Data Security and Cryptology, II

Common Ways to Secure Digital Data.

Security Threats, Classification

Data Security and Cryptology, II

Common Ways to Secure Digital Data.

Security Threats, ClassificationSeptember 10th, 2014

Valdo Praust 

mois@mois.ee

Lecture Course in Estonian IT CollegeAutumn 2014 

  

September 10th, 2014

Valdo Praust 

mois@mois.ee

Lecture Course in Estonian IT CollegeAutumn 2014 

  

What We Protect: Information What We Protect: Information Information (informatsioon, teave) – a knowledge concerning any objects, such as facts, events, things, processes or ideas, which have a special meaning in certain contexts

The concept “information” is heavily related to the more general concept – knowledge. It assumes that there is a fact whis is known (an object), and the person who knows the fact (the subject)

Information itself does not have the practical shape. The practical shape of information will occure when we also consider the practical representation of information (and then it is called - data)

Information itself does not have the practical shape. The practical shape of information will occure when we also consider the practical representation of information (and then it is called - data)

What We Protect: DataWhat We Protect: Data

Data are always the presentation of information, usually in a pre-agreed form (which allows to transfer the information beared by the data from one subject to another)

The same data can be interpreted differently by the different subjects having a different background (for example, “hallitus” in Estonian and in Finnish)

Data (andmed) – reinterpretable formalized representation of an information in such a form which is suitable for transfer, processing and/or interpretation

Data (andmed) – reinterpretable formalized representation of an information in such a form which is suitable for transfer, processing and/or interpretation

Data FormatData Format

Data format (andmevorming, vorming) — a desciption how different type of information – text, picture, voice, video etc – is coded into the queue of 0’s and 1’s

A pre-agreed (standardised) data format gives to data (to data file) a concrete and unique meaning. If we have data but do not have the data format desciption, then we do not have the information, carried by the data

A pre-agreed (standardised) data format gives to data (to data file) a concrete and unique meaning. If we have data but do not have the data format desciption, then we do not have the information, carried by the data

From Data Format to MeaningFrom Data Format to MeaningDifferent data formats are supported by a different application software which usually allow to write the file in certain format, or to made the content of data (information) human-perceptable etc.

Different data formats are supported by a different application software which usually allow to write the file in certain format, or to made the content of data (information) human-perceptable etc.

A typical end-user usually don’t know anything about different data formats and interpretation. He/she usually associates the certain format only to the certain software which is able to interpretate these format(s).

End user usually receives only an human-perceptable form, prepared by the software, so-calles WYSIWYG (What You See Is What You Get, in Estonian adekvaatkuva)

Necessity of Data Security

If we possess (or process) the data then the information carried by the data has always value for us (for our business process). It does not depend either the infomation is represented by the digital nor by the paper-based data

Information security (infoturve) or data security (andmeturve) is a discipline concerning the maintaining these values/properties of information (performed in practice by the maintaining the properties of data)

Information security (infoturve) or data security (andmeturve) is a discipline concerning the maintaining these values/properties of information (performed in practice by the maintaining the properties of data)

Components of Information Security

Infortmation security (infoturve) or data security (andmeturve) is a complex concept consisting of following three properties (goals):• information availability (käideldavus)• information integrity (terviklus)• information confidentiality (konfidentsiaalsus)

Infortmation security (infoturve) or data security (andmeturve) is a complex concept consisting of following three properties (goals):• information availability (käideldavus)• information integrity (terviklus)• information confidentiality (konfidentsiaalsus)

These three properties – called branches or goals of secrity – must be maintained for all information/data items we possess

About Different ConceptsThe following four concepts:

• information security (infoturve)

• information protection (infokaitse)

• data security (andmeturve)

• data protection (andmekaitse)

are widely taken synonyms

It’s mainly a question about traditions and culture where we use which concept. For example in Europe the concept data protection is often used in a context of protection of personal data (isikuandmete kaitse)

It’s mainly a question about traditions and culture where we use which concept. For example in Europe the concept data protection is often used in a context of protection of personal data (isikuandmete kaitse)

Data Availability

Data availabilty (andmete käideldavus) is a timely and convenient access and usage of information carried by the data for all authorized persons and other entities

Data availabilty (andmete käideldavus) is a timely and convenient access and usage of information carried by the data for all authorized persons and other entities

Availability is the most important component of data security – the worst thing which must be happened is that data are no more available for the subjects which need them during business process (maybe destroyed forever)

Data IntegrityData integrity (andmete terviklus) is a ensuring that data are originated (information was stored into the data) by a certain source and haven’t been altered (both by an accident or by a deliberate act or by the fake)

