e-procurement for improving governance session 5: integrity protection of eprocurement systems a...
TRANSCRIPT
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Session 5:Session 5: Integrity Protection of Integrity Protection of
eProcurement systemseProcurement systems
A World Bank live e-learning event A World Bank live e-learning event addressing the design and addressing the design and
implementation of e-procurement implementation of e-procurement infrastructure infrastructure
E-Procurement for Improving GovernanceE-Procurement for Improving Governance
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance E-Procurement for Improving Governance E-Procurement for Improving Governance
Integrity Protection of e-Procurement Systems
In this session, you will review:
Security Issues in an eProcurement platform;
Risk Management - Confidentiality Integrity and Availability (CIA);
Integrity Protection – “must have” Security Mechanisms;
Integrity Protection – “must have” Security Controls;
Lessons learned from operating the Italian eProcurement System
Topics
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
An e-procurement system shares the same security issues of any electronic system
eProcurement Systems from a Security Perspective
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
In a eProcurement system, the higher the value or confidentiality of the transaction through the system, the higher the security level.
The security level will affect a number of security decisions:
• User identification - verification of use by unique user identification;
• Authentication - validation that the user’s identification belong to the user;
• Access control – managing who has access to the computer system;
• Integrity - verification that data does not change in any point of the process;
• Non-repudiation – ensuring that messages are sent and received by untended parties;
• Confidentiality - information is only accessible to those with authorized access.
eProcurement Systems Present a Multi-Faceted Security Problem
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
The level of security for a computer system is based on a number of different elements, from physical components to procedures and business processes.
Some components are technical (encryption) and some are non-technical (security policies).
The required level of security required will differ for each type of the system, based on the specific combination of business and security goals and requirements.
How to Choose the Right Security Level
Tool Security
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
All security controls, mechanisms, and safeguards are intended to address one or more of these principles, and
All risks, threats, and vulnerabilities are measured for their potential capability to compromise one or all of these AIC principles.
AIC Triads – Security Principles
Availability - The reliability and accessibility of data and resources to the authorized individuals in a timely manner
Integrity - ensuring that information and systems are not modified maliciously or accidentally
Confidentiality – ensuring that information is not disclosed to unauthorized subjects
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Risk Management and Analysis
Risk Management is the process of identifying and assessing risk, reducing it to an acceptable level, and implementing the right mechanisms to maintain that level.
There is no 100 percent secure environment. Every environment has vulnerabilities and threats to a certain degree.
Step 1Asset and
information value assignment
Step 1Asset and
information value assignment
Step 3Risk analysis
and assessment
Step 3Risk analysis
and assessment
Step 4Countermeasure
selection and implementation
Step 4Countermeasure
selection and implementation
Step 2Identify
vulnerabilities and threats
Step 2Identify
vulnerabilities and threats
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
• A vulnerability is a software, hardware, or procedural weakness that may provide an attacker an unauthorized access to resources within the environment.
• A threat is any potential danger to information or systems.
• A threat agent is the entity that takes advantage of a vulnerability.
• A risk is the likelihood of a threat agent taking advantage of a vulnerability and the corresponding business impact.
• An exposure is an instance of being exposed to losses from a threat agent.
• A countermeasure may be a software configuration, a hardware device, or procedure that eliminates a vulnerability.
