Data information and security unit 1.pdf

Allied – 4
Data and Information Security
1
Dr.S.Sapna, AP/CS - DIS - Unit - I

Unit – I : Fundamentals of Security
Computer Security Concepts
Define Computer Security: The protection afforded to an
automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and
confidentiality of information system resources (includes hardware,
software, firmware, information/data, and telecommunications).
2

CIA triad - The three concepts represents the fundamental security
objectives for both data and for information and computing services.
Confidentiality: This term covers two related concepts: —
1. Data confidentiality - Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals.
2. Privacy: Assures that individuals control or influence what
information related to them may be collected and stored and by
whom and to whom that information may be disclosed.
Integrity: This term covers two related concepts : —
1. Data integrity: Assures that information and programs are
changed only in a specified and authorized manner.
2. System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.
Availability: Assures that systems work promptly and service is not
denied to authorized users.
3

(Standards for Security Categorization of Federal Information and Information Systems - FIPS) lists
confidentiality, integrity, and availability as the three security objectives for information and for information systems.
FIPS 199 provides a useful Characterization of these three security Objectives in terms of requirements and the
definition of a Loss of Security in each category:
• Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for
protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of
information.
• Integrity: Guarding against improper information modification or destruction, including ensuring information
nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.
• Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of
access to or use of information or an information system.
Additional Concepts:
• Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a
transmission, a message, or message originator. This means verifying that users are who they say they are and that
each input arriving at the system came from a trusted source. (under integrity - FIPS 199)
• Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that
entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action
recovery and legal action. Because truly secure systems are not yet an achievable goal, user must be able to trace a
security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to
trace security breaches or to aid in transaction disputes.
4

5

Model for Computer Security
6

Security Concepts and Relationships
The concept of a system resource, or asset, that users and
owners wish to protect.
The assets of a computer system can be categorized as
follows:
• Hardware: Including computer systems and other data
processing, data storage, and data communications devices
• Software: Including the operating system, system utilities,
and applications.
• Data: Including files and databases, as well as security-
related data, such as password files.
• Communication facilities and networks: Local and wide
area network communication links, bridges, routers, and so
on. In the context of security, our concern is with the
vulnerabilities of system resources.
7

General categories of vulnerabilities of a computer system or
network asset:
• It can be corrupted, so that it does the wrong thing or gives wrong answers. For example, stored data values
may differ from what they should be because they have been improperly modified.
• It can become leaky. For example, someone who should not have access to some or all of the information
available through the network obtains such access.
• It can become unavailable or very slow. That is, using the system or network becomes impossible or
impractical.
• Corresponding to the various types of vulnerabilities to a system resource are threats that are capable of
exploiting those vulnerabilities.
• A threat represents a potential security harm to an asset.
• An attack is a threat that is carried out (threat action) and, if successful, leads to an undesirable violation of
security, or threat consequence.
• The agent carrying out the attack is referred to as an attacker, or threat agent.
It can be distinguished two types of attacks:
• Active attack: An attempt to alter system resources or affect their operation.
• Passive attack: An attempt to learn or make use of information from the system that does not affect
system resources. 8

9

Attacks can be classified based on the origin of the attack:
• Inside attack: Initiated by an entity inside the security perimeter (an “insider”). The insider is authorized
to access system resources but uses them in a way not approved by those who granted the authorization.
• Outside attack: Initiated from outside the perimeter, by an unauthorized or illegitimate user of the system
(an “outsider”). On the Internet, potential outside attackers range from amateur pranksters to organized
criminals, international terrorists, and hostile governments.
o Finally, a countermeasure is any means taken to deal with a security attack. Ideally, a countermeasure can
be planned to prevent a particular type of attack from succeeding.
o When prevention is not possible, or fails in some case, the goal is to detect the attack and then recover
from the effects of the attack.
o A countermeasure may itself introduce new vulnerabilities. In any case, residual / remaining vulnerabilities
may remain after the imposition of countermeasures. Such vulnerabilities may be exploited by threat agents
representing a residual level of risk to the assets. Owners will seek to minimize that risk given other
constraints.
10

Threats, Attacks, and Assets
• Unauthorized disclosure: is a threat to confidentiality.
The following types of attacks can result in this threat consequence:
• Exposure: This can be deliberate (slow / careful), as when an insider intentionally releases sensitive
information, such as credit card numbers, to an outsider. It can also be the result of a human, hardware,
or software error, which results in an entity gaining unauthorized knowledge of sensitive data. There
have been numerous instances of this, such as universities accidentally posting student confidential
information on the Web.
• Interception: Interception is a common attack in the context of communications. On a shared Local Area
Network (LAN), such as a wireless LAN or a broadcast Ethernet, any device attached to the LAN can
receive a copy of packets intended for another device. On the Internet, a determined hacker can gain access
to e-mail traffic and other data transfers. All of these situations create the potential for unauthorized access to
data.
• Inference: An example of inference is known as traffic analysis, in which an adversary is able to gain
information from observing the pattern of traffic on a network, such as the amount of traffic between
particular pairs of hosts on the network. Another example is the inference of detailed information from a
database by a user who has only limited access; this is accomplished by repeated queries whose combined
results enable inference.
11

