Cyber Security Exam 2
0 likes813 views
The document discusses covert channels and side channels. It defines covert channels as communication channels that were not intended for information transfer, while side channels leak implementation details. It notes covert channels may require cooperation while side channels do not. The document also discusses how protection models can convert a side channel to a covert channel, or vice versa, by changing the scope of the model.
![Submitted By: Prosunjit Biswas (@01232785)
1. Difference between Covert Channel & Side Channel:
In the simplest definition, ‘A communication channel is covert if it is neither designed nor intended to
transfer information at all’ [1]. A more compelling definition appears as – ‘Given a security model M and
its interpretation I(M) in an operating system and any potential communication between two
subjects I(Sh) and I(Si) of ((M) is covert only if the communication between the subjects Sh and Si of the
model of M is illegal in M’ [2].
On the other hand, “Side channel leaks
S Subjects
implementation-specific characteristics to
S
i
d
i recover the secret parameters involved in
d
e
e the computation and specific to given
C
C implementation.”[3] Figure 1. shows the
h
h
a …….. : a
position of covert channel and side
n convert
n channel
n channel in a system.
n
e Projection Model e
l
l Fig 1: Side channel & Covert channel.
Environment Side Effect (Heat, Sound, Power etc)
i) Covert channel is created inside a protection model where either that channel was not identified
or not intended for communication where as side channel stays outside the protection model
based on the side effect of the model with the environment (ex: electromagnetic emission).
ii) Covert channel may require cooperating sender and receiver where as side channel do not require
sender.
Conversion between Covert channel and Side channel: As shown in figure 1b, we can convert side-
channel into covert channel and vice versa.
M We see that for model M1, C1 is side channel
o Information Leaking
d because it stays outside the model but if we
C1 Side channel for M1 / Covert channel for M2
e build another protection model M2 including
l
Protection M1, then C1 becomes the Covert channel for
M Model (M1)
M2 by leaking information from a subject in M1
2
to other subject outside m1. Thus by changing
the protection model from M1 to M2 we can convert between side channel into covert channel. Similarly,
we can do the opposite.
Fig 1b: Conversion between side & Covert Channel
References:
[1] B.W. Lampson, "A Noto on the Confinement Problem," Communications ACM 16 (1973). 613-615.
[2] C. Tsai and V. D. Gligor, "A Bandwidth Computation Model for Covert Storage Channels and its Applications,"
IEEE Symposium on Security and Privacy, 1988.
[3] F.-X. Standaert. Introduction to side-channel attacks. In I. M. Verbauwhede, Secure Integrated Circuit.2009
I have not taken any help on this examination from anybody and have not given any help to
anybody.](https://image.slidesharecdn.com/takehomeexm2-120521123522-phpapp02/85/Cyber-Security-Exam-2-1-320.jpg)
![2. Intrusion Detection & Intrusion Prevention System:
Although both Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) analyze
the traffic and work based on different predefined rules, there are fundamental differences on how
data they work and on action they can take. Figure 2. Shows the scope of both system in some
great details.
Fig 2: Breakdown of Intrusion Detection and Intrusion Prevention System
Differences:
i) IPS works with real traffic which means that the traffic, if allowed, is feed to real devices
where as IDS works with the copy of the data, in the sense that even if we have IDS
setup to update firewall with blocking rules, the initial attack packet has already gone
through.
ii) IDS is a passive device only used for loging/reporting purpose where as IPS acts as an
active device which can terminate network connection or user sessions based on the need
of IPS system.
Implications of Base-rate fallacy on IPS:
Similar to the base-rate fallacy in IDS, IPS effectiveness depends on how we can improve false alarm
rate. If we use an IPS with high false alarm rate, eventually it will hurt system performance badly by
filtering / stopping legitimate traffic. So, the impact of base rate fallacy on IPS is much more critical than
its impact on IDS.
Reference:
[1] S. Axelsson. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proceedings of
the 6th ACM Conference on Cornpurer and Communications Securiry,1999.
[2] “IDS vs IPS”, available at : http://blog.inetu.net/2011/02/intrusion-detection-or-prevention-ids-vs-ips/
[3] “IDS vs IPS”, available at : http://www.focus.com/fyi/ids-vs-ips/
I have not taken any help on this examination from anybody and have not given any help to
anybody.](https://image.slidesharecdn.com/takehomeexm2-120521123522-phpapp02/85/Cyber-Security-Exam-2-2-320.jpg)
![3. Continuous enforcement ensures that the control on a resource stays even after access to that resource
is given to a user. Thus, it is required to monitor consumption of the resource or subsequent request for
consumption so that it does not violate the policy under which access was granted. In the following
model, I am not considering how the resource is consumed which is very inflexible to monitor in real
situation. This model tries to provide continuous enforcement where continuous requests for a resource
are made and each request has some side effect in the system. Fig. 3a. gives a general model for
continuous enforcement while fig. 3b is specialized model for video streaming service provider.