Data integrity (andmete terviklus) is a ensuring that data are originated (information was stored into the data) by a certain source and haven’t been altered (both by an accident or by a deliberate act or by the fake)

Integrity are the second important security branch (by the availability)

In the business process we usually assume that the data are firmly related to the creator/source of the data, creation time etc

Data Confidentiality

Data confidentiality (andmete konfidentsiaalsus ehk salastatus ehk salastus) is the availability of the information, carried by the data, only by the authorized subjects (and strict non-availability for other subjects)

Data confidentiality (andmete konfidentsiaalsus ehk salastatus ehk salastus) is the availability of the information, carried by the data, only by the authorized subjects (and strict non-availability for other subjects)

In a pre-comuter world it was the only brach of data (information) security

Security of Data vs IT Assets Security of data (security of information beared by the data) is ensured by the securing the (IT) assets surrounding the data

Security of data (security of information beared by the data) is ensured by the securing the (IT) assets surrounding the data

IT assets include:• IT equipment (hardware, communication devices, power

supplies etc)• data communication channels• software (both system and application software)

but it also must include:• organization (its structure and operation)• personnel• data carriers (incl. documents)• infrastructure (buildings, offices etc)

Standard Model of Security Harming1. Threats (ohud) influence the data (via IT assets)

2. Threats use the vulnerabilities (nõrkused, turvaaugud) of IT assets or components of IT system

3. Threats with co-influence the vulnerabilites will determine the risk or security risk (risk, turvarisk)

4. When a certain risk realises, there will appear a security loss or security breach or security incident (turvakadu, turvarike, turvaintsident)

5. In order to minimize the risks there’s necessary to minimise vulnerabilities using safeguards of security measures (turvameetmeid)

Main Properties of Digital Data (from the security point of view)1. A great but indirect value of a data

(information): it’s very hard to measure it

2. Portativity: data which can be stored by the very small and easily movable carriers can possess a huge value for our business process

3. Possibility of avoiding the physical contact: the physical and virtual structures are usually very different

4. Disclosure of security losses especially for integrity and confidentiality losses

Relations Between Main Concepts

Security and Residual Risk

Instead of absolute security usually the concept acceptable residual risk by the business process ((äriprotsessi jaoks) aktsepteeritav jääkrisk) is used

NB! It does not matter how many safeguards we implement, we never achieve the absolute security. If we implement more safeguards we only minimise the probability that security (availability, integrity of confidentiality) will be harmed but it will never fall into zero

NB! It does not matter how many safeguards we implement, we never achieve the absolute security. If we implement more safeguards we only minimise the probability that security (availability, integrity of confidentiality) will be harmed but it will never fall into zero

An acceptable residual risk is a situation where the total price of all implemented safeguards is approximately equal to the forecasted total loss of security (measured by the amount of money)

Economical View of Data Security

Paper-Based Data SecurityAvailability is ensured by an appropriate preservation of data (conditions!) and by using suitable handling procedures (from people to people, record management rules)

Integrity is ensured by the physical shape of a document - data must be transferred to the paper sheet by the permanent method, document is equipped with handwritten signature of the creator

Confidentiality is ensured by the storing and transporting of document in a secure way

The common ways to achieve the availability, integrity and confidentiality (i.e. security) of digital data are very different from the above-presented. The most differece lies on usability of cryptograhy (which bases on mathemathics) as an essential tool

Peculiarities of Securing Digital Data• Cryptography is a very essential tool for achieving

both confidentiality and integrity. The metods for archiving confidentiality and integrity are completly different from the methods used in the paper document practice

• The essential part is an authentication (in a front of computer or information system) – ensuring for a technical device/entity, who is using it (which is usually followed by granting appropriate right for executing, reading, writing etc. access)

• Availability is often ensured by the network (Intrenet). Several distributed client-server systems are very wide-spread

The Role of Cryptography

This basic technique can be used:

• For ensuring the confidentiality – without the key it’s impossible to decipher the data, i.e. to get the information beared by the (encrypted) data

• For ensuring the integrity – without a special private key it’s impossible to change the data without the notice. It allows to associate the data with the certaing subjects (it also a basic principle of digital signature)

Encryption or enciphering (krüpteerimine, šifreerimine) is a technique where data are converted to the certain non-readable form. The converting process usually uses a special amount of data which are usually kept secret – a key (võti)

Availability of Digital Data

Main methods:

• regular backuping

• appropriatly working IT systems

• an appropriate digital record management system (digidokumendihaldus)