• Intrusion: An example of intrusion is an adversary gaining unauthorized access to sensitive data by
overcoming the system’s access control protections.
• Deception is a threat to either system integrity or data integrity.
• Masquerade: One example of masquerade is an attempt by an unauthorized user to gain access to a
system by posing as an authorized user; this could happen if the unauthorized user has learned
another user’s logon ID and password. Another example is malicious logic, such as a Trojan horse, that
appears to perform a useful or desirable function but actually gains unauthorized access to system resources
or tricks a user into executing other malicious logic.
• Falsification: This refers to the altering or replacing of valid data or the introduction of false data into a
file or database. For example, a student may alter his or her grades on a school database.
• Repudiation: In this case, a user either denies / rejects sending data or a user denies receiving or
possessing the data.
• Disruption is a threat to availability or system integrity.
12

Disruption - The following types of attacks can result in this threat consequence:
• Incapacitation: This is an attack on system availability. This could occur as a result of physical destruction
of or damage to system hardware. More typically, malicious software, such as Trojan horses, viruses, or
worms, could operate in such a way as to disable a system or some of its services.
• Corruption: This is an attack on system integrity. Malicious software in this context could operate in such a
way that system resources or services function in an unintended manner. Or a user could gain
unauthorized access to a system and modify some of its functions. An example of the latter is a user
placing backdoor logic in the system to provide subsequent access to a system and its resources by other than
the usual procedure.
• Obstruction: One way to obstruct system operation is to interfere with communications by disabling
communication links or altering communication control information. Another way is to overload the
system by placing excess burden on communication traffic or processing resources.
• Usurpation / violation is a threat to system integrity.
• Misappropriation: This can include theft of service. An example is a distributed denial of service attack,
when malicious software is installed on a number of hosts to be used as platforms to launch traffic at a target
host. In this case, the malicious software makes unauthorized use of processor and operating system resources.
• Misuse: Misuse can occur by means of either malicious logic or a hacker that has gained unauthorized access
to a system. In either case, security functions can be disabled or thwarted / dissatisfied.
13

14

Threats and Assets – contd.,
• The assets of a computer system can be categorized as hardware, software, data, and communication
lines and networks.
Hardware:
• A major threat to computer system hardware is the threat to availability.
• Hardware is the most vulnerable to attack and the least susceptible to automated controls.
• Threats include accidental and deliberate damage to equipment as well as theft.
• The spread of personal computers and workstations and the widespread use of LANs increase the
potential for losses in this area.
• Theft of CD-ROMs and DVDs can lead to loss of confidentiality.
• Physical and administrative security measures are needed to deal with these threats.
15

16

Software:
• Software includes the operating system, utilities, and application programs.
• A key threat to software is an attack on availability.
• Software, especially application software, is often easy to delete.
• Software can also be altered or damaged to render it useless.
• Careful software configuration management, which includes making backups of the most recent
version of software, can maintain high availability.
• A more difficult problem to deal with is software modification that results in a program that still
functions but that behaves differently than before, which is a threat to integrity/authenticity.
• Computer viruses and related attacks fall into this category.
• A final problem is protection against software piracy.
• Although certain countermeasures are available, by and large the problem of unauthorized
copying of software has not been solved.
17

Data :
• Hardware and software security are typically concerns of computing center professionals or individual
concerns of personal computer users.
• Data security, which involves files and other forms of data controlled by individuals, groups, and
business organizations.
• Security concerns with respect to data are broad, surrounding availability, secrecy, and integrity.
• In the case of availability, the concern is with the destruction of data files, which can occur either
accidentally or maliciously.
• Secrecy is the unauthorized reading of data files or databases, and this area has been the subject of
perhaps more research and effort than any other area of computer security.
• A less obvious threat to secrecy involves the analysis of data and manifests itself in the use of so-called
statistical databases, which provide summary or aggregate information.
18

Communication Lines and Networks
• Network security attacks can be classified as passive attacks and active attacks.
• A passive attack attempts to learn or make use of information from the system but does not affect system
resources.
• An active attack attempts to alter system resources or affect their operation (or) modification of the data
stream (or) creation of a false stream.
• Passive attacks are in the nature of eavesdropping / spying on, or monitoring of, transmissions.
• The goal of the attacker is to obtain information that is being transmitted.
Two types of passive attacks are the Release of Message Contents and Traffic Analysis.
• The release of message contents is easily understood - A telephone conversation, an electronic mail message,
and a transferred file may contain sensitive or confidential information. User would like to prevent an opponent
from learning the contents of these transmissions.
• A second type of passive attack, traffic analysis, is subtler. Suppose that user had a way of masking the contents
of messages or other information traffic so that opponents, even if they captured the message, could not extract the
information from the message.
• The common technique for masking contents is encryption. If encryption protection is used opponent might
still be able to observe the pattern of these messages. The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of messages being exchanged. This information
might be useful in guessing the nature of the communication that was taking place
19

