Review of Basic Security
Mechanisms
There are numerous ways to classify something as complex as
security. Chapter 4
focuses on the goals of the attacker, that is, what the attacker gains if he is
successful. This section introduces another method of classifying attacks based
on the security mechanism targeted by the attacker.
Every effective security architecture uses one or more security
mechanisms to implement the goals of the architecture. These basic security
mechanisms are confidentiality, integrity, and availability.
Confidentiality
Confidentiality protects against the inadvertent or malicious
disclosure of sensitive information, that is, it conceals information. Usually,
confidentiality is provided by cryptographic or access control mechanisms. Let's
review the definitions of these mechanisms.
Cryptography
Encryption is the process of
making information indiscernible to an adversary, and cryptography is the study of making and breaking
encryption algorithms. There are two widely used forms of encryption: symmetric
and asymmetric. With symmetric encryption, the communicating parties share a
secret—a key—that is used for both encryption and decryption. With asymmetric
encryption, the communicating parties usually have two keys, a private key for
decryption and a public key for encryption. The inverse is also true. The
private key can be used to encrypt some data. In this case, the result is
essentially a signature that can be verified by anyone having knowledge of the
corresponding public key, if he knew or could compute the value of the encrypted
data. Now, let's discuss symmetric and asymmetric encryption in more
detail.
Asymmetric Encryption
Asymmetric encryption, also known as public key cryptography,
uses a different key for decryption than the key used for encryption, as
follows:
M = D(private_key, E(public_key, M)),
where M is the message, D is the decryption function, and E is the encryption function.
Usually, the two keys used in the process are referred to as a
key pair, with one key called the private key
and the other key called the public key. The public key is shared with anyone
for communications purposes, and the private key remains known only to the
holder, or principal, of the key pair. The public key is usually shared in the
form of a certificate that includes information that uniquely identifies the
holder of the key pair as well as the signature of the issuer—a trusted entity
that vouches that the identity bound to the public key in the certificate is
correct. The process that issues and revokes public-key certificates is called a
public key infrastructure, or PKI.
An example of an asymmetric encryption algorithm is the widely
used RSA public key algorithm designed by Rivest, Shamir, and Adleman (Rivest et al.,
1979).
Symmetric Encryption
Symmetric encryption uses the same secret key, k, for both encryption and decryption, in other
words:
M = D(k, E(k, M).
Examples of popular symmetric encryption algorithms include the
RC4 (Ron's Cipher 4) by Ron Rivest and AES (Advanced Encryption Standard)
ciphers, both of which have already been covered in some detail (RC4 in Chapter 6, and AES in Chapter 12). Symmetric
ciphers operate in one of two fashions—stream or block. In a stream cipher, such
as RC4, each byte of the plaintext or ciphertext is processed individually—that
is, a byte is the basic unit. In a block cipher such as AES, the plaintext or
ciphertext is grouped together into blocks of a predetermined and fixed size and
then processed as a single unit.
When two parties wish to communicate securely using a symmetric
cipher, they first must agree upon the shared secret, k, in a secure fashion. This is usually accomplished
via key distribution or key agreement, both of which are forms of key
management, which we discuss next.
Key Management
Key management systems provide the means for implementing
cryptographic periods via the secure
distribution of new keys on a regular basis. An important point is that
disclosure of the secret key during distribution would cause any cryptographic system to fail, and failing to
regularly change keys would weaken most cryptographic systems. Therefore, every
security architecture should use a robust key management system.
Of the two approaches to key management, manual and automatic
(electronic) systems, manual systems are more prone to risk because they
significantly depend on human assistance, which has historically been the
weakest link in any security architecture. Automatic systems, while more
difficult to design, are significantly more robust when correctly designed,
implemented, and operated.
Access Control
Access control is another mechanism that supports
confidentiality. We previously followed the analogy of the much-valued doorman
who allows only those who live in an apartment building to enter it.
