Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
48 views

Lecture 1

This document outlines a cryptography and information security course. It introduces the professor and provides information about the course objectives, syllabus, schedule, and topics to be covered including cryptography fundamentals, ciphers, cryptosystems, key establishment protocols, authentication, digital signatures, and information security.

Uploaded by

wuyue026bastian
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
48 views

Lecture 1

This document outlines a cryptography and information security course. It introduces the professor and provides information about the course objectives, syllabus, schedule, and topics to be covered including cryptography fundamentals, ciphers, cryptosystems, key establishment protocols, authentication, digital signatures, and information security.

Uploaded by

wuyue026bastian
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 113

Cryptography and Information Security

6CCS3CIS / 7CCSMCIS

Prof. Luca Viganò

Department of Informatics
King’s College London, UK

First term 2015/16

Lecture 1

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 1
Pleased to meet you

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 2
About myself: Research (and teaching)
Deduction systems
and combination
of logics Analysis of
"
"
""
"
"" distributed
Security protocol "
"
"
"
"
"
""
"
""
"
"
"
"
"
" security
analysis tools (OFMC,"""
"
"
""
"
"
architectures
"
""
"
"
"
""
AVANTSSAR, ...)
"
"

Theoretical research
Formal Methods: Techniques and tools based on mathematics and logic that support
the specification, construction and analysis of hardware and software systems.

and its application to practical problems


in the small, e.g. security protocols and web applications,
in the large, e.g. distributed security architectures.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 3
About myself: wordle of my research papers

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 4
And you are?
Programmes: BSc, MSci, MSc
BSc Computer Science, Year 3
BSc Computer Science with Management, Year 3
BSc Computer Science with Management and a Year
Abroad, Year 4
BSc Computer Science with Management and a Year in
Industry, Year 4
BSc Computer Science with a Year Abroad, Year 4
MSci in Computer Science, Year 3
BSc Computer Science with a Year in Industry, Year 4
Mathematics and Computer Science, Year 3
MSc in Advanced Computing
MSc in Computing & Internet Systems
MSc in Computing & Security
MSc in Computing, IT Law & Management
MSc in Web Intelligence
MSci Computer Science

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 5
Coordinates
Credit level: 6 / 7 Credit value: 15 Exam: Written examination (2 hours)
KEATS: slides, exercises and general material
Slides available before lectures
Watch for corrections (new versions with errata lists)

Office: S6.32 Office hours: Wednesday 14-16 Email: luca.vigano@kcl.ac.uk

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 6
Objectives: for you

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 7
Objectives: for me

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 8
Learning aims & outcomes
Format: mainly frontal lectures, but some practicals and exercises
Learning aims & outcomes:
To introduce both theoretical and practical (and technological)
aspects of cryptography and information security.
On successful completion of this module, students should be able to
understand the relevant mathematical techniques associated with
cryptography;
understand the principles of cryptographic techniques and perform
implementations of selected algorithms in this area; and
appreciate the application of security techniques in solving real-life
security problems in practical systems.
Please note that this module contains several advanced mathematical techniques.
This should not be a problem for students with a reasonable mathematical
background. Explanations are given during the lectures/tutorials and examples are
studied in detail.
Nevertheless, an in-depth understanding of these techniques is required for the
examination and personal work should be anticipated.
Complementary (and introductory) to other modules in security.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 9
Syllabus and general information
Basic terminology and concepts:
Goals of cryptography, terminology and notation, players
Basic cryptographic functions
Number theory:
Congruent modulo n, equivalent class modulo n
Integer modulo n (Zn)
Multiplicative inverse
Relatively prime
Euler’s theorem
Fermat’s little theorem
EEA (Extended Euclidean Algorithm)
CRT (Chinese Remainder Theorem)
Ciphers:
Block ciphers (substitution, transposition, product)
Stream ciphers
Modes of operation (ECB, CBC, CFB, OFB)
Cryptosystems:
Block cipher: DES (Data Encryption Standard), AES (Advanced Encryption
Standard)
Public-key: RSA (Rivest-Shamir-Adleman), El Gamal
One-way hash function: SHA and MD5 (Message Digest 5)
Password hashing and salting
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 10
Syllabus and general information

Key-establishment protocols:
Symmetric and asymmetric techniques (Diffie-Hellman, Needham-Schroeder,
Otway-Rees)
Public-key encryption
Basic and advanced Kerberos protocols
Authentication and identification:
Concepts
Fiat-Shamir and Feige-Fiat-Shamir protocols
Zero-knowledge identification protocol
Digital signatures:
Classification
Digital signature schemes: RSA; EI-Gamal; DSA (Digital Signature Algorithm) and
DSS (Digital Signature Standard)
Information Security:
Password systems: number of acceptable passwords for a given password policy,
exhaustive search password ageing
Introduction to viruses, secure communication, social engineering (phishing),
firewall, buffer overflow, denial of services

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 11
Recommended reading

Slides will cover all the topics.

Recommended bibliography (alphabetical order):


Niels Ferguson, Bruce Schneier, Tadayoshi Kohno. Cryptography
Engineering, John Wiley & Sons, 2010.
Wenbo Mao. Modern Cryptography: Theory & Practice, Prentice
Hall, 2003.
Alfred Menezes, Paul van Oorschot, Scott Vanstone, A.J. Menezes.
Handbook of Applied Cryptography, CRC Press, 1996). Available
online: http://cacr.uwaterloo.ca/hac/.
Christof Paar and Jan Pelzl. Understanding Cryptography: A
Textbook for Students and Practitioners, Springer, 2010.
Bruce Schneier. Applied Cryptography, John Wiley & Sons, 1996.
William Stallings. Cryptography and Network Security. Principles
and Practice. Prentice Hall, 2003.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 12
Calendar
To be revised as the weeks go by... lecture will include (and sometimes
be substituted by) tutorials

Month Day Note


September 24 Introduction
October 1 Lecture
8 Lecture
15 Lecture
22 Lecture
29 Reading(week
November 5 Lecture
12 Lecture
19 Lecture
26 Lecture
December 3 Lecture
10 Revision?lecture

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 13
Outline

1 Motivation
E-Government as an example

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)


Security as policy compliance
Traditional security properties/goals
Security as risk minimization

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 14
Motivation

Table of contents I

1 Motivation
E-Government as an example

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 15
Motivation

Information Security — Past

Security primarily a military concern.


Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 16
Motivation

Information Security — Present

Information Society marked by rapid


expansion of the Internet and convergence
of information and communication
technologies.
Our basic infrastructures are increasingly
based on networked information systems.
Business, finance, communication, energy distribution,
transportation, entertainment, ...
Security becomes everyone’s concern.
President George W. Bush has admitted he does not send
personal emails to his daughters for fear that his “personal
stuff" might end up in the public domain.
Homeland Security and Patriot Act: trade “freedom” for
“security”.
You’ve got e-mail... and the boss knows.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 17
Motivation

An example: privacy, a fundamental good?


Lyndon B. Johnson, President of the USA 1963-1969:
Every man should know that his conversations, his
correspondence, and his personal life are private.

Directive 95/46/EC of the European Parliament:


Whereas data-processing systems are designed to serve man;
whereas they must respect their fundamental rights and
freedoms, notably the right to privacy ... In accordance with
this Directive, Member States shall protect the fundamental
rights and freedoms of natural persons, and in particular their
right to privacy with respect to the processing of personal data.

Scott McNealy, CEO Sun Microsystems, 1999:


You have no privacy — get over it!

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 18
Motivation

e-Hermitism vs. e-Society


The only secure computer is isolated and turned off!
(You have no privacy — get over it.)

The only truly secure system is one that is powered off, cast in
a block of concrete and sealed in a lead-lined room with armed
guards — and even then I have my doubts.
Eugene H. Spafford, Purdue University, often misquoted as
The only system which is truly secure is one which is switched
off and unplugged, locked in a titanium lined safe, buried in a
concrete bunker, and is surrounded by nerve gas and very
highly paid armed guards. Even then, I wouldn’t stake my life on it.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 19
Motivation

e-Hermitism vs. e-Society


The only secure computer is isolated and turned off!
(You have no privacy — get over it.)

But we want, and have, an e-society:

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 20
Motivation

Is your data worth protecting?

Your personal data is interesting.


Shopping habits, family status, religion, political party, criminal
record, vita/career, health, finances, sports/hobbies, ...
Your data is everywhere and computers are good at collecting it.
Bank: transfers, investments, credit card purchases, taxes.
Telephone: source, time, location.
Shopping/travel: from (online) shops, loyalty programs.
Entertainment: movies watched in hotels (also < 2 minutes).
Valuable to sales departments, (future) employers, agencies, etc.
Valuable for you?

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 21
Motivation

Security Trends
4500

4000

3500

Fig. a: Internet-related 3000

vulnerabilities 2500

2000

in the operating systems 1500

1000

in routers and other network 500

devices 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

(a) Vulnerabilities reported

Fig. b: Security incidents 140,000


130,000

Denial of Service attacks 120,000


110,000
100,000
IP spoofing 90,000
80,000
70,000
packet sniffing, . . . 60,000
50,000
40,000
30,000
Source: Computer Emergency 20,000
10,000

Response Team (CERT) 1995 1996 1997 1998 1999 2000 2001 2002 2003

(b) Incidents reported


www.cert.org
Figure 1.1 CERT Statistics

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 22
Motivation

More from CERT

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 23
Motivation

Information Security — Who needs it?


Every one working with computers!
Central to software engineers and system administrators
and even executives and politicians
as well as hackers, terrorists, and other bad guys.
This year’s trial of the embassy bombings revealed that
Bin Laden associates began to use encryption before
1998. Sometimes members of the Al-Qaida
confederation have alternatively resorted to simple code
words. For instance, “working” is said to mean Jihad,
“tools” meant weapons, “potatoes” meant grenades and
“the director” was an alias for Bin Laden. Steganographic
approaches were also used to communicate in at least
three terrorist acts, including the 1998 embassy
bombings in Kenya and Tanzania.
Lisa Krieger, Mercury News, Oct 1. 2001

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 24
Motivation

Information security is everyone’s concern


Our basic infrastructures are increasingly based on networked
information systems:
• administration
• business
• communication
• distribution
• education
• energy
• entertainment
• finance
• health
• news
• transportation
• …
Security not just a concern, but an enabling/disabling factor!
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 25
Motivation

Where? Everywhere!
Computing: The net is the computer!
Must assure selective access to machines,
programs, data, computational resources, etc.
Privacy of data, activities, . . . .

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 26
Motivation

Where? Everywhere!

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 27
Motivation

Where? Everywhere!

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 28
Motivation

Where? Everywhere!

Banking: ATMs, home banking, etc.


Access to accounts, integrity of data, nonrepudiation of
transactions, . . .

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 29
Motivation

Where? Everywhere!

Telecommunications: e.g., mobile (GSM) networks


Confidentiality/privacy of communication, location information, . . .

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 30
Motivation

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 31
Motivation

Extreme Views on Privacy


Extreme Anti-Privacy: “An honest person has nothing to hide!”

Extreme Pro-Privacy: “Otherwise we have 1984!”

Caution: extreme views tend to be a bit naïve...


Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 32
Motivation

Attacker Models

An attacker who controls major parts of the Internet is unrealistic

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 33
Motivation

Attacker Models

An attacker who controls major parts of the Internet is unrealistic

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 34
Motivation

Attacker Models

An attacker who controls major parts of the Internet is not unrealistic

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 35
Motivation

Attacker Models

An attacker who controls major parts of the Internet is not unrealistic

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 36
Motivation

Where? Everywhere!
Infrastructures: energy, water, . . .
Transport: cars, trains, planes, . . .
See, e.g., INTEL’s Best Practices white paper on “Automotive
Security”; cf. also “How automakers can beef up cybersecurity in
the era of the Internet-connected car”, TIME magazine, 09/2015.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 37
Motivation

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 38
Motivation

Where? Everywhere!

(E-)Government: government on line!


Let’s consider some of the challenges that arise in this last domain!

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 39
Motivation E-Government as an example

Table of contents I

1 Motivation
E-Government as an example

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 40
Motivation E-Government as an example

What is e-government?
E-government is the use of information technology (in particular the Internet)
to create or improve services between customers and governments.

Customer
Citizens
(A2C , administration to citizen)

Internet
(Partner− )administrations, courts, ...
Administration (A2A, administration to administration)
as
Service Provider

Companies (Firms, Banks, ...)


(A2B, administration to business)
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 41
Motivation E-Government as an example

Examples of e-government

Email correspondence, both informal and official


Online consultation and virtual information centers
Electronic applications, taxes, administrative procedures
Online voting
. . . and many others!

Similarities to e-business, but with new challenges


(wide-scale coverage, reflection of legal landscape, voting, ...).

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 42
Motivation E-Government as an example

The inner-view of e-government

Intranet Internet
E lectronic
Archiving Web− presentation
P aperless
Office E mail
Workflow center
Document
Management Online− Forms
Knowledge−
base

Administration Customer

Administration is now open (via web, mail, and application servers)


and manages confidential data.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 43
Motivation E-Government as an example

Potentially a win-win situation

For the citizen

=⇒

and for the government

=⇒

Potential for a tremendous efficiency gain, cost reduction, and service


improvement.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 44
Motivation E-Government as an example

But useless without security and trust!

Activists are demanding that the government halt the program,


which links municipal computer systems and gives each Japanese
citizen an 11-digit identification number. The new database stores
personal data — names, addresses, date of birth, and the new ID
numbers — for each of Japan’s 127 million citizens, making it easier
for them to obtain documents for a variety of public services and
benefits.
At least five municipalities have refused to join the system. Critics
say that ID numbers can act as keys to personal data stored at
different locations, making it easy for hackers to create mischief.
And doubts have emerged over the technical aspects after several
municipalities reported computer glitches.
Reuters Limited, 2002
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 45
Motivation E-Government as an example

And more!

Continent Only XSS Only SQL XSS and SQL XSS or SQL None
Africa (61) 14.75 (9) 0.00 (0) 34.43 (21) 49.18 (30) 50.82 (31)
Asia (55) 9.09 (5) 0.00 (0) 76.36 (42) 85.45 (47) 14.55 (8)
Europe (53) 7.55 (4) 0.00 (0) 83.02 (44) 90.57 (48) 9.43 (5)
North America (34) 20.59 (7) 2.94 (1) 52.94 (18) 76.47 (26) 23.53 (8)
Oceania (25) 24.00 (6) 0.00 (0) 28.00 (7) 52.00 (13) 48.00 (12)
South America (17) 17.65 (3) 0.00 (0) 52.94 (9) 70.59 (12) 29.41 (5)

Table 1: Percentages of vulnerabilities in E-Governments for each continent. Number of countries enclosed in
parenthesis. Note that some countries are counted for more than one continent, e.g. Russia belongs to both Europe
and Asia.

Country category Only XSS Only SQL XSS and SQL XSS or SQL None
Clean
1st World (32) 6.25 (2) 0.00 (0) 90.63 (29) 96.88 (31) 3.12 (1)
2nd World (31) 9.68 (3) 0.00 (0) 80.64 (25) 90.32 (28) 9.68 (3)
SQL and XSS
3rd World (50) 18.00 (9) 0.00 (0) 32.00 (16) 50.00 (25) 50.00 (25) XSS only
G8 (8) 0.00 (0) 0.00 (0) 100.00 (8) 100.00 (8) 0.00 (0)
Clean

Table 2: Percentages of vulnerabilities in E-Governments for different country categories. Number of countries
enclosed in parenthesis. Note that not all of the 244 countries are included in the statistic for 1st, 2nd, and 3rd
World, we used the countries listed on (nationsonline.org, 2005).
SQL and XSS
XSS only

AFRICA ASIA

Vulnerabilities in e-governments,
Clean V. Moen et al., University of Bergen, 2006.
Clean
XSS only
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 46
What is Information Security?

Table of contents I

1 Motivation

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 47
What is Information Security?

Information Security
Computer security deals with the prevention and detection of
unauthorized actions by users of a computer system.
Authorization is central to definition.
Sensible only relative to a security policy, stating who (or what) may
perform which actions.
Network security consists of the provisions made in an underlying
computer network infrastructure, policies adopted by the network
administrator to protect the network and the network-accessible
resources from unauthorized access and the effectiveness (or
lack) of these measures combined together.
Information security is (perhaps) even more general: it deals with
information independent of computer systems.
Note that information is more general than data. Data conveys
information. But information may also be revealed, without revealing
data, e.g., by statistical summaries.
Constitutes a basic right: protection of self (possessions, ...).
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 48
What is Information Security?