• Passive attacks are very difficult to detect because they do not involve any alteration of the data. Typically, the message
traffic is sent and received in an apparently normal fashion and neither the sender nor receiver is aware that a third party
has read the messages or observed the traffic pattern.
• Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided
into four categories: Replay, Masquerade, Modification of Messages, and Denial of Service.
• Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized
effect.
• A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences
can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity
with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Takes place when one
entity pretends to be another. Usually includes another form of active attack.
• Modification of messages simply means that some portion of a legitimate message is altered, or that messages are
delayed or reordered, to produce an unauthorized effect. For example, a message stating, “Allow John Smith to read
confidential file accounts” is modified to say, “Allow Fred Brown to read confidential file accounts.”
• The denial of service (DoS) prevents or inhibits the normal use or management of communication facilities. This attack
may have a specific target; for example, an entity may suppress all messages directed to a particular destination (e.g.,
the security audit service). Another form of service denial is the disruption of an entire network, either by disabling the
network or by overloading it with messages so as to degrade performance.
20

• Passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is
quite difficult to prevent active attacks absolutely, because to do so would require physical protection of all
communication facilities and paths at all times. Instead, the goal is to detect them and to recover from any
disruption or delays caused by them. Because the detection has a deterrent effect, it may also contribute to
prevention.
21

Security Functional Requirements
• There are a number of ways of classifying and characterizing the countermeasures that
may be used to reduce vulnerabilities and deal with threats to system assets.
• Functional areas that primarily require computer security technical measures include
access control, identification and authentication, system and communication
protection, and system and information integrity.
• Functional areas that primarily involve management controls and procedures include
awareness and training; audit and accountability; certification, accreditation, and
security assessments; contingency planning; maintenance; physical and
environmental protection; planning; personnel security; risk assessment; and systems
and services acquisition.
• Functional areas that overlap computer security technical measures and management
controls include configuration management, incident response, and media protection.
22

Security Requirements
1. Access Control: Limit information system access to authorized users, processes acting on
behalf of authorized users, or devices (including other information systems) and to the
types of transactions and functions that authorized users are permitted to exercise.
2. Awareness and Training:
(i) Ensure that managers and users of organizational information systems are aware of
the security risks associated with their activities and of the applicable laws, regulation,
and policies related to the security of organizational information systems; and
(ii) Ensure that employees are adequately trained to carry out their assigned
information security-related duties and responsibilities.
3. Audit and Accountability:
(i) Create, protect, and retain information system audit records to the extent needed
to allow the monitoring, analysis, investigation, and reporting of unlawful, unauthorized,
or inappropriate information system activity; and
(ii) Ensure that the actions of individual information system users can be uniquely
traced to those users so they can be held accountable for their actions.
23

Contd.,
4. Certification, Accreditation, and Security Assessments:
(i) Periodically assess the security controls in organizational information systems to determine if the
controls are effective in their application;
(ii) develop and implement plans of action designed to correct deficiencies and reduce or eliminate
vulnerabilities in organizational information systems;
(iii) authorize the operation of organizational information systems and any associated information
system connections; and
(iv) monitor information system security controls on an ongoing basis to ensure the continued
effectiveness of the controls.
5. Configuration Management: Establish and maintain baseline configurations and inventories of
organizational information systems (including hardware, software, firmware, and documentation).
24
Information Security Domain

Contd.,
6. Contingency Planning: Establish, maintain, and implement plans for
emergency response, backup operations, and post-disaster recovery
for organizational information systems to ensure the availability of
critical information resources and continuity of operations in emergency
situations.
7. Identification and Authentication: Identify information system
users, processes acting on behalf of users, or devices, and
authenticate (or verify) the identities of those users, processes, or
devices, as a prerequisite to allowing access to organizational
information systems.
25
Information Security Domain

8. Incident Response: (i) Establish an operational incident-handling capability for organizational
information systems that includes adequate preparation, detection, analysis, containment, recovery, and
user-response activities; and (ii) track, document, and report incidents to appropriate organizational
officials and/or authorities.
9. Maintenance: (i) Perform periodic and timely maintenance on organizational information
systems; and (ii) provide effective controls on the tools, techniques, mechanisms, and personnel used to
conduct information system maintenance.
26
Contd.,

10. Media Protection:
(i) Protect information system media, both
paper and digital;
(ii) limit access to information on information
system media to authorized users; and
(iii) sanitize or destroy information system
media before disposal or release for reuse.
27
Contd.,