Essentially, the purpose of access control is to allow only those who are
authorized to use or view system resources. Typically, this is accomplished
through an access control list (ACL), which in its simplest form is a look-up
table based on some identity criteria. Access control mechanisms work very
closely with authentication as they rely on a valid identity (proven by
authentication) to make decisions concerning access. Remember we first
introduced access control in Chapter 8 and authentication in Chapter 6.
Integrity
There are two aspects to integrity. With source integrity—also known as authentication—the
information's originator is known and credible. With data integrity, we seek to prevent inadvertent or
malicious modification of the data.
Source Integrity
Source integrity (authentication) is the process of proving
either a principal's identity or a trusted source of data/system resources.
Strong authentication requires two elements. The first is a common trust
element—something or someone whom the object doing the authentication trusts and
who can vouch for the subject or person being authenticated. The second element
is a unique identity for the subject being authenticated. For example, when you
use a check to pay for goods, the cashier usually asks to see your driver's
license to ensure that it matches the name on the check. In other words, the
clerk is authenticating your identity by trusting the Department of Motor
Vehicles to have verified your identity before issuing you a driver's license.
Although not foolproof, the difficulty of forging drivers' licenses encourages
merchants to use them as verification when accepting checks.
Authentication works closely with access control mechanisms,
which require a verified identity to make access decisions.
Data Integrity
Ensuring data integrity requires the detection and, ideally,
the prevention of unauthorized modifications. Whereas cryptography detects
integrity violations, access control prevents integrity violations.
Access control for data integrity is similar to using access
control for confidentiality; the mechanism prevents attackers from accessing and
thus modifying the data. The cryptographic approach is somewhat different in
that it uses a cryptographic hash function to create a unique hash value or
fingerprint of the data. To be considered a cryptographic hash function, an
algorithm must meet four requirements:
-
The hash value must be easy to compute.
-
Creating data that results in a specific hash value must be
computationally difficult so that it is difficult for adversaries to replicate
that hash value and make undetected alterations to data.
-
The hash function must be one way, making it difficult to
recreate the data based solely on the hash value.
-
Collisions—that is, identical hash values for two random data
sets—must be difficult to find.
Given a cryptographic hash function, detecting integrity
violations is straightforward. First, we compute the hash value for a given data
set. Then, we compute a new hash value over the same data at a later time and
compare it to the previous value. If the two values are not equal, the data was
modified. We do this using message authentication codes and digital
signatures.
Message Authentication Codes
Message authentication codes (MAC) use a keyed one-way function to
provide message authenticity proving that the contents have not been altered in
route.
A keyed cryptographic hash is the most common way to build a
MAC, requiring a shared secret, k, between the
communicating parties and an agreed-upon cryptographic hash function, H. To send a message, M,
along with another MAC, the sender computes the MAC using MAC = H(k M, k), and
sends <M, MAC> to the recipient.
Upon receipt, the receiver computes a MAC value over M and compares the computed value to the received MAC.
If the two values are the same, the message authenticity is valid.
While the simple MAC shown previously provides message
authenticity, it should not be used in practice because a much stronger MAC
exists. The HMAC MAC has a formal basis for its security properties (Krawczyk,
2003).
Digital Signatures
Digital signatures use a cryptographic hash function such as
MD5 or SHA1 along with public key cryptography to ensure message authenticity
and data integrity. To compute a digital signature, the sender first computes a
hash value h of the message M and then encrypts this hash value using an asymmetric
algorithm, typically RSA, with the sender's private key. This process of
computing a digital signature is shown below:
h = H(M)
S = ERSA(private_key, h)
The sender now sends the message M and the signature S to
the recipient. To verify the authenticity of the message, the receiver
calculates the hash value of the message, h´, and
decrypts the signature S using the sender's
public key to obtain the original hash value h.
The receiver now compares the two hash values: If they are equal, the message is
authentic; if they are not, the message was either tampered (data integrity
attack) or not tampered while in route from the expected sender (source
integrity). The process of generating the two hash values is shown below:
h' = H(M)
h = DRSA(public_key, S)
Some people wrongly believe that cryptography provides a
complete security solution. It does not. Cryptography is an extremely important
tool in providing security, but it is not the complete solution to our security
problems.
Sections
Archive
Syndication