Information Security: a definition

Information security means protecting information and information


systems from unauthorized access, use, disclosure, disruption,
modification, or destruction

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 49
Dramatis personae of cryptography and information security

Table of contents I

1 Motivation

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 50
Dramatis personae of cryptography and information security
Internet&or&other&insecure&
communica/on&facility&
Agents (principals)
Alice& Bob&
(an&honest&principal)& (an&honest&principal)&

Charlie&
(an&a6acker)&
Following a long-standing tradition in (security) protocols, throughout the
course we’ll consider the following agents (a.k.a. principals):
Honest agents:
Alice, Bob, Carol, ... agents communicating with each other
(e.g. client and bank, bank and bank, client and online shop, ...)
Dishonest agents (a.k.a. attackers, intruders, ...):
Eve: an eavesdropper (i.e., a passive attacker who only listens)
Charlie, Mallory and Zoe: malicious, active attackers
Trusted and/or neutral:
Simon and Trent: (trusted) servers
Peggy and Victor: prover and verifier (zero-knowledge protocols)
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 51
Two common views of Information Security (and properties/goals)

Table of contents I

1 Motivation

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)


Security as policy compliance
Traditional security properties/goals
Security as risk minimization

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 52
Two common views of Information Security (and properties/goals)

Let’s consider two common views of Information


Security

1 Security as policy compliance.


2 Security as risk minimization.
We shall first consider Information Security from the viewpoint of
policies and compliance.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 53
Two common views of Information Security (and properties/goals) Security as policy compliance

Table of contents I

1 Motivation

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)


Security as policy compliance
Traditional security properties/goals
Security as risk minimization

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 54
Two common views of Information Security (and properties/goals) Security as policy compliance

Which actions are proper?

Computer security deals with the prevention and detection of improper


actions by users of a computer system.
One perspective is that given by software engineering.
Specify what your systems should do.
Design and implement systems that meet your specification.
In case of security, specification stipulates (in)acceptable system
behaviors.
Example (from Internet shopping): Any user may fill their
E-shopping cart, but only authenticated users may proceed to the
check out.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 55
Two common views of Information Security (and properties/goals) Security as policy compliance

Policy compliance as secure operation

For any system


Specification: What is it supposed to do?
Implementation: How does it do it?
Correctness: Does it really work?

In security
Specification: Policy
Implementation: Mechanism (employed in system)
Correctness: Compliance

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 56
Two common views of Information Security (and properties/goals) Security as policy compliance

Policy compliance in more detail

Security policy states what system behavior is, and is not, allowed.
Security mechanisms are used to enforce the policy,
Returning to analogy with correctness:

Formal Methods Security


Specification φ Security property φ
Program (or “Model”) P System P employing mechanisms
Correct: P |= φ Secure: P |= φ

Moreover, φ should hold for P in all malicious environments E,


roughly P||E |= φ.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 57
Two common views of Information Security (and properties/goals) Security as policy compliance

Formal Security Models


Separate what shall be achieved and how this is done.
How does the What shall
system operate? be achieved?
proof
system security
specification satisfies properties

Does the system meet


its requirements?
Formal specification with formal languages.
Semantics of languages allow for verification.
Rigorous validation with mathematical methods.
We will only see a few brief examples in this course (more in other
courses).
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 58
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Table of contents I

1 Motivation

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)


Security as policy compliance
Traditional security properties/goals
Security as risk minimization

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 59
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Traditional security properties/goals

Policies are often formulated to achieve certain standard security


properties (also called security goals).
Common security properties are CIA:
Confidentiality (Secrecy): No improper disclosure of information.
Integrity: No improper modification of information.
Availability: No improper impairment of functionality/service.
Note that:
(Im)proper must be specified individually, for each system.
Classical CIA emphasis arose in centralized military context.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 60
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Traditional security properties/goals (cont.)


Information Security is CIA. In other words:
Confidentiality: No unauthorized access to information.
Integrity: No unauthorized modification of information.
Availability: No unauthorized impairment of functionality.
Note that
“Information” includes data and programs.
CIA all deal with some form of
authorization (which requires some form
of authentication and access control).
Other security goals can (often) be seen
as special cases of CIA.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 61
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties/goals: confidentiality (i.e., secrecy)


Confidentiality information is not learned by unauthorized principals
A2ack&against&confiden:ality&(passive&a2ack)&

Internet&or&other&insecure&
communica/on&facility&

Alice& Bob&
Reads&contents&of&message&
from&Alice&to&Bob&

Charlie&(or&Eve)&
(an&a4acker)&
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 62
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties/goals: confidentiality (i.e., secrecy)


Confidentiality information is not learned by unauthorized principals
Confiden5ality&

Internet&or&other&insecure&
communica/on&facility&

Alice& X&Cannot&read&contents&of&message&
Bob&
from&Alice&to&Bob&

Charlie&(or&Eve)&
(an&a4acker)&
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 63
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Confidentiality

Example Email is not a letter

but rather a post card!

Threat Everyone can read it along the way!