11. Physical and Environmental Protection:
(i) Limit physical access to information
systems, equipment, and the respective
operating environments to authorized
individuals;
(ii) Protect the physical plant and support
infrastructure for information systems;
(iii) Provide supporting utilities for
information systems;
(iv) Protect information systems against
environmental hazards; and
(v) Provide appropriate environmental
controls in facilities containing
28
Contd.,

12. Planning: Develop, document, periodically update, and
implement security plans for organizational information
systems that describe the security controls in place or
planned for the information systems and the rules of behavior
for individuals accessing the information systems.
13. Personnel Security:
(i) Ensure that individuals occupying positions of
responsibility within organizations (including third-party
service providers) are trustworthy and meet established security
criteria for those positions;
(ii) Ensure that organizational information and information
systems are protected during and after personnel actions
such as terminations and transfers;
29
Contd.,

14. Risk Assessment: Periodically assess the risk to organizational operations (including mission,
functions, image, or reputation), organizational assets, and individuals, resulting from the operation of
organizational information systems and the associated processing, storage, or transmission of organizational
information.
15. Systems and Services Acquisition:
(i) Allocate sufficient resources to adequately protect organizational information systems;
(ii) employ system development life cycle processes that incorporate information security considerations;
(iii) employ software usage and installation restrictions; and (iv) ensure that thirdparty providers employ
adequate security measures to protect information, applications, and/or services outsourced from the
organization. 30
Contd.,

16. System and Communications Protection:
(i) Monitor, control, and protect organizational communications (i.e., information transmitted or
received by organizational information systems) at the external boundaries and key internal
boundaries of the information systems; and
(ii) employ architectural designs, software development techniques, and systems engineering
principles that promote effective information security within organizational information systems.
31
Contd.,

17. System and Information Integrity:
(i) Identify, report, and correct information and information system flaws in a timely
manner; and provide protection from malicious code at appropriate locations within
organizational information systems;
(ii) monitor information system security alerts and advisories and take appropriate actions in
response.
32
Contd.,

Fundamental Security Design Principles
• These principles offer a balance between self-improving (and therefore unobtainable / unavailable) “perfect
security,” and the pragmatic / practical need to get things done.
• Although each of the principles can powerfully affect security, the principles have their full effect only
when used in concert and throughout an organization.
• Fundamental Security Design Principles are powerful mental tool for approaching security:
1. Economy of mechanism
2. Fail-safe defaults
3. Complete mediation
4. Open design
5. Separation of privilege
6. Least privilege
7. Least common mechanism
8. Psychological acceptability
9. Isolation
10. Encapsulation
11. Modularity
12. Layering
13. Least astonishment / wonder
33

1. Economy of mechanism:
• The design of security measures active in both hardware and software should be as simple
and small as possible.
• Small design is easier to test and verify thoroughly.
• With a complex design, there are many more opportunities for an challenger to discover
refined weaknesses to exploit that may be difficult to spot ahead of time.
• There is a constant demand for new features in both hardware and software, complicating
the security design task.
• The best that can be done is to keep this principle in mind during system design to try to
eliminate unnecessary complexity.
34
The security design principles are considered while designing any security mechanism for a system. These principles
are review to develop a secure system which prevents the security flaws and also prevents unwanted access to the
system.

35
2. Fail-safe default
• Access decisions should be based on permission rather than
exclusion / rejection.
• That is, the default situation is lack of access, and the protection
scheme identifies conditions under which access is permitted.
This approach shows a better failure mode than the alternative
approach, where the default is to permit access.
• If action fails, system should remain as secure as when action
began. i.e, firewall fails, lets no traffic in.
3. Complete mediation
• Checks every access against the access control mechanism.
• Usually done once on first action.
• Systems should not rely on access decisions retrieved from a cache.
• Checking every access can slow down system.
• In a system designed to operate continuously, this principle requires
that, if access decisions are remembered for future use, careful
consideration be given to how changes in authority are propagated
into such local memories.
• If permission change after, may get unauthorized access. Dr.S.Sapna, AP/CS - DIS - Unit - I

36
4. Open Design
• The security mechanism design should be open to the public.
• Like in the cryptographic algorithm, the encryption key is kept
secret while the encryption algorithm is opened for a public
investigation.
5. Separation of privilege
• Whenever user tries to gain access to a system, the access should
not be granted based on a single attribute or condition.
• Multiple privilege attributes are required to achieve access to a
restricted resource.
• A good example of this is multifactor user authentication, which
requires the use of multiple techniques, such as a password and a
smart card, to authorize a user.