Security Definitions
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Physical Controls: Facility protection, security guards, locks, monitoring, environmental controls, intrusion detection
Physical Controls: Facility protection, security guards, locks, monitoring, environmental controls, intrusion detection
Technical Controls: Logical access controls, encryption, security devices, identification and authentication
Technical Controls: Logical access controls, encryption, security devices, identification and authentication
Administrative Controls: Policies, standards, procedures, guidelines, screening personnel,
and security-awareness training
Administrative Controls: Policies, standards, procedures, guidelines, screening personnel,
and security-awareness training
Administrative, technical, and physical controls should work in a synergistic manner to protect the assets of eProcurement system
Top-Down Approach to Security
Company data and assetsCompany data and assets
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Cede Name Description C. I. A
M01 Configuration Data of environmental devices
Configuration data of (electric powre control, chilling equipment, smoke sensors, CCTV etc.) 50 200 400
M02 Configuration data Server Configuration Data (S.O. middleware, applications network devices etc.) 50 400 400
M03 Access Credential Server Credential (user-id e password) 400 400 400
M04 Asset Data Asset Data regarding devices (server, network devices, etc.). 50 400 400
M05 Backup data Configuration adn production data backup 400 400 400
M07 E-procurement data
Data regarding orders, users, Transaction, bid, tender etc. 400 400 400
Initial Risk Value = 6558 (before countermeasures)
Residual Risk Value = 924 (after countermeasures)
Target Risk Value = 723
Risk Analysis – A Real Case
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Digital Signature
Integrity Protection: “Must Have” Security Mechanisms
Encryption
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Encryption is the capability of hiding data in such way that its true form is not revealed unless the user has special information.
Usually in computing terms, this means that a “key” is provided to encrypt (hide) data or to decrypt (reveal) data.
Encryption
Symmetric encryption where K=K1=K2
Asymmetric encryption where K1≠K2
Many encryption systems deal with two types of encryption:
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Symmetric Decrypt
Symmetric Encryption
The same symmetric key is used by the receiver to decrypt the message.
The sender generates a random symmetric key and encrypts the message using it.
Advantage - Symmetric encryption is extremely fast
Disadvantage - How to securely transfer the secret key at the receiver’s site and keep it secure?
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Asymmetric encryption provides the ability to hide some information and then allow someone else access to the information but not allow that person to hide information using the same key
Asymmetric Encryption (Public Key Cryptography)
Disadvantage - Asymmetric encryption is slow. It involves a very computationally intense sequence of operations
Disadvantage - Asymmetric encryption is slow. It involves a very computationally intense sequence of operations
Advantage - With an asymmetric algorithm, the secret key (private key) is never to be transmitted; it always remains securely kept by its owner.
Advantage - With an asymmetric algorithm, the secret key (private key) is never to be transmitted; it always remains securely kept by its owner.
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
When a legal document is signed, all parties to the transaction act on certain basic assumptions regarding the signature:
– The signer intended to sign.– The signer is who he or she claims to be and is authorized to sign.– The signature is that of the signer and is unique to the signer.– The signature binds the signer to whatever the electronic
document states.– The document will not be changed once the parties have signed
it.– A signature on one document will not be transferred fraudulently
to another document.– The signer cannot later deny or repudiate the signature in an
attempt to invalidate his or her relationship to the document
Carrying these assurances in respect to e-signatures can be difficult.
Electronic Signatures for Electronic Documents
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Digital Signature Process
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Public Key Infrastructure
Certificate Authorities are Trusted Third Parties charged with the responsibility to generate trusted certificates for requesting individuals and organizations.
Certificates contain the requestors public key and are digitally signed by the CA
Before the certificate is issued, CA must verify the identity of the requestor. These certificates can then facilitate automatic authentication of two parties involved without the need for out-of-band communication.
Public Key Infrastructure (PKI) is an arrangement that binds public keys with respective user identified by means of a Certificate Authority (CA).
The user identity must be unique for each CA
For each user, the user’s identity, the public key, their binding, validity conditions and other attributes are made impossible to forge in public key certificates issued by the CA.
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Public Key Infrastructure
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Integrity Protection – “Must have” Security Control
Authentication and Access control
Separation of duties
Transaction Assurance
Logging
Integrity Protection
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
The precondition for access control is to make sure that the person or program requesting access is identified without doubt.