Mechanism Network security, encryption, and access control

Challenges Key and policy management.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 64
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Confidentiality, privacy and anonymity


Information is not learned by unauthorized principals
Confidentiality is sometimes characterised as the unauthorized
reading of data, when considering access control measures. But
in general we are concerned with unauthorized learning of
information, which is more subtle to contend with.
Confidentiality presumes a notion of authorized party, or more
generally, a security policy saying who or what can access our
data. The security policy is used for access control.
Sometimes: privacy pertains to confidentiality for individuals,
whereas secrecy pertains to confidentiality for organizations,
such as commercial companies or governments. Privacy is also
sometimes used in the sense of anonymity, keeping one’s
identity private.
Example violations: your medical records are obtained by a
potential employer without your permission; a competitor steals
Coca Cola’s secret formula.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 65
Two common views of Information Security (and properties/goals) Traditional security properties/goals

More on privacy and anonymity


Privacy:
You choose what you let other people know.
Confidentiality of information that you don’t want to share.
Anonymity:
A condition in which your true identity is not known.
Confidentiality of your identity.
Anonymity(

Internet&or&other&insecure&
communica/on&facility&

?& ?&
Does&not&know&the&iden/ty&of&
the&sender&and&the&receiver&

Charlie((or(Eve)(
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 66
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties: integrity


Confidentiality information is not learned by unauthorized principals
Integrity data has not been (maliciously) altered

A.ack&against&integrity&(ac6ve&a.ack)&

Internet&or&other&insecure&
communica/on&facility&

Alice& Bob&
Modifies&message&
from&Alice&to&Bob&

Charlie&

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 67
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties: integrity


Confidentiality information is not learned by unauthorized principals
Integrity data has not been (maliciously) altered

Integrity&

Internet&or&other&insecure&
communica/on&facility&

X&
Alice& Bob&
Cannot&modify&message&
from&Alice&to&Bob&

Charlie&

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 68
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Integrity

Data has not been maliciously altered


Integrity has more general meanings elsewhere, but in computer
security we are concerned with preventing the possibly malicious
alteration of data, by someone who is not authorized to do so.
Integrity in this sense can be characterised as the unauthorized
writing of data. Again, this presumes a security policy saying who
or what is allowed to alter the data.
Example violation: an on-line payment system alters an electronic
cheque to read 10.000 Euro instead of 100 Euro.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 69
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Integrity

Example Email (or forms, records, ...)

Threat Unallowed modification/falsification

Mechanism Digital signatures and/or access control

Challenges PKI and policy management

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 70
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties
Confidentiality information is not learned by unauthorized principals
Integrity data has not been (maliciously) altered
Availability data/services can be accessed when desired
A.ack&against&availability&

Internet&or&other&insecure&
communica/on&facility&
X&
Alice& Bob&
Disrupts&the&communica/on&between&&
Alice&and&Bob&(e.g.,&disrupts&the&service&&
provided&by&a&server)&

Charlie&
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 71
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Availability
Data or services can be accessed in a reliable and timely way
Threats to availability cover many kinds of external environmental
events (e.g., fire, pulling the server plug) as well as accidental or
malicious attacks in software (e.g., infecting a system with a
debilitating virus).
In computer security we’re concerned with protecting against the
second kind of threat, rather than providing more general forms of
fault-tolerance or dependability assurance.
Ensuring availability means preventing denial of service (DoS)
attacks, insofar as this is possible. It’s possible to fix attacks on
faulty protocols, but attacks exhausting available resources are
harder, since it can be tricky to distinguish between an attack and
a legitimate use of the service.
Example violations: the deadly distributed DoS (DDoS) attacks
against on-line services; interfering with IP routing.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 72
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Availability

Example Communication with a


server

Threats Denial of service,


break-ins, ...

Mechanism Fire-walls,
virus-scanners, backups,
redundant hardware, secure
operating systems, etc.

Challenges Difficult to cover all


threats (and still have a usable
system)

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 73
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties: accountability


Confidentiality information is not learned by unauthorized principals
Integrity data has not been (maliciously) altered
Availability data/services can be accessed when desired
Accountability actions can be traced to responsible principals

Accountability&

Internet&or&other&insecure&
communica/on&facility&

Alice& Bob&
“I&sent&the&message”& “I&received&the&message”&

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 74
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Accountability

Actions are recorded and can be traced to the party responsible


If prevention methods and access controls fail, we may fall back to
detection: keeping a secure audit trail is important so that actions
affecting security can be traced back to the responsible party.
A stronger form of accountability is non-repudiation, when a party
cannot later deny some action.
Creating an audit trail with machine logs is a tricky problem: if a
system is compromised, the logs may also be tampered with.
Ways around that problem are to send log messages to an
append-only file, a separate server, or even a physically isolated
printer.
Example violation: an audit trail is tampered with, lost, or cannot
establish where a security breach occurred.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 75
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties: non-repudiation


Confidentiality information is not learned by unauthorized principals
Integrity data has not been (maliciously) altered
Availability data/services can be accessed when desired
Accountability actions can be traced to responsible principals
Non-repudiation actions done cannot be denied
Non$repudia,on-

Internet&or&other&insecure&
communica/on&facility&

-------------------Alice- ----------Bob-
- -
“I&did&not&send&the&message”& “I&did&not&receive&the&message”&

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 76
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties: authentication


Confidentiality information is not learned by unauthorized principals
Integrity data has not been (maliciously) altered
Availability data/services can be accessed when desired
Accountability actions can be traced to responsible principals
Authentication principals or data origin can be identified accurately
A*ack&against&authen3ca3on&

Internet&or&other&insecure&
communica/on&facility&

Alice& Bob&
Masquerades&as&
Alice&to&Bob&

Charlie&
“Hi,&I&am&Alice”&
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 77
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Authentication
Data or services available only to authorized identities
Authentication is verification of identity of a person or system.
Some form of authentication is a pre-requisite if we wish to allow
access to services or data to some people but deny access to
others, using an access control system.
Methods for authentication are often characterised as:
something you have, e.g. an entrycard,
something you know, e.g. a password or secret key, or
something you are, e.g. a fingerprint, signature, biometric.
Also, where you are may be implicitly or explicitly checked.
Several methods can be combined for extra security.
Examples of violation: using cryptanalysis to break a
cryptographic algorithm and learn a secret key; purporting to be
somebody else (identity theft) by faking email, IP spoofing, or
stealing a private key and signing documents.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 78
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Authentication

Example

Threats Misuse of identity

Mechanisms
Individuals: who one is, what one has, or what one knows.
Processes, Data: cryptographic protocols, digital signatures,
etc.