37
6. Least privilege
• Every process and every user of the system should operate / access
to a system using the least set of rights / least privilege necessary
to perform the task.
• A good example of the use of this principle is role-based access
control.
• Only those limited privileges should be assigned to the user which
are essential to perform the desired task.
7. Least common mechanism
• There should be minimum common functions to share between the
different user.
• Shared function should run in users space rather than as system
procedure.
• Should minimize the functions shared by different users, providing
mutual security.
• This principle helps reduce the number of unintended
communication paths and reduces the amount of hardware and
software on which all users depend, thus making it easier to verify if
there are any undesirable security implications.Dr.S.Sapna, AP/CS - DIS - Unit - I

38
8. Psychological acceptability
• Security mechanisms should not add to difficulty of accessing resource.
• It is suggested that the security mechanism should introduce minimum hurdles to
the user of the system.
• Security mechanisms should not interfere improperly with the work of users,
while at the same time meeting the needs of those who authorize access.
• If security mechanisms hinder the usability or accessibility of resources, users
may opt to turn off those mechanisms.
9. Isolation
• The system that has critical data, processes or resources must be isolated such
that it restricts public access.
• The files or data of one user must be kept isolated with the files or data of
another user.
i. Public access systems should be isolated from critical resources (data, processes,
etc.) to prevent disclosure or tampering. Data are stored and isolate them, either
physically or logically. Physical isolation may include ensuring that no physical
connection exists between an organization’s public access information resources
and an organization’s critical information. When implementing logical isolation
solutions, layers of security services and mechanisms should be established
between public systems and secure systems responsible for protecting critical
resources. Dr.S.Sapna, AP/CS - DIS - Unit - I

39
Isolation - contd.,
ii. The processes and files of individual users should be isolated from one another except where it is explicitly
desired.
• All modern operating systems provide facilities for such isolation, so that individual users have separate,
isolated process space, memory space, and file space, with protections for preventing unauthorized access.
iii. Finally, security mechanisms should be isolated in the sense of preventing access to those mechanisms.
• For example, logical access control may provide a means of isolating cryptographic software from other parts
of the host system and for protecting cryptographic software from tampering and the keys from replacement or
disclosure.
10. Encapsulation
• Encapsulation can be viewed as a specific form of isolation which is designed on the principle based on object
oriented functionality.
• Protection is provided by encapsulating a collection of procedures and data objects in a domain of its own so that
the internal structure of a data object is accessible only to the procedures of the protected subsystem and the
procedures may be called only at designated domain entry points.

40
11. Modularity
• Modularity is the security mechanism that must be generated or referred both to the
development of security functions as separate, protected modules and to the use of a
modular architecture for mechanism design and implementation.
• The design and implementation effort focus on the secure design and implementation
of a single cryptographic module, including mechanisms to protect the module from
tampering.
• In the use of a modular architecture, each security mechanism should be able to support
migration to new technology or upgrade of new features without requiring an entire
system redesign.
• The security design should be modular so that individual parts of the security design
can be upgraded without the requirement to modify the entire system.

41
12. Layering
• It refers to the use of multiple, overlapping protection approaches
addressing the people, technology, and operational aspects of
• By using multiple, overlapping protection approaches, the failure or
avoidance / circumvention of any individual protection approach
will not leave the system unprotected.
• Layering approach is often used to provide multiple barriers
between an challenger / adversary and protected information or
services. This technique is often referred to as defense in depth.
• Multiple security layers must be used in order to protect the
opponent from accessing crucial information.
• Applying multiple security layers provides multiple barriers to the
adversary if the user tries to access the protected system.

42
13. Least astonishment
• It means that a program or user interface should always respond in the way that is least likely to
astonish / surprise the user while accessing the secure system.
• This principle informs that a part or a component of a system should behave in a way that the
user expect it to behave.
• For example, the mechanism for authorization should be transparent enough to a user that the user
has a good intuitive understanding of how the security goals map to the provided security
mechanism.

Attack Surfaces and Attack Trees
• Attack surface is known as the possible points where an unauthorized person can exploit / (set activity) on the
the system with vulnerabilities.
• It's the combination of weak endpoints of software, system, or a network that attackers can penetrate.
Examples of attack surfaces are the following:
• Open ports on outward facing Web and other servers, and code listening on those ports.
• Services available on the inside of a firewall.
• Code that processes incoming data, email, XML, office documents, and industry specific custom data
exchange formats.
• Interfaces, SQL, and Web forms.
• An employee with access to sensitive information vulnerable to a social engineering attack.
43
Attack Surface:

Attack Surfaces and Attack Trees – contd.,
Attack Surfaces Three categories:
• Network attack surface (i.e., network vulnerability) - This category refers to vulnerabilities over an
enterprise network, wide-area network, or the Internet, network protocol vulnerabilities, such as those
used for a denial-of-service attack, disruption of communications links, and various forms of intruder
attacks.
• Software attack surface (i.e., software vulnerabilities) - This refers to vulnerabilities in application,
utility, or operating system code. A particular focus in this category is Web server software.
• Human attack surface (e.g., social engineering) - This category refers to vulnerabilities created by
personnel or outsiders, such as social engineering, human error, and trusted insiders.
• An attack surface analysis is a useful technique for assessing the scale and severity of threats to a system.
• The attack surface also provides guidance on setting priorities for testing, strengthening security
measures, or modifying the service or application.
• Attack analysis: assessing the scale and severity of threats
44

