to be flawed.
The textbook presents several security protocols. In order to understand these standard
cryptographic protocols, we need to be familiar with the following notation:
A Æ B: m
Page 8 of 17
This is always used to denote the event when a subject A sends a message m to another
subject B. For example, we could explain the similar notation on page 15 of the textbook
as follows:
Here T is the Token T Æ G : T, {T,N}KT
T transmits to G the following
Garage gets the following and deciphers it
Here T is the name of token
Random nonce
The key
In particular, this notation means that the token T transmits the message “T,{T,N}KT” to the
garage G, where T in the message body is the name of the hardware token and N is a
random nonce. {T,N}KT means that the message {T,N} is encrypted with the key KT. This
kind of notation is used extensively in the protocols described in the textbook and other
references.
In addition to many important protocols presented in the textbook, we describe below a
few other widely used protocols.
Identification or entity authentication
In today’s networked society it is often necessary for communicating parties to verify each
other’s identity. Identification or entity authentication is a technique designed to let one
party prove the identity of another party. An entity can be a person, a client, or a server. In
the entity authentication process, an entity those identity needs to be proved is called the
claimant; and the party that needs to prove the identity of claimant is called the verifier. To
identify herself to the verifier, the claimant must present one of so-called witnesses:
something she knows, something she possesses, something she is. In the simplest but
widely used case, this can be done by the use of passwords (“something she knows”)
even though the security offered by passwords used in the standard way is very limited.
Building strong identification protocols has been one of the central topics in cryptographic
research. The textbook provides examples of identification schemes such as the in-car
token and garage scheme and the identify-friend-or-foe scheme.
The invention of zero knowledge proof systems is one of the most important inventions in
identification study. In zero-knowledge authentication the claimant doesn’t reveal anything
that may lead to compromising the secret. After exchanging messages, the verifier will
know that claimant either does know or does not know the secret.
Page 9 of 17
One of the most famous examples is the Feige-Fiat-Shamir zero knowledge identity proof
scheme - which is still one of the best-known. So significant was this development that the
USA National Security Agency (NSA) even tried to prevent its spread. In 1986, when the
inventors applied for a US patent on this scheme, the Patent Office sent them an order at
the request of the Army which says: “…the disclosure or publication of the subject
matter…would be detrimental to the national security…” The inventors were then ordered
to notify all Americans to whom the research had been disclosed that unauthorized
disclosure could lead to two years’ imprisonment, a $10,000 fine, or both. This is
interesting since the inventors had presented their work in conferences throughout Israel,
Europe and US by that time (it seems that NSA did not know this fact?).
Zero knowledge protocol
In order to study their security aspects, researchers have defined a mathematical notion
for secure protocols. For most of the time, we say that a protocol is secure only in a
heuristic way. We never have a notion of secure protocols in mind. One revolutionary
development in this field is ’zero knowledge protocols’.
Let’s consider the following scenario. By chance, Alice acquires the password she needs
to access the computer systems of the Federal Bank. Alice boasts of this fact to Bob. But
Bob does not believe her. The usual way for Alice to prove something to Bob is for Alice to
tell him. But, if she does, then Bob will know the password. Bob could then tell anyone
else that he got the password first and then passed it on to Alice. So, how can we design
a protocol so that Alice can prove to Bob that she got the password first - and Bob cannot
prove to anyone that it was he who first acquired it? A protocol of this type (if successfully
designed) is called a zero knowledge protocol.
Zero knowledge protocol – Cave example
Two cryptographers Jean-Jacques Quisquater and Louis Guillou explained the concept of
zero knowledge with a story about Ali Baba’s cave. This is illustrated in Figure 2 and has
two passages forked at point B and a secret door. Only someone who knows the magic
words can open the secret door between C and D. For anyone else, both passages lead
to dead ends.
Page 10 of 17
Figure 2. Ali Baba’s Cave
Alice knows the secret of the cave. She wants to prove her knowledge to Bob, but she
does not want to reveal the magic words. The following protocol can achieve this
objective.
1. Bob stands at point A.
2. Alice walks all the way into the cave, either to point C or to point D.
3. After Alice has disappeared into the cave, Bob walks to point B.
4. Bob shouts to Alice, asking her either to:
a. Come out of the left passage or
b. Come out of the right passage.