Challenges authentication hardware/mechanisms, protocol


design/analysis, PKIs

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 79
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Authorization

Example Access to data, processes, networks, ...

Threats Unauthorized access of resources

Mechanisms Declarative and programmatic control mechanisms

Challenges Policy design, integration, and maintenance

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 80
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security properties

Confidentiality information is not learned by unauthorized principals


Integrity data has not been (maliciously) altered
Availability data/services can be accessed when desired
Accountability actions can be traced to responsible principals
Authentication principals or data origin can be identified accurately

Usually we want to protect all properties in specific ways. Different


mechanisms may be used to provide protection, but from the start we
must realise that security is a whole system issue. The whole
system is used in the most inclusive sense: software, hardware,
physical environment, personnel, corporate and legal structures.
Usually we will be more restrictive, and security evaluation standards
like Common Criteria (see below) are deliberately so, to allow
comparison between different security solutions.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 81
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Properties versus policies versus mechanisms

Distinction is fuzzy!
Properties generally high-level and abstract.
Policy may just be the conjunction of different properties.
Alternatively, policy may be more low-level and operational,
e.g., comprised of rules like “strong passwords should be used”.
Mechanisms are concrete, e.g., implementation components.
Analogy with correctness: specifications at different abstraction
levels ranging from “what” (behavior) to “how” (design/code).
Boundary with other non-security properties also fuzzy.
Functional correctness: system behaves “properly”.
Reliability: no accidental failures, even in adverse circumstances.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 82
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Example security policy

A bank may require


authenticity of clients (at teller, ATMs, or on the Internet)
non-repudiation of transactions
integrity of accounts and other customer data
secrecy of customer data
availability of logging
The conjunction of these properties might constitute the bank’s
(high-level) security policy.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 83
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Another example: e-voting

An e-voting system should ensure that


only registered voters vote
each voter can only vote once
integrity of votes
privacy of voting information (only used for tallying)
availability of system during voting period
In practice, many policy aspects are difficult to formulate precisely.
Other examples: protection against email flooding/spam and
monitoring of, and reaction to, suspicious behavior.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 84
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Privacy in Voting Systems: two examples

George Caleb Bingham’s “The County Election” (1852), pictures the


American democratic system in progress. The story takes place in a
small Midwestern town in the mid-nineteenth century, when the rituals
of voting were still taking shape, particularly on the frontier.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 85
Two common views of Information Security (and properties/goals) Traditional security properties/goals

In this crowded composition, Bingham suggests the inclusiveness of a democracy with representatives of every age and social

stratum — except, of course, African Americans, who would not enjoy the right to vote until after the Civil War, and women, whose

right to participate would not be recognized for another seventy years. The painting reveals other irregularities in the electoral

system that would not be tolerated today. Because there was no system of voter registration, the man in red at the top of the

courthouse steps swears on the Bible that he hasn’t already cast a vote. Because there was no secret (or even paper) ballot, a

voter calls out his choice to the election clerks behind the judge, who openly record it in a ledger. Because there were no

restrictions on electioneering, the well-dressed gentleman behind the voter — evidently one of the candidates – is free to hand his

card to citizens just before they cast their vote. Yet none of this appears to dull the spirit of the voting process.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 86
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Privacy in Voting Systems: two examples

Landsgemeinde (“cantonal assembly”) still practiced in 2 Swiss


cantons: eligible citizens meet on a certain day in the open air to
decide on laws and expenditures by the council, voting by raising their
hands (historically, or in Appenzell until the admission of women, the only
proof of citizenship necessary for men to enter the voting area was to show
their ceremonial sword or Swiss military sidearm, i.e. bayonet).
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 87
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Security mechanisms (or countermeasures)

We will consider how different mechanisms can be used to achieve


goals in the face of threats, and what some of the challenges are.

Challenge: employing adequate mechanisms and demonstrating that


the resulting system is secure.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 88
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Protection countermeasures
Prevention. We try to prevent security breaches by system design
and employing appropriate security technologies as defences. For
example, using a firewall to prevent external access to corporate
intranets. Prevention is the most important protection measure.
Detection. In the event of a security breach, we try to ensure that
it will be detected. This is particularly pertinent in computer
security, where "theft" of a file does not imply denial of access for
the owner. Logging and MACs (file hashes to detect alteration) are
primary methods of detection, although intrusion detection
systems which actively watch for intruders are becoming more
common.
Response. In the event of a security breach, we should have
some arrangement in place to respond or recover the assets.
Responses range from restoring backups through to informing
appropriate concerned parties or law-enforcement agencies.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 89
Two common views of Information Security (and properties/goals) Traditional security properties/goals

Summary: security as policy compliance

Policy/goal oriented view of security, e.g., CIA.


Definitions themselves don’t give rise to a “security process”
How do we define policy, analyze threats, come up with
mechanisms, demonstrate adequacy of mechanisms, identify
tradeoffs and costs, ... ?
How difficult is the correctness question P||E |= G?
What constitutes E in practice?
And does P behave as expected? Under what assumptions?
Suggested reading: Ken Thompson’s Reflections on Trusting
Trust, Turing Award Lecture 1984 (but still very much actual).

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 90
Two common views of Information Security (and properties/goals) Security as risk minimization

Table of contents I

1 Motivation

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)


Security as policy compliance
Traditional security properties/goals
Security as risk minimization

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 91
Two common views of Information Security (and properties/goals) Security as risk minimization

Let us suppose ...