Defense in Depth and Attack Surface
• The use of layering, or defense in
depth, and attack surface reduction
complement / match each other in
modifying (or) mitigating security risk.
45

• An attack tree is a branching, hierarchical data structure that represents a set of potential
techniques for exploiting / developing security vulnerabilities.
• The security incident that is the goal of the attack is represented as the root node of the tree, and the
ways that an attacker could reach that goal are iteratively and incrementally represented as
branches and subnodes of the tree.
• Each subnode defines a subgoal, and each subgoal may have its own set of further subgoals, etc.
• The final nodes on the paths outward from the root, i.e., the leaf nodes, represent different ways
to initiate an attack.
• Each node other than a leaf is either an AND-node or an OR-node.
• To achieve the goal represented by an AND-node, the subgoals represented by all of that node’s
subnodes must be achieved;
• For an OR-node, at least one of the subgoals must be achieved.
• Branches can be labeled with values representing difficulty, cost, or other attack attributes, so
that alternative attacks can be compared.
46
Attack Trees:
Attack Surfaces and Attack Trees – contd.,

• Objective: to effectively exploit the info available on attack patterns:
• Published on CERT (A Computer Emergency Response Team is an expert group
that handles computer security incidents.) or similar forums
• The attack tree can guide both the design of systems and applications, and the choice
and strength of countermeasures.
47
Attack Trees: contd.,

An Attack Tree for Internet Banking Authentication Application
• The root of the tree is the objective
of the attacker, which is to
compromise a user’s account.
• The shaded boxes on the tree are the
leaf nodes, which represent events that
comprise the attacks.
• The white boxes are categories which
consist of one or more specific attack
events (leaf nodes).
• Note that in this tree, all the nodes
other than leaf nodes are OR-nodes.
48

The analysis used to generate this tree considered the Three Components involved in
Authentication:
• User terminal and user (UT/U): These attacks target the user equipment, including the tokens that
may be involved, such as smartcards or other password generators, as well as the actions of the
user.
• Communications Channel (CC): This type of attack focuses on communication links.
• Internet banking server (IBS): These types of attacks are offline attack against the servers that
host the Internet banking application.
• Internet banking authentication application provides a thorough view of the different types of attacks.
• Using this tree as a starting point, security analysts can assess the risk of each attack and, using the
design principles outlined in the preceding section, design a comprehensive security facility and also
provides a good account of the results of this design effort.
49

Five overall attack strategies can be identified, each of which exploits one or more of
the three components: The Five Strategies are :
• User credential compromise: This strategy can be used against many elements of the attack
surface. There are procedural attacks, such as monitoring a user’s action to observe a PIN or
other credential, or theft of the user’s token or handwritten notes. An adversary may also
compromise token information using a variety of token attack tools, such as hacking the
smartcard or using a brute force approach to guess the PIN. Another possible strategy is to
embed malicious software to compromise the user’s login and password. An adversary may also
attempt to obtain credential information via the communication channel (sniffing). Finally, an
adversary may use various means to engage in communication with the target user.
• Injection of commands: In this type of attack, the attacker is able to intercept communication
between the UT and the IBS. Various schemes can be used to be able to copy the valid user and so
gain access to the banking system.
50

Five overall attack strategies can be identified, each of which exploits one or more of
the three components: The Five Strategies are :
• User credential guessing: It is reported in that brute force attacks against some banking
authentication schemes are feasible by sending random usernames and passwords. The attack
mechanism is based on distributed machine - personal computers, hosting automated programs for
username- or password-based calculation.
• Security policy violation: For example, violating the bank’s security policy in combination with
weak access control and logging mechanisms, an employee may cause an internal security
incident and expose a customer’s account.
• Use of known authenticated session: This type of attack (encourages) persuades or forces the
user to connect to the IBS with a preset session ID. Once the user authenticates to the server, the
attacker may utilize the known session ID to send packets to the IBS, spoofing the user’s
identity.
51

Difference Between Attack Surface and Attack Tree
• The main difference between attack surface and attack tree is that an attack tree is
the set of methods to defend against unauthorized users whereas an attack surface
is the area which is used to attack a system.
• Attack Surface - Consists of the reachable and exploitable vulnerabilities in a
system.
• Attack Tree - is a branching, hierarchical data structure that represents a set of
potential techniques for exploiting security vulnerabilities.
52

Computer Security Strategy
Security Strategy Involves Three Aspects:
1. Specification/policy: What is the security scheme supposed to do?
2. Implementation/mechanisms: How does it do it?
3. Correctness/assurance: Does it really work?
53
1. Security Policy: The first step in creating security services and mechanisms is to develop a security
policy. Those involved with computer security use the term security policy in various ways.
• At the least, a security policy is an informal description of desired system behavior.
• Informal policies may reference requirements for security, integrity, and availability.
• More usefully, a security policy is a formal statement of rules and practices that specify or regulate how a
system or organization provides security services to protect sensitive and critical system.
• A Formal Security Policy gives itself to being enforced by the system’s technical controls as well as its
management and operational controls.
In developing a security policy, a security manager needs to consider the following factors:
• The value of the assets being protected
• The vulnerabilities of the system
• Potential threats and the likelihood of attacks Dr.S.Sapna, AP/CS - DIS - Unit - I