5. Alice complies, using the magic words to open the secret door if she has to.
6. Alice and Bob repeat the above steps (1 to 5) n times.
Let’s assume that Bob has a camcorder and records everything he sees. He records Alice
disappearing into the cave. He records when he shouts out where he wants Alice to come
out from. And he records Alice coming out. He records all n trials. Obviously, Bob learns
nothing about the magic words. Now if he shows this record to Carol, would Carol believe
that Alice knew the magic words to open the door? No. But what if Alice and Bob had
agreed beforehand what Bob would call out, and Alice would make sure that she followed
her chosen path, and would then come out where Bob asked her to every time, without
knowing the magic words? Or maybe they wouldn’t do that. Alice would go into one of the
passages and Bob would call out a random request. If Bob guessed right, great. If he
didn’t, they would edit that trial out of the camcorder recording. Either way, Bob could get
a recording showing exactly the same sequence of events as if it were real proof that Alice
knew the magic words. This protocol also guarantees that Bob cannot get the magic
words via Alice’s proof and cannot prove to others that he knows the magic words. This
kind of protocol is called a zero knowledge protocol. Formally, a protocol for Alice to prove
Page 11 of 17
the knowledge of a secret s is called zero knowledge if the following conditions are
satisfied:
1. Completeness. Bob always accepts the proof if Alice really knows the secret s and
Bob follows the protocol.
2. Soundness. Bob always rejects the proof if Alice does not know the secret s and
Bob follows the protocol.
3. Zero knowledge. Bob learns nothing about s even if Bob does not follow the
protocol as long as Alice does. This definition is to guarantee that Bob will not use
some other trick to learn the secret s, e.g. Bob follows Alice to the gate in Ali
Baba’s cave, and learns what magic words Alice uses to open the secret door. The
only exceptional knowledge Bob can learn about the secret s is as follows:
a. The knowledge that Alice knows this s.
b. The knowledge that Bob could already learn without Alice, e.g. that s is an
integer or words.
In a zero knowledge proof, Bob cannot even later prove the fact to anyone else that
Alice knows the secret s.
We will not go into the mathematical definitions of zero knowledge protocols. Indeed, the
zero knowledge protocol itself would require one entire module. Zero knowledge
techniques have been extensively used to design secure authentication protocols in the
last decade. Zero-knowledge protocol provides a basis for the security protocols stack in
such emerging technology as Trusted Computing Platform (TCP) which we will discuss in
one of the next seminars.
There are many other interesting protocols such as the blind signature scheme which is
mainly used in digital cash systems and secure voting protocols. Unfortunately I do not
think we have enough time to cover this topic in this lecture.
Subliminal Channel
In the first part of this lecture, we talked about subliminal channels. We will now look at
this topic in more detail.
Alice and Bob have been arrested and are on their way to prison. Bob is going to the
men’s prison and Alice is going to the women’s prison. The warden is willing to let Alice
and Bob exchange messages, but he won’t allow them to be encrypted. The warden
expects them to co-ordinate an escape plan, so he wants to be able to read everything
they say. Since a general signature scheme will enable him to achieve this objective, the
warden allows Alice and Bob to use a signature scheme to authenticate their messages
while keeping them in clear text. If the warden were not to allow them to use signature
schemes, then they would not be able to communicate since it could not be guaranteed
that the message really was from the other party. In order to keep signature schemes
secure, most available schemes use random nonce each time when signing a message.
Page 12 of 17
For example, in the digital signature standard (DSS), the signature on a message m is a
pair (r,s) where r is a random seed which is different every time, even if the same
message is signed twice, and s is a function of m, r and the secret key. These random
seeds will obviously help Alice and Bob to build a secure subliminal channel for covert
communication between them in full view of the warden, even if the messages themselves
contain no secret information. Through the exchange of perfectly innocuous signed
messages, they will be able to pass secret information back and forth and fool the warden
even though the warden is checking all communications.
An easy subliminal channel might be the number of 0s in a random seed. An odd number
of 0s might correspond to one and an even number may correspond to zero. Let’s assume
that Alice and Bob share a secret key bit b (b=0 or 1) and Alice wants to send a bit of
information c (c=0 or 1) to Bob. The protocol may proceed as follows:
1. Alice generates an innocuous message, maybe at random.
2. Alice signs the innocuous message in such a way that she hides her subliminal
message b?c in the random seed of the signature. This subliminal message is
obviously only readable by Bob who shares the secret key bit b with Alice, though
anyone can check whether Alice’s signature is valid.
3. Alice then sends this signed message to Bob via the warden.
4. The warden reads the innocuous message and checks the signature. Finding
nothing wrong, he passes the signed message to Bob. Even though he may
suspect that Alice and Bob are using a subliminal channel, he cannot prove this
fact since he does not know the secret key bit b.
5. Bob checks the signature on the innocuous message, confirming that the message
came from Alice.