I
S n
G
S e s
r
r t Customer
e Customer a
Mutable System States a status: {New,
r v Balance, n
Attributes base on n reliable,
v i Trust, t
attributes t Unreliable,
i c History
trustworthy} /
c e S
e D
t
e
r
G n
Condition e 1.Prefer
r y
R Application a trustworthy
Enforcem ent / a 1.Sufficient
e Level Policy m Customer,
Access Control Balance ? S
q t 2. Prefer
2. More cond. ? t
u n R customer with r
e / e more balance a
s D q
Update M utable Attributes based Per m
t e u Update balance, history etc. based Per
Request Processing i
n e Request Processing n
y s
g
General Enforcem ent System(each t
Enforcement System for Online video
Service request goes through this
Stream Provider
system )
Fig 3a: General Model for continuous Enforcement Fig. 3b: Continuous enforcement model
for video streaming service Provider.
Here we assume that each request is going through the enforcement model. The model has mutable
attributes which define the current state (and all possible states) for the system. The condition
enforcement diamond in fig 3a. ensures that any violation of system policy will be detected and any
further service request will be ignored in such violation cases.
For a specific application, I have considered a video streaming service provider where each customer
should have some balance, some trust worthiness, and/or balance history to get service. Possible state /
status for a customer are new, reliable, unreliable etc. A future request will be allowed or denied based on
which state the customer is currently in as well as on the policy of the system some of which are
enumerated in figure 3b.
References:
[1] Jaehong Park and Ravi Sandhu. The UCON_ABC Usage Control Model, ACM Transactions on Information and
System Security, Volume 7, Number 1, February 2004, pages 128-174.
[2] Jaehong Park, Ravi Sandhu and Yuan Cheng, ACON: Activity-Centric Access Control for Social Computing. In
Proceedings 5th International Conference on Availability, Reliability and Security (ARES)
I have not taken any help on this examination from anybody and have not given any help to
anybody.](https://image.slidesharecdn.com/takehomeexm2-120521123522-phpapp02/85/Cyber-Security-Exam-2-3-320.jpg)
![4. The Good Part and Bad Part:
In this paper the authors have nicely identified the scope of their work by identifying the fact that
although there exists de-facto standard for confidentiality and integrity for online banking, there is no
standard scheme for authentication and non-repudiation. Then they presented two solutions for achieving
authentication and non-repudiation. While they have engineered fairly technical solutions, the way they
have presented them is not quite comprehensible and the article would have required more technical
representation and technical analysis of their claim. For example, their approach for certificate-based
solution should be more distinct in the sense what already exists and what they are proposing. The authors
should have also shown attack scenarios that are possible in existing approached but not possible when
their proposed solution is deployed.
Something I have learned from the paper:
In order to protect man-in-the-middle (MITM) attack, this paper has proposed a short time password
scheme based on hardware generated token. Eventually, they have transferred the defense against secret
key tampering on an offline hardwired device (smart card) which is interesting to learn. I have also come
to know about the security concern and measurements for online banking ( for both online & offline )
from this and other papers I have read for answering the question.
Weakness of the paper:
The authors have identified and provided solution for issues like authentication, confidentiality, Integrity
and non-repudiation. But today there exists more sophisticated attack than MITM or SSL certificate
tempering among which MITB (Man-in-the-Browser) is worth to mention. So, they did not cover these
types of client browser specific attacks (ex: XSS, XSRF and many others) although they have brought up
this issues in another paper[4]. It is also reported that [3] a special, dedicated hardware device like smart
card and card reader(additionally other equipments) for online banking may potentially hurt customer
experiences caused by the limited portability of the hardware device.
References:
[1] Read the paper: Hiltgen, A., Kramp, T. and Weigold, T., “Secure Internet banking authentication.” IEEE
Security & Privacy, vol.4, no.2, pp.21-29, March-April 2006.
[2] Shoji Sakurai, Shinobu Ushirozawa, "Input Method against Trojan Horse and Replay Attack "Information
Theory and Information Security (ICmS), pp.3S4-3S9, Jan 2010.
