INTRODUCTION

 

In this age of universal electronic connectivity, of viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security does not matter. Two trends have come together to make this topic of vital interest. First, the explosive growth in computer systems and their interconnections via network has increased the dependence of both organizations and individuals on the information stored and communicated using these systems. This, in turn, has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and messages, and to protect systems from network-based attacks. Second, the disciplines of cryptography and network security have matured, leading to the development of practical, readily available applications to enforce network security.

The requirements of information security within an organization have undergone two major changes in the last several decades. Before the widespread use of data processing equipment, the security of information felt to be valuable to an organization was provided primarily by physical and administrative means. An example of the former is the use of rugged filing cabinets with a combination lock for storing sensitive documents. An example of the latter is personnel screening procedures used during the hiring process.

With the introduction of the computer, the need for automated tools for protecting files and other information stored on the computer became evident. This is especially the case for a shared system, such as a time-sharing system, and the need is even more acute for systems that can be accessed over a public telephone or data network. The generic name for the collection of tools designed to protect data and to thwart hackers is computer security.

The second major change that affected security is the introduction of distributed systems and the use of networks and communications facilities for carrying data between terminal user and computer and between computer and computer. Network security measures are needed to protect data during their transmission. In fact, the term network security is somewhat misleading, because virtually all business, government, and academic organizations interconnect their data processing equipment with a collection of interconnected networks. Such a collection is often referred to as an internet.

 

SECURITY AGAINST WHAT?

 

Security is not only against unauthorized access of information, but may also be against natural disasters or accidents. Hence, we can define a secure system, which is a system that does what it designed to in proper time.

This topic focuses on internet security [i.e. Network security], which consists of measures to deter, prevent, detect, and correct security violations that involve the transmission of information. That is a broad statement that covers a host of possibilities. The following are some security violations that are covered by this topic:

 

1. User A transmits a file to user B. The file contains sensitive information (e.g., payroll records) that is to be protected from disclosure. User C, who is not authorized to read the file, is able to monitor the transmission and capture a copy of the file during its transmission.
2. A network manager, D, transmits a message to a computer, E, under its management. The message instructs computer E to update an authorization file to include the identities of a number of new users who are to be given access to that computer. User F intercepts the message, alter its contents to add or delete entries, and then forwards the message to E, which accepts the message as coming from manager D and updates its authorization file accordingly.
3. Rather than intercept a message, user F constructs its own message with the desired entries and transmits that message to E as if it had come from manager D. Computer E accepts the message as coming from manager D and updates its authorization file accordingly.
4. An employee is fired without warning. The personnel manager sends a message to a server system to invalidate the employee’s account. When the invalidation is accomplished, the server is to post a notice to the employee’s file as confirmation of the action. The employee is able to intercept the message and delay it long enough to make a final access to the server to retrieve sensitive information. The message is then forwarded, the action taken, and the confirmation posted. The employee’s action may go unnoticed for some considerable time.
5. A message is sent from a customer to a stockbroker with instructions for various transactions. Subsequently, the investments lose value and the customer denies sending the message.

 

Although this list is by no means exhaustive, the possible types of security violations, it illustrates the range of concerns of network security.

 

SECURITY ATTACKS, SERVICES AND MECHANISMS

 

One approach to assess the security needs of an organization effectively and to evaluate and choose various security products and policies is to consider three aspects of information security:

• Security attack: any action that comprises the security of information owned by an organization.
• Security mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
• Security services: A service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks, and they make use of one or more security mechanisms to provide the service.

 

Security Services

 

We can think of information security services as replicating the types of functions normally associated with physical documents. Much of the activity of humankind depends on the use of documents and on both parties to a transaction having confidence in the integrity of those documents. Documents typically have signatures and dates; they may need to be protected from disclosure, tampering, or destruction; they may be notarized or witnessed; may be recorded or licensed, and so on.

As information systems become ever more pervasive and essential to the conduct of our affairs, electronic information takes on many of the roles traditionally performed by paper documents. Accordingly, the types of functions traditionally associated with paper documents must be performed on documents that exist in electronic form. Several aspects of electronic documents make the provision of such functions or services challenging:

1. It is usually possible to discriminate between an original paper document and a xerographic copy. However, an electronic document is merely a sequence of bits; there is no difference whatsoever between the “original” and any number of copies.
2. An alteration to a paper document may leave some sort of physical evidence of the alteration. Altering bits in a computer memory or in a signal leaves no physical trace.
3. Any “proof” process associated with a physical document typically depends on the physical characteristics of that document (e.g., the shape of a handwritten signature or an embossed notary seal). Any such proof of authenticity of an electronic document must be based on internal evidence present in the information itself.

 

Security involving communications and networks is not as simple as it might first appear to the novice. The requirements seem to be straightforward; indeed, most of the major requirements for security services can be given self-explanatory one-word labels: confidentiality, authentication, integrity, nonrepudiation and so on.

Computer and network security research and development have focused on three or four general security services that encompass the various functions required of an information security facility. One useful classification of security services is the following:

• Confidentiality: Ensures that the information in a computer system and transmitted information are accessible only for reading by authorized parties. This type of access includes printing, displaying, and other forms of disclosure, including simply revealing the existence of an object.
• Authentication: Ensures that the origin of a message or electronic document is correctly identified, with an assurance that the identity is not false.
• Integrity: Ensures that only authorized parties are able to modify computer system assets and transmitted information. Modification includes writing, changing, deleting, creating, and delaying or