You are the Chief Security Officer for a major bank.


Your IT department offers an array of services: internal, between
banks, and to the customer (Internet banking).
Your main task is to design a process and implement mechanisms
for securing this infrastructure.
So how do you proceed?

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 92
Two common views of Information Security (and properties/goals) Security as risk minimization

Information Security as risk minimization


Owners
to reduce wish
to
impose minimize
countermeasures
that may be
reduced by
that may possess value
vulnerabilities

that
Threat agents exploit
leading to
risk to
give rise to that increase
threats
to
assets
wish to abuse and/or may damage

Source: Common Criteria.


Classification depicts fundamental concepts and
interrelationships.
Policy (here implicit) defines authorized actions on assets, i.e.,
what constitutes abuse.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 93
Two common views of Information Security (and properties/goals) Security as risk minimization

Information Security as risk minimization (cont.)

Security concerns the protection of assets from threats.


Threats are the potential for abuse of assets.
Owners value their assets and want to protect them.
Threat agents also value assets, and seek to abuse them.
Owners analyse threats to determine which ones apply; these are
the risks that can be costed. This helps the selection of
countermeasures, which reduce the vulnerabilities.
Vulnerabilities may remain leaving some residual risk; owners
seek to minimise that risk, within other constraints (feasibility,
expense).
NB: The Common Criteria regards threats related to malicious or
accidental human activities; usually we focus on malicious activity.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 94
Two common views of Information Security (and properties/goals) Security as risk minimization

Owners
Information Security impose
countermeasures
to reduce wish
to
minimize
that may be
as risk minimization (cont.) that may possess
reduced by
value
vulnerabilities

that
Threat agents exploit
leading to
risk to
give rise to that increase
threats
to
assets
wish to abuse and/or may damage

Focus on risks from vulnerabilities and their exploitation.


Risk = chance of abuse × impact.
Employ countermeasures where most cost-effective.
Central notion is that of risk.
In contrast, policy is only implicit in determining what constitutes
abuse, i.e., which actions on assets are unauthorized.
Let us first consider typical threats and vulnerabilities and after the
essence of risk reduction approaches.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 95
Two common views of Information Security (and properties/goals) Security as risk minimization

Threat agents
In increasing order of severity
Employees making unintentional
blunders.
Hackers driven by technical
challenge.
Disgruntled employees or customers.
Criminals interested in personal gain.
Organized crime interested in
financial gain.
Organized terrorist groups.
Foreign espionage agents.
Information-warfare operations
intended to disrupt weapons or
command structures. or ?

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 96
Two common views of Information Security (and properties/goals) Security as risk minimization

Threats

Confidentiality Interception Unauthorized party gains access


to data or services
Integrity Interruption Service or data becomes
unavailable or unusable
Availability Modification Unauthorized tampering of
data or services
Fabrication Generation of additional
data or activities
Common objectives include: publicity, fraud, theft of intellectual property,
destruction, and invasions of privacy as well as intermediate goals such as
stealing a password or establishing a backdoor.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 97
Two common views of Information Security (and properties/goals) Security as risk minimization

Vulnerabilities

A vulnerability is a weakness that can be exploited by a threat


(attack) to cause damage.
Vulnerabilities often result from interaction in uncertain or hostile
environments.
Physical environment: e.g., laptop in enemy hands.
Network environment: Internet.
Software environment: OS, drivers, mobile code, plugins, ...
Trend is towards increasing vulnerabilities.
Open infrastructures, distributed administration, importance of
quick time-to-market, software/hardware monocultures.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 98
Two common views of Information Security (and properties/goals) Security as risk minimization

What kinds of vulnerabilities exist in practice?

Top Vulnerabilities to UNIX Systems:


1 BIND Domain Name System
2 Web Server
3 Authentication
4 Version Control Systems
5 Mail Transport Service
6 Simple Network Management Protocol (SNMP)
7 Open Secure Sockets Layer (SSL)
8 Misconfiguration of Enterprise Services NIS/NFS
9 Databases
10 Kernel

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 99
Two common views of Information Security (and properties/goals) Security as risk minimization

What kinds of vulnerabilities exist in practice?


Here are some examples (but there are much more):
OWASP Top Ten
(Open Web Application Security Project, www.owasp.org)
A1: Injection
A2: Broken Authentication and Session Management
A3: Cross-Site Scripting (XSS)
A4: Insecure Direct Object References
A5: Security Misconfiguration
A6: Sensitive Data Exposure
A7: Missing Function Level Access Control
A8: Cross-Site Request Forgery (CSRF)
A9: Using Components with Known Vulnerabilities
A10: Unvalidated Redirects and Forwards
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 100
Two common views of Information Security (and properties/goals) Security as risk minimization

Authentication vulnerabilities — some details


Passwords, pass phrases and/or security codes are used in virtually
every interaction between users and information systems. Since
properly authenticated access is often not logged, or if logged not
likely to arouse suspicion, a compromised password is an opportunity
to explore a system virtually undetected. Despite this threat, user and
administrator level accounts with poor or non-existent passwords are
still very common. As well, organizations with a well-developed and
enforced password policy are still uncommon. The most common
password vulnerabilities are:
1 user accounts that have weak or nonexistent passwords;
2 user accounts with widely known or openly displayed passwords;
3 system or software created administrative level accounts with
widely known, weak, or nonexistent passwords; and
4 weak password hashing algorithms and/or user password hashes
that are stored with weak security and that are visible to anyone.
Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 101
Two common views of Information Security (and properties/goals) Security as risk minimization

SSL vulnerabilities — some details

The open-source OpenSSL library provides cryptographic support


to the applications that communicate over the network. It is a very
widely deployed SSL/TLS protocol implementation, and is used by
a large number of vendors. Many of the commonly used POP3,
IMAP, SMTP and LDAP servers also have their OpenSSL-based
counterparts.
Multiple vulnerabilities have been found in the OpenSSL library.
These vulnerabilities can be remotely exploited to execute
arbitrary code at the privilege level of the applications using the
OpenSSL library. In some cases, such as the “sendmail”, a
successful exploitation may yield root privileges.
Heartbleed! (See the vulnerability reports.)