Ease of use versus security:
o Access control mechanisms require users to remember passwords and perhaps perform other access
control actions.
o Firewalls and other network security measures may reduce available transmission capacity or slow
response time.
o Virus-checking software reduces available processing power and introduces the possibility of system
crashes or
o Malfunctions due to improper interaction between the security software and the operating system.
Cost of security versus cost of failure and recovery:
o In addition to ease of use and performance costs, there are direct monetary costs in implementing and
maintaining security measures.
o All of these costs must be balanced against the cost of security failure and recovery if certain security
measures are lacking.
o The cost of security failure and recovery must take into account not only the value of the assets being
protected and the damages resulting from a security violation, but also the risk.
Security policy is thus a business decision, possibly influenced by legal requirements.
54

2. Security Implementation/mechanisms: Actions
• Prevention: An perfect security scheme is one in which no attack is successful. Although this is not practical
in all cases, there is a wide range of threats in which prevention is a reasonable goal. For example, consider
the transmission of encrypted data. If a secure encryption algorithm is used, and if measures are in place to
prevent unauthorized access to encryption keys, then attacks on confidentiality of the transmitted data will be
prevented.
• Detection: In a number of cases, absolute protection is not feasible, but it is practical to detect security
attacks. For example, there are intrusion detection systems designed to detect the presence of unauthorized
individuals logged onto a system. Another example is detection of a denial of service attack, in which
communications or processing resources are consumed so that they are unavailable to legitimate users.
• Response: If security mechanisms detect an ongoing attack, such as a denial of service attack, the system
may be able to respond in such a way as to halt the attack and prevent further damage.
• Recovery: An example of recovery is the use of backup systems, so that if data integrity is compromised,
correct copy of the data can be reloaded. 55

3. Correctness/Assurance: Assurance and Evaluation:
• Assurance:
❖Assurance is defined as the degree of confidence one has that the security measures, both technical and
operational, work as intended to protect the system and the information it processes.
❖This covers both system design and system implementation.
❖Assurance deals with the questions: “Does the security system design meet its requirements?” and
“Does the security system implementation meet its specifications?”
• Evaluation:
❖Evaluation is the process of examining a computer product or system with respect to certain criteria.
❖Evaluation involves testing and may also involve formal analytic or mathematical techniques.
❖It is used in the area of the development as evaluation criteria that can be applied to any security
system (about security services and mechanisms) and that are broadly supported for making product
comparisons.
56

Euclidean Algorithm - Method 1 – Tabular Column Approach
• Euclidean Algorithm or Euclid’s Algorithm
• For computing the Greatest Common Divisor (GCD)
• Also known as Highest Common Factor (HCF)
57
• Numbers are composite numbers
Number Theory – Euclidean Algorithm (or) Euclid’s Algorithm – GCD
Example

58
• Numbers are composite numbers

59
• Numbers are prime numbers
(has two factors 1 and itself the
number)
• Numbers are big, difficult to
find divisors, common
divisors, GCD

60
Basic Rules for GCD to Begin: Method 1 – Tabular Column Approach
• Numbers are not prime numbers
• 4 Parameters are used Q- Quotient, A,B, R-Remainder, Biggest value must be placed as A parameter and next in B.
Step 1
Step 2 – Repeat the operation until value of B becomes 0, then
value of A becomes GCD, Parameter of B value will be A
value and R value will be B shift the values and do the
division
Step 3
Step 4
Example 1

61
Step 1
Step 2
Step 3
Example 2

62
Step 1
Example 3
Step 2
Step 3
Step 4

63
Euclid’s GCD Algorithm – Method 2 Relatively Prime (or) Co-Prime
83 and 19 are relatively Prime numbers (or)
Co-Prime Numbers

64
83 and 19 are relatively Prime numbers
(or) Co-Prime Numbers

Euclidean Algorithm
• Two integers are relatively prime if their only common positive integer factor is 1.
Greatest Common Divisor:
• Nonzero is defined to be a divisor of a if a = mb for some m, where a, b, and m are integers. Use the notation
gcd(a,b) to mean the greatest common divisor of a and b. The greatest common divisor of a and b is the largest
integer that divides both a and b. Also define gcd(0,0) = 0.
More formally, the positive integer c is said to be the greatest common divisor of a and b if:
1. c is a divisor of a and of b.
2. Any divisor of a and b is a divisor of c.
An equivalent definition is the following:.
Ex: gcd(60, 24) = gcd(60, -24) = 12 Also, because all nonzero integers divide 0,we have gcd(a,0) = |a| .
We stated that two integers a and b are relatively prime if their only common positive integer factor is 1.
This is equivalent to saying that a and b are relatively prime if gcd(a,b) = 1.
65
8 and 15 are relatively prime because the positive divisors of 8 are 1,2,4,and 8,and the
positive divisors of 15 are 1,3,5,and 15. So 1 is the only integer on both lists.