• transmitting of data via data networks (Internet)

 

Integrity of Digital DataThree main possibilities:

• To use a client-server technique and such a IT system able to logging who has created/changed different data. Mass-used, but has a very harmable security

• To tie the data carrier and data stored to it permanently together. It excludes all network-based application (and a good e-world)

• To use digital signature (digisignatuur, digiallkiri) in order to associate the digital data and their’ creator cryptographically (mathematically). It is a most secure way and an only way to use in enhanced-security (enhanced-integrity) systems

Confidentiality of Digital Data

Two different approches (used mixedly in practice):

• To store/transport the (uncrypted) data securely

• To encrypt the data and to handle the enrypted data as usual (public) data. Encrypting always adds an additional problem – a key management (võtmehaldus) problem

If the confidential information are transferred via the common network (network which wires aren’t physically secured) then the encryption must be always mandatory

What Are Security Threats?

A threat (oht) is an external potential violation of (information) security

A threat (oht) is an external potential violation of (information) security

A threat might be: • potentian violation of availability• potentian violation of integrity• potentian violation of confidentiality

A threat is always considered as an external influence, i.e. caused by the subjects and/or properties not involved in our information system (our IT assets)

Classification of Threats

(Security) threats can be classified:

1. By the harmable goal (availability, integrity, confidentiality)

2. By the source (by the which subject the potential harm is caused)

3. By the type of IT asset being harmed

4. By the importance of (potential) damage (how big it wil be)

Usually, the two first classifications are used in practice

1. Spontaneous or accidential threats (stiihilised ohud):• environmental threats (keskkonnaohud)• technical failures and defects (tehnilised

ohud ja defektid)• human threats and failures (inimohud)

2. Deliberate acts or attacks (ründed) which are characterized by a clear intentional (human) activity (selge tahtlik (inim)tegevus)

Threats Classification by the Source

Spontaneous or Accidential Threats

Spontaneous (accidential) threats (stiihilised ohud) can be caused by:

• the force majeure (vääramatu (looduslik) jõud), which can be both occasional (lightning, flooding) or regular (wearing, material fatigue, contamination etc)

• human failures (inimvead) which can caused by inadequate skills, negligence, mis-management, environmental factors etc

Peculiarities of Spontaneous Threats

Threats with the most serious consequences are usually several management and decision-making errors at all lifecycles (in the former cycles the results are usually stronger)

Practice (the available threat statistics) shows that the impact of the accidential (spontaneous) threats to IT assets is usually greater than an impact of several attacks. Unfortunately, this fact is often non-acknowledged

Practice (the available threat statistics) shows that the impact of the accidential (spontaneous) threats to IT assets is usually greater than an impact of several attacks. Unfortunately, this fact is often non-acknowledged

Environmental Threats

• lightning• fire• flooding• inappropriate temperature

and humidity• dust and contamination• electromagnetic

perturbations• mis- or non-operability of

external infrastructures

Technical Failures and Defects

• accident in IT infrastructure• hardware defects and failures• failures and disturbances of

connection lines (network(s))• defects and failures of data

carriers• defects and failures of security

means (devices)

Loss of staff (inimkaod):• illness• death• strike

Occasional events (juhuslikud äpardused):• mistakes during work operations• erasing and/or destroying of data/device

by an accident• false line connections

Human Threats and Failures

Attacks

Attacks or deliberate acts (ründed) are always based on humans who make a certain intended or deliberate action (sihilik tegevus) to harm the security goals (lead by a personal interest, private or state intelligence, hooliganism etc)

Attacks or deliberate acts (ründed) are always based on humans who make a certain intended or deliberate action (sihilik tegevus) to harm the security goals (lead by a personal interest, private or state intelligence, hooliganism etc)

Attacks are usually classified by the attack sources, attacking methods and attackable objects

Sources of Attack1. Authorized users of IT systems

Available stastics show that they are the most important source. Main motives:• providing illegal (financial) profit• revenge of hired/harried people• political / ideological

2. Intelligence (economical, state-based, military etc) agents

3. Crackers, often also mis-called hackers (kräkkerid, häkkerid) an increasing factor

4. Other (in Estonia mainly criminal element)

1. Instant contact with an attackable object (IT component/device, personal, infrastrcture etc)

2. Networks (mass-used for all client-server systems). The most common attacking way (channel)

3. Portable data carriers (memory sticks etc) – were historically important but during last years are again very actual

Attack Channels

• physical attacks• mis-use of resources• blocking of resources • interception (eavesdropping)• fabrication • system manipulation• attacks to security mechanisms• attacking software or malware