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 102
Two common views of Information Security (and properties/goals) Security as risk minimization

Owners
Risk analysis and impose
countermeasures
to reduce wish
to
minimize
that may be
reduction steps that may possess
reduced by
value
vulnerabilities

that
Threat agents exploit
leading to
risk to
give rise to that increase
threats
to
assets
wish to abuse and/or may damage
Part I. Analysis of existing risks:
1. Identify assets you wish to protect.
What are the (information) assets and their functionalities?
2. Identify risks to these assets.
Requires understanding threat agents and their threats as
well as vulnerabilities.
Part II. Analysis of proposed security solution:
3. How well do proposed countermeasures reduce risk?
4. What other risks and tradeoffs do measures themselves
bring?

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 103
Two common views of Information Security (and properties/goals) Security as risk minimization

Example: protecting email

1. What are the information assets?


Possible answers: mail content (confidentiality, integrity),
sender/recipient identities, service availability, ...
2. What are the risks?
Others reading or tampering with your mail, observing with whom
you communicate, and disrupting service.
Chance of abuse depends on who you are, what you send, and
how interesting it is to others.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 104
Two common views of Information Security (and properties/goals) Security as risk minimization

Example: protecting email, analysis of a possible


solution

Evaluation of PGP as
a possible good solution:
3. Effectiveness: high provided it is used correctly.
4. New risks and tradeoffs:
Key exchange time consuming and requires some sophistication.
Users must learn, and properly apply, new mailer functionalities.
Conclusion: PGP is good solution for ensuring confidentiality of
sensitive information mailed between knowledgeable partners.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 105
Two common views of Information Security (and properties/goals) Security as risk minimization

Example: face scanning in airports

Since 9/11, face scanning and matching against databases of known


terrorists has been proposed to improve airport security.
1. What are the assets (information or otherwise)?
Air travelers and those on the ground.
2. What are the risks?
Terrorists will board planes and may cause harm.
3. Effectiveness: very low.
Suppose system positively identifies 50% of all known terrorists
but has 1% rate of false positives. Suppose there is one terrorist
per million. Then for every terrorist recognized, so are 20,000
innocent civilians. At this rate, the security personal will be
overwhelmed and stop believing the alarms.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 106
Two common views of Information Security (and properties/goals) Security as risk minimization

Example: face scanning in airports (cont.)

4. New risks and tradeoffs.


The face database must be secured. If integrity is not protected,
faces can be deleted. If confidentiality not protected, terrorists can
determine if they are in database and take appropriate actions
(e.g., send an accomplice or change appearance).
System may instill a false sense of security, lessening overall
security. Moreover, it involves high costs and inconvenience.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 107
Two common views of Information Security (and properties/goals) Security as risk minimization

Towards a risk-minimization process

The risk minimization approach is well established in practice and


has an associated process, involving some quantitative or
qualitative variant of above.
Process is also iterative as both vulnerabilities and mechanisms
change over time.
There a number of standard references useful for guiding this.
E.g., ISO 17799 (code of practice of Information Security
Management).
Learning risk analysis is an important part of security education.
Represents “best practice” as opposed to “best science”.
But security in practice is often the sum of many little details

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 108
Two common views of Information Security (and properties/goals) Security as risk minimization

Summary: goals, threats, and mechanisms

Two different views of security.


1 Minimizing the risk of abuse.
2 Building a system that meets a specification.
In practice, risk minimization is most commonly taken approach.
Formal approaches are gaining popularity for small to mid-sized
technical systems as well as for critical applications.
There are numerous challenging topics for research and
education under both views.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 109
Two common views of Information Security (and properties/goals) Security as risk minimization

Summary: goals, threats, and mechanisms (cont.)

Standard breakdown. Important for


analyzing system security
relative to a policy.
Designing adequate mechanisms
is challenging and careful
“screening” is not enough.
History is full of examples of “security breaches” due to poor
“security screening”.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 110
Conclusions

Table of contents I

1 Motivation

2 What is Information Security?

3 Dramatis personae of cryptography and information security

4 Two common views of Information Security (and properties/goals)

5 Conclusions

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 111
Conclusions

Conclusions
Security is an enabling technology.
Security is power! E.g., in e-government:
IT processes are used to model and realize government
processes. The ability to access and modify data/processes is
equal to the ability spy on the most private details of government
and its citizens as well as to change the working of the
government itself!
Security is interdisciplinary
IT Security
Legal Context Business Processes
Distributed Computing Formal Methods Software Engineering
Networks Cryptography Operating Systems

and therein lies, in part, the challenge, excitement, and reward!


Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 112
Conclusions

Additional bibliography

Ross Anderson. Security Engineering: A Guide to Building Dependable


Distributed Systems, Wiley, 2001.
Matt Bishop. Computer Security (Art and Science). Pearson, 2003.
Dieter Gollmann. Computer Security. Wiley, 2000.
Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security:
Private Communication in a Public World, Prentice Hall, 2002.
John Viega and Gary McGraw. Building Secure Software.
Addison-Wesley, 2002.

Luca Viganò (King’s College London) Cryptography and Information Security Lecture 1, First term 2015/16 113

You might also like