[3] A. Vapen and N. Shahmehri. “Security levels for web authentication using mobile phones.” PrimeLife/IFIP
Summer School Post-proceedings, Springer, 2011 (In Press).
[4] Oppliger, R.; Rytz, R.; Holderegger, T.; “Internet Banking: Client-Side Attacks and Protection Mechanisms.”
Computer (IEEE), 2009, Vol. 42 , No. 6, pp. 27-33.
I have not taken any help on this examination from anybody and have not given any help to
anybody.](https://image.slidesharecdn.com/takehomeexm2-120521123522-phpapp02/85/Cyber-Security-Exam-2-4-320.jpg)
Cyber Security Exam 2
- 1. Submitted By: Prosunjit Biswas (@01232785) 1. Difference between Covert Channel & Side Channel: In the simplest definition, ‘A communication channel is covert if it is neither designed nor intended to transfer information at all’ [1]. A more compelling definition appears as – ‘Given a security model M and its interpretation I(M) in an operating system and any potential communication between two subjects I(Sh) and I(Si) of ((M) is covert only if the communication between the subjects Sh and Si of the model of M is illegal in M’ [2]. On the other hand, “Side channel leaks S Subjects implementation-specific characteristics to S i d i recover the secret parameters involved in d e e the computation and specific to given C C implementation.”[3] Figure 1. shows the h h a …….. : a position of covert channel and side n convert n channel n channel in a system. n e Projection Model e l l Fig 1: Side channel & Covert channel. Environment Side Effect (Heat, Sound, Power etc) i) Covert channel is created inside a protection model where either that channel was not identified or not intended for communication where as side channel stays outside the protection model based on the side effect of the model with the environment (ex: electromagnetic emission). ii) Covert channel may require cooperating sender and receiver where as side channel do not require sender. Conversion between Covert channel and Side channel: As shown in figure 1b, we can convert side- channel into covert channel and vice versa. M We see that for model M1, C1 is side channel o Information Leaking d because it stays outside the model but if we C1 Side channel for M1 / Covert channel for M2 e build another protection model M2 including l Protection M1, then C1 becomes the Covert channel for M Model (M1) M2 by leaking information from a subject in M1 2 to other subject outside m1. Thus by changing the protection model from M1 to M2 we can convert between side channel into covert channel. Similarly, we can do the opposite. Fig 1b: Conversion between side & Covert Channel References: [1] B.W. Lampson, "A Noto on the Confinement Problem," Communications ACM 16 (1973). 613-615. [2] C. Tsai and V. D. Gligor, "A Bandwidth Computation Model for Covert Storage Channels and its Applications," IEEE Symposium on Security and Privacy, 1988. [3] F.-X. Standaert. Introduction to side-channel attacks. In I. M. Verbauwhede, Secure Integrated Circuit.2009 I have not taken any help on this examination from anybody and have not given any help to anybody.
- 2. 2. Intrusion Detection & Intrusion Prevention System: Although both Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) analyze the traffic and work based on different predefined rules, there are fundamental differences on how data they work and on action they can take. Figure 2. Shows the scope of both system in some great details. Fig 2: Breakdown of Intrusion Detection and Intrusion Prevention System Differences: i) IPS works with real traffic which means that the traffic, if allowed, is feed to real devices where as IDS works with the copy of the data, in the sense that even if we have IDS setup to update firewall with blocking rules, the initial attack packet has already gone through. ii) IDS is a passive device only used for loging/reporting purpose where as IPS acts as an active device which can terminate network connection or user sessions based on the need of IPS system. Implications of Base-rate fallacy on IPS: Similar to the base-rate fallacy in IDS, IPS effectiveness depends on how we can improve false alarm rate. If we use an IPS with high false alarm rate, eventually it will hurt system performance badly by filtering / stopping legitimate traffic. So, the impact of base rate fallacy on IPS is much more critical than its impact on IDS. Reference: [1] S. Axelsson. The base-rate fallacy and its implications for the difficulty of intrusion detection. In Proceedings of the 6th ACM Conference on Cornpurer and Communications Securiry,1999. [2] “IDS vs IPS”, available at : http://blog.inetu.net/2011/02/intrusion-detection-or-prevention-ids-vs-ips/ [3] “IDS vs IPS”, available at : http://www.focus.com/fyi/ids-vs-ips/ I have not taken any help on this examination from anybody and have not given any help to anybody.