Authentication and Authorization
Something you know: Login procedures: user ID and
user secret (password)Susceptible to Password leaks • Commonly used
passwords• Explicitly told • Voluntarily • Trojan horse• Trial and error
Something you know: Login procedures: user ID and
user secret (password)Susceptible to Password leaks • Commonly used
passwords• Explicitly told • Voluntarily • Trojan horse• Trial and error
Something you have: Several subcategories, for
example Cryptographic smart cards:
• Store user’s digital certificate and/or private key
• Used to prevent private keys from being “hacked” from user’s computer
Something you have: Several subcategories, for
example Cryptographic smart cards:
• Store user’s digital certificate and/or private key
• Used to prevent private keys from being “hacked” from user’s computer
It is something that you are:
Biometrics (finger prints, iris scanning etc.)
It is something that you are:
Biometrics (finger prints, iris scanning etc.)
Common authentication mechanisms are based on:
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Authorization
Authorization is based on authentication.
What needs protection?
How to protect?
A Role is a set of permissions for individual protected resources.
Role Assignment is the set of permissions granted to a specific user that allows the user to execute a specific sensitive operation or to access a protect resource
Protected Resources
Sensitive Operations and Transactions
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Access control models are governed by the following principles:
•Default is No Access to ensure that no security holes go unnoticed.
•Need to know individuals should be given access only to the information that they absolutely require in order to perform their job duties
– Discretionary access control (DAC)
– Mandatory access control (MAC)
– Role-based access control
•Logging - Whatever access controls are in place, all access (successful or failed) to sensitive data must be logged.
Access Control Model
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Separation of duties refers to a type of administrative control that prevents a single individual from initiating and approving a material eProcurement transaction.
Ideally, digital systems would be engineered to provide a higher level of control than is possible with manual processes, but in practice, the opposite usually happens.
Today's best-practice model is to use role-based access control (RBAC), an operational model for the implementation of privileges in a complex environment.
Separation of duties is essential for control over e-procurement processes and transactions.
Separation of Duties – What and Why
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Separation of Duties – How
Five major steps are necessary to create and manage a robust and auditable responsibility
control infrastructure that can ensure that users have the necessary access to data
elements, without having too much access:
Process mapping
Risk assessment of processes
Role and rule definition
User authentication
Ongoing role maintenance
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
Transaction Assurance
Transaction Authentication
uses an electronic signature to provide transaction
verification.
Transaction Verification
Data integrity — Protecting against unauthorized changes to the transaction by ensuring that changes to data are detectable.
Data origin authentication — Verifying that the identity of the user submitting the transaction is as claimed. Hence, data origin authentication implicitly authenticates the user.
Digital Signature — based on a public-key cryptography
Message Authentication Code (MAC) — based on secret-key cryptography
Transaction assurance refers to a process that helps ensure the reduction of fraud and mitigates a risk of unauthorized access by using a variety of data integrity and non-repudiation technologies.
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
This can help to:• Increase enterprise incident response
capabilities by providing situational awareness;
• Provide security information management for long-term trending, analysis and regulatory compliance.
Logging
To ensure the confidentiality, integrity and availability of
eProcurement data, a log management tool must be
adopted to:
Automate the collection and consolidation of log data
Automate event log data analysis and report generation
Perform basic event management
Monitor login attempts and report discrepancies
Identify and respond to privacy and security incidents
<Back |Next> <Back |Next>
E-Procurement for Improving Governance E-Procurement for Improving Governance
• Secure by design – each component is designed keeping in mind the potential weaknesses and deploying the necessary safeguards.
• Identity proofing of users is based on a registration process (online and out-of-band control) by which the system uniquely identifies a person before “provisioning an identity”.
• Processes (e.g. framework agreement) are designed according to the “separation of duties” principle.
• Planned vulnerability and security assessments (every six months).
• Each major change (in both application layer and technical layer) is evaluated against the AIC triads, and residual risks are documented.
• Logs are analyzed monthly for unexpected behaviours and activities (e.g. nightly access peaks from other countries).
• Applicability of Security Alerts from CERT are evaluated on a monthly basis and security patches are applied if suitable.
Security of an eProcurement Platform