6. Bob ignores the innocuous message and uses the secret key bit b he shares with
Alice to extract the subliminal message c.
A general description of this kind of attack can be found in Y. Wang (1998). Though we
described the subliminal channel in a negative way, it has several positive applications.
One obvious application is in a spy network, even though, of course, the enemy could do
similar things. In recent years, much research effort has been put into designing
subliminal-free signature schemes.
Some further links and references
Traffic analysis and message flow protection
Onion routing (http://www.onion-router.net/Summary.html) provides an Internet-based
system that strongly resists traffic analysis, eavesdropping, and other attacks both by
outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). It prevents the
transport medium from knowing who is communicating with whom -- the network knows
only that communication is taking place. In addition, the content of the communication is
hidden from eavesdroppers up to the point where the traffic leaves the OR network.
Page 13 of 17
Anonymizer (http://www.anonymizer.com/) provides a relatively secure way to prevent
the web server getting the client machine IP address. This is only relatively secure since
the Anonymizer site still keeps all the routing information. By contrast, the solution
provided by Zeroknowledge is cryptographically secure. No one in the world can access
the real routing information if that solution is implemented.
Covert Channels
B. W. Lampson. A note on the confinement problem. Comm. ACM 16 (1973) 613-615
Covert Channels Bibliography (http://caia.swin.edu.au/cv/szander/cc/cc-general-bib.html).
A list of publications that discuss covert channels in general or are focused on interprocess covert channels on a single computer.
Bibliography
ISO 7498 Information processing systems: Open systems interconnection – Basic
Reference Model. ISO Standard, 1984.
X.800 Security Architecture for Open Systems Interconnection for CCITT applications.
ITU-T (CCITT) Recommendation, 1991.
RFC2828 - Internet Security Glossary. [Online]. Available from
http://www.faqs.org/rfcs/rfc2828.html.
W. Stallings (2006), Cryptography and Network Security. Principles and practices.
Pearson Education, 2006. ISBN: 0-13-187316-4. 679 pp.
G. J. Simmons (1994), Subliminal channels: past and present. In European Trans. On
Telecommunications, 5(4):459—473, July-August, 1994.
Reading requirements
Preface, pp xxix-xxxii, Chapter 1,3, pp 3-15, 63-92). Total - 44 pages
Appendix A. X.800 Security Architecture – Reference materials
Table A.1. X.800 Security Services
Authentication
The process of verifying an identity claimed by or for
a system entity.
Peer entity authentication
This service is provided for use at the establishment
of, or at times during, the data transfer phase of a
connection to confirm the identities of one or more of
Data integrity
Protects against possible data modification during
data transfer over uncontrolled environment.
Provides assurance that data received are exactly
the same as sent by authenticated and authorised
entity. The specific Data integrity services include:
• Connection Integrity with recovery
Page 14 of 17
the entities connected to one or more of the other
entities. This service provides confidence, at the time
of usage only, that an entity is not attempting a
masquerade or an unauthorized replay of a previous
connection.
Data origin authentication
The data origin authentication service provides the
corroboration of the source of a data unit. The
service does not provide protection against
duplication or modification of data units.
Access control
Protection of system resources against unauthorized
access; a process by which use of system resources
is regulated according to a security policy and is
permitted by only authorized entities (users,
programs, processes, or other systems) according to
that policy.
Data confidentiality
These services provide for the protection of data
from unauthorized disclosure
Connection confidentiality
The protection of all user data on a connection of a
specific layer.
Connectionless confidentiality
The protections of all user data in a single data
block.
Selective field confidentiality
The confidentiality of selected fields within the user
data on a connection or in a single data block.
Traffic flow confidentiality
The protection against possible collection of
information that can be derived from the traffic
observation.
• Connection Integrity without recovery
• Selective-field connection Integrity
• Connectionless Integrity
• Selective-field connectionless Integrity
Nonrepudiation
Provides protection against denial by one of the
communicating entities their participation in all or
part of the communication.
Non-repudiation with proof of origin
The recipient of data is provided with proof of the
origin of data. This will protect against any attempt
by the sender to falsely deny sending the data or its
contents.
Non-repudiation with proof of delivery
The sender of data is provided with proof of delivery
of data. This will protect against any subsequent
attempt by the recipient to falsely deny receiving the
data or its contents.
Availability (according to RFC2828) *)
The property of a system or a system resource being
accessible and usable upon demand by an
authorized system entity, according to performance
specifications for the system; i.e., a system is
available if it provides services according to the
system design whenever users request them.
*) Availability is an important security service originally not defined in the X.500 document and used in all
following documents relying on the X.800. Current definition is taken from RFC 2828.