(ründe(tark)vara, pahavara, kahjurvara)

Attacks Classification by Methods

Physical Attacks

Important branches:• physical attack to

infrastructure (wires, antennas, power supplies etc)

• vandalism• unauthorized entering to

house/rooms/territory• theft • manipulation or destruction of

IT equipment or devices

Physical attacks (füüsilised ründed) harm mainly the availability and integrity

Physical attacks (füüsilised ründed) harm mainly the availability and integrity

Mis-use of Resources

Mis-use of resources (ressursside väärkasutus) may harm all goals of security - availability, integrity and confidentiality

Mis-use of resources (ressursside väärkasutus) may harm all goals of security - availability, integrity and confidentiality

More important examples:• unauthorized use of IT system• mis-use of user rights• mis-use of system administration rights• theft of telephone (or similar) service

Resourse misuse threat is extremly great during the conversion, maitenance, repairing and/or upgrading tasks performed by the external parties

Resourse misuse threat is extremly great during the conversion, maitenance, repairing and/or upgrading tasks performed by the external parties

In most of cases it means the blocking (denial) of services (teenusetõkestusrünne), for example:• overloading of network (branches)• mass-execution of tasks• filling of all disk space (quota)

Blocking of ResourcesBlocking of resources (ressursside blokeerimine) harms mainly the availability

Blocking of resources (ressursside blokeerimine) harms mainly the availability

Tme most common and known branch of it is a distributed denial of service (DDOS) attack (hajus ummistusrünne)

Tme most common and known branch of it is a distributed denial of service (DDOS) attack (hajus ummistusrünne)

Main branches:• voice interception in rooms (hidden

microphone, computer microphone, mal-using of smartphone etc)

• interception of telephone calls (both by interception of wires and modification of used devices)

• unauthorized reading or copying of stored data

Interception (Eavesdropping) Interception (infopüük), often also called to eavesdropping, is an attack to confidentiality by any unauthorized subject

Interception (infopüük), often also called to eavesdropping, is an attack to confidentiality by any unauthorized subject

Main branches (continue) :• reading of residual information

(jääkteave) from printer, copy machine etc

• eavesdropping of wires (with the analyzing the eavesdropped information with special equipment/software)

• unauthorized copying on data (carriers) during the transport, maitenance work etc)

• inappropriate deleting of data or destructing of data carriers with the subsequent unauthorized reading

Interception (Eavesdropping)

Examples:• playback of earlier recording messages (sõnumite

taasesitus) - passwords, bank transactions etc• masquerade attack (teesklusrünne) - equipping of

messages with false requisites (name, user name password, money amount etc)

• social engineering (suhtlemisosavus), “presenting of own people” by mail, phone, physically etc

• denial (salgamine) of getting or sending the message

Fabrication (Faking) Fabrication (võltsing), sometimes called also faking is the entering of faked items into system. Harms mainly integrity

Fabrication (võltsing), sometimes called also faking is the entering of faked items into system. Harms mainly integrity

System Manipulation

Manipulation (manipuleerimine) is the unauthorized changing of IT system. Harms mainly integrity, but also other goals

Manipulation (manipuleerimine) is the unauthorized changing of IT system. Harms mainly integrity, but also other goals

Examples:• manipulation of data or software (false data,

unauthorized changing of access rights or functionality etc)

• manipulation of lines• manipulation of data during transfer (via

vulnerabilites)• attack via service ports (when they are insufficiently

secured)

Main attacking objects are often authentication systems and cryptosystems, for example:

• systematic guessing of passwords (via password scanner etc)

• theft of passwords via keylogger• interception of of PIN-code• practical cryptranalysis of crytpoalghoritm or

-protocol

Attacks to Security Mechanisms… can harm all three goals of security. Harming level of depends of a concrete mechanism or/and architecture

… can harm all three goals of security. Harming level of depends of a concrete mechanism or/and architecture

… can be divided into three main branches:

• legal products with its documented features

• malware (pahavara, kurivara) -Trojans, viruses etc

• special programs for attacking the different security mechanisms (safeguards)

Attack Software

• logical bomb (loogikapomm)• Trojan Horse or Trojan (trooja

hobune)• worm (uss)• virus (viirus) • dropper (pipett): a programm

which install virus or Trojan

Classical Types of Malware

During last years the spread of different malware is heavily increased. It’s always very important to keep the anti-malware software and all application software up-to-date (last virus definitions, updates etc)

During last years the spread of different malware is heavily increased. It’s always very important to keep the anti-malware software and all application software up-to-date (last virus definitions, updates etc)