- 3. 3. Continuous enforcement ensures that the control on a resource stays even after access to that resource is given to a user. Thus, it is required to monitor consumption of the resource or subsequent request for consumption so that it does not violate the policy under which access was granted. In the following model, I am not considering how the resource is consumed which is very inflexible to monitor in real situation. This model tries to provide continuous enforcement where continuous requests for a resource are made and each request has some side effect in the system. Fig. 3a. gives a general model for continuous enforcement while fig. 3b is specialized model for video streaming service provider. I S n G S e s r r t Customer e Customer a Mutable System States a status: {New, r v Balance, n Attributes base on n reliable, v i Trust, t attributes t Unreliable, i c History trustworthy} / c e S e D t e r G n Condition e 1.Prefer r y R Application a trustworthy Enforcem ent / a 1.Sufficient e Level Policy m Customer, Access Control Balance ? S q t 2. Prefer 2. More cond. ? t u n R customer with r e / e more balance a s D q Update M utable Attributes based Per m t e u Update balance, history etc. based Per Request Processing i n e Request Processing n y s g General Enforcem ent System(each t Enforcement System for Online video Service request goes through this Stream Provider system ) Fig 3a: General Model for continuous Enforcement Fig. 3b: Continuous enforcement model for video streaming service Provider. Here we assume that each request is going through the enforcement model. The model has mutable attributes which define the current state (and all possible states) for the system. The condition enforcement diamond in fig 3a. ensures that any violation of system policy will be detected and any further service request will be ignored in such violation cases. For a specific application, I have considered a video streaming service provider where each customer should have some balance, some trust worthiness, and/or balance history to get service. Possible state / status for a customer are new, reliable, unreliable etc. A future request will be allowed or denied based on which state the customer is currently in as well as on the policy of the system some of which are enumerated in figure 3b. References: [1] Jaehong Park and Ravi Sandhu. The UCON_ABC Usage Control Model, ACM Transactions on Information and System Security, Volume 7, Number 1, February 2004, pages 128-174. [2] Jaehong Park, Ravi Sandhu and Yuan Cheng, ACON: Activity-Centric Access Control for Social Computing. In Proceedings 5th International Conference on Availability, Reliability and Security (ARES) I have not taken any help on this examination from anybody and have not given any help to anybody.
- 4. 4. The Good Part and Bad Part: In this paper the authors have nicely identified the scope of their work by identifying the fact that although there exists de-facto standard for confidentiality and integrity for online banking, there is no standard scheme for authentication and non-repudiation. Then they presented two solutions for achieving authentication and non-repudiation. While they have engineered fairly technical solutions, the way they have presented them is not quite comprehensible and the article would have required more technical representation and technical analysis of their claim. For example, their approach for certificate-based solution should be more distinct in the sense what already exists and what they are proposing. The authors should have also shown attack scenarios that are possible in existing approached but not possible when their proposed solution is deployed. Something I have learned from the paper: In order to protect man-in-the-middle (MITM) attack, this paper has proposed a short time password scheme based on hardware generated token. Eventually, they have transferred the defense against secret key tampering on an offline hardwired device (smart card) which is interesting to learn. I have also come to know about the security concern and measurements for online banking ( for both online & offline ) from this and other papers I have read for answering the question. Weakness of the paper: The authors have identified and provided solution for issues like authentication, confidentiality, Integrity and non-repudiation. But today there exists more sophisticated attack than MITM or SSL certificate tempering among which MITB (Man-in-the-Browser) is worth to mention. So, they did not cover these types of client browser specific attacks (ex: XSS, XSRF and many others) although they have brought up this issues in another paper[4]. It is also reported that [3] a special, dedicated hardware device like smart card and card reader(additionally other equipments) for online banking may potentially hurt customer experiences caused by the limited portability of the hardware device. References: [1] Read the paper: Hiltgen, A., Kramp, T. and Weigold, T., “Secure Internet banking authentication.” IEEE Security & Privacy, vol.4, no.2, pp.21-29, March-April 2006. [2] Shoji Sakurai, Shinobu Ushirozawa, "Input Method against Trojan Horse and Replay Attack "Information Theory and Information Security (ICmS), pp.3S4-3S9, Jan 2010. [3] A. Vapen and N. Shahmehri. “Security levels for web authentication using mobile phones.” PrimeLife/IFIP Summer School Post-proceedings, Springer, 2011 (In Press). [4] Oppliger, R.; Rytz, R.; Holderegger, T.; “Internet Banking: Client-Side Attacks and Protection Mechanisms.” Computer (IEEE), 2009, Vol. 42 , No. 6, pp. 27-33. I have not taken any help on this examination from anybody and have not given any help to anybody.