Table A.2. X.800 Security Mechanisms
Specific security mechanisms
These mechanisms may be incorporated into the
appropriate protocol layer in order to provide some
security services.
Encipherment
Encipherment can provide confidentiality of either data or
traffic flow information and can play a part in or
complement a number of other security mechanisms.
Encipherment may use different encryption
algorithms.
Pervasive security mechanisms
These mechanisms are not specific to any specific
security service or protocol layer.
Trusted functionality
The functionality that is perceived to be correct with
respect some criteria. Any functionality that directly
provides, or provides access to, security
mechanisms should be trustworthy.
Security label
The marking securely bound to a resource that
Page 15 of 17
Digital signature
Cryptographic transformation applied to a data unit
to ensure data integrity and protect against data
modification. Digital signature can be appended to
the data or simply associated with the signed data.
Digital signature defines two procedures: signing a
data unit, and verifying a signed data unit.
Access control (or authorisation)
Mechanisms used to enforce access rights of the
authenticated entity to services or resources. Access
control uses the authenticated identity or other
attributes of an entity in order to determine and
enforce access rights or the entity. Access control
often relies on the access control policy.
Data integrity
Mechanisms used to ensure integrity of a data unit
or stream of data units.
Authentication exchange
Mechanisms that can be incorporated into a security
protocol at different layer in order to ensure peer
entity authentication.
Traffic padding
Mechanisms can be used to provide various levels of
protection against traffic analysis. This mechanism can be
effective only if the traffic padding is protected by a
confidentiality service.
Routing control
Enables selection of a particular secure route
depending on specific data security requirements.
Notarisation
Use of a trusted third party to ensure certain
properties of a data exchange, in particular to
support non-repudiation service.
identifies or specifies the security attributes of that
resource.
Event detection
Detection of security-related events that may be
provided entities inside OSI security model, in
particular, b y security mechanisms.
Security Audit trail
Data collected and used to facilitate a security audit.
A security audit is an independent review and
examination of system records and activities in order
to test for adequacy of system controls, to ensure
compliance with established policy and operational
procedures.
Security recovery
Security recovery deals with requests from
mechanisms such as event handling and
management functions, and takes recovery actions
Table A.3 Illustration of relationship of security services and mechanisms (ref. X.800
TABLE 1/X.800)
Mechanism ->
Service
Enciph
erment
Digital
signature
Access
control
Data
integrity
Authentic
ation
exchang
e
Traffic
padding
Routing
control
Notariza
tion
Authentication, Peer entity Y Y Y
Authentication, Data origin Y Y
Access control service Y Y
Connection confidentiality Y Y
Connectionless
confidentiality
Y Y
Page 16 of 17
Selective field
confidentiality
Y
Traffic flow confidentiality Y Y Y
Connection Integrity with
recovery
Y Y
Connection integrity
without recovery
Y Y
Selective field connection
integrity
Y Y
Connectionless integrity Y Y Y
Selective field
connectionless integrity
Y Y Y
Non-repudiation. Origin Y Y Y
Non-repudiation. Delivery Y Y Y
Table A.4 Illustration of the relationship of security services and layers (ref. X.800
TABLE 2/X.800)
Service Layer
1 2 3 4 5 6 7*
Peer entity authentication Y Y Y
Data origin authentication Y Y Y
Access control service Y Y Y
Connection confidentiality Y Y Y Y Y Y
Connectionless confidentiality Y Y Y Y Y
Selective field confidentiality Y Y
Traffic flow confidentiality Y Y Y
Connection Integrity with recovery Y Y
Connection integrity without recovery Y Y Y
Selective field connection integrity Y
Connectionless integrity Y Y Y
Selective field connectionless
integrity
Y
Non-repudiation Origin Y
Non-repudiation. Delivery Y
Y Yes, service should be incorporated in the standards for the layer as a provider option.
- Not provided.
* It should be noted, with respect to layer 7, that the application process may, itself, provide all types of
security services
Page 17 of 17

Answered Same DayDec 22, 2021

Answer To: Laureate Online Education Information Security Engineering © All rights reserved XXXXXXXXXXThe...

David answered on Dec 22 2021
129 Votes
1) Why are timestamps used in the Kerberos protocol?
A timestamp is the character sequence which a
re often encoded in the information which helps in
identifying when any event occurred which is like date and time of the event day and even small
fraction of a second. The term came from the stamps being used in post offices to have the current
date and time to the documents in order to have record when the document was received.
There are few known issues with the Kerberos which one way or the other not related to security of
the Kerberos protocol. Whenever an application wants to use the...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here