Number Theory – Chinese Remainder Theorem - CRT
66
Set of Different congruent equation on a variable X with different moduli m1,m2, etc., a unique
solution is obtained when moduli m1,m2, are relatively prime
Set of Different congruent equation
X can be calculated using this formula and values of a and m can be used which is given in equation

67
3 equations are given
Given Data:
a1= 2, a2= 3, a3= 2
m1= 3, m2= 5, m3= 7 => There exist an unique
solution only when m1, m2, m3 are relatively
prime, in otherwords the GCD of m1, m2, m3 is
1. since there is no common factor except 1
that can divide 3,5,7. so they are said to be
relatively prime.
Find the values:
M1, M2, M3 and M1
-1
, M2
-1
, M3
-1 and M

Calculate M Value:
M is the product of m1, m2, m3
68
Calculate M1, M2, M3 Value:

Calculate M1
-1, M2
-1, M3
-1 Value: substitute the values already found to calculate multiplicative inverse
69
• When M1 is multiplied by its
multiplicative inverse M1
-1 the user must
get reminder 1 when mod with m1.
• Similarly do it for M2
-1 and M3
-1
• Apply Extended Euclidean Algorithm if
numbers are small else do it by
calculating multiplicative inverse
method or apply the values 1,2, etc., till
the final result is obtained
• When M1
-1 is applied 1 then 35
when divided by 3 check is the
remainder 1, no its remainder is 2,
• So repeat the process M1
-1 is 2
then 35 x 2 = 70 now 70 is
divided by 3 the remainder is 1.
When M3
-1 is applied 1
then 15 when divided
by 7 the remainder 1.
• When M2
-1 is applied 1
then 21 when divided by 5
the remainder 1.

70
Calculate X Value: substitute all the values in the given expression already found
Find: Verified value X is 23.
• 23 is congruent to 2 (mod 3), 23 when divided by 3 is the
remainder 2, 23 /3 = 7 remainder is 2 as 7 x 3 = 21
remainder is 2.
• 23 is congruent to 3 (mod 5), 23 when divided by 5 the
remainder is 3, 23/5 = 4 remainder is 3 as 4 x 5 = 20
remainder is 3.
• 23 is congruent to 2 (mod 7), 23 when divided by 7 the
remainder is 2, 23/7 = 3 remainder is 2 as 3 x 7 = 21
remainder 2.
Hence the Chinese Remainder theorem helps to solve
different congruent equations under one variable (only
one condition these moduli value should be relatively
prime).

Chinese Remainder Theorem - CRT
• CRT says it is possible to reconstruct integers in a certain range from their residues modulo a set of pairwise
relatively prime moduli.
• Chinese remainder theorem states that if one knows the remainders of the Euclidean division of an integer n by
several integers, then one can determine uniquely the remainder of the division of n by the product of these
integers, under the condition that the divisors are pairwise coprime (no two divisors share a common factor
other than 1).
71

72

73

• An integer p > 1 is a prime number if and only if its only divisors
are ± 1 and ± p.
• Prime numbers play a critical role in number theory and in their
techniques as primes are distributed.
74
Number Theory – Prime Numbers and Factorization

75

76

Why prime numbers are used in cryptography i.e., in encrypting?
77

• Product of x and y is n but to calculate in reverse way if n is given and need to calculate x and y its too difficult.
• Cryptographic algorithms use large prime numbers.
78

79

80

Number Theory – Modular Arithmetic
81
If ‘a’ is an integer and ‘n’ is a positive integer, then define a mod n to be the remainder when ‘a’ is divided by ‘n’. The integer
‘n’ is called the modulus

82

a  b (mod m)
i.e., ‘a’ when divided by ‘m’ is ‘b’ remainder is obtained.
a = km + b
i.e., ‘a’ when divided by ‘m’ is ‘b’ remainder is obtained ‘k’ quotient is not worried.
It can be written as
a = am+b
Because ‘a’ is the product of ‘m’ and ‘k’ by adding ‘b’.
15  12 * 1 + 3
23  12 * 1 +11 27  3 (mod 12) 83

84
Approach 2 for addition :
15 mod 8 remainder is 7
= 7 + 3 = 10 mod 8 = 2
= 7 - 3 = 4 mod 8 = 4

85
= 7 * 3 = 21 mod 8 = 5
Modular Arithmetic Operations
the (mod n) operator maps
all integers into the set of
integers {0,1,….,(n-1)}.

Data information and security unit 1.pdf

More Related Content

Similar to Data information and security unit 1.pdf (20)

Recently uploaded (20)

Data information and security unit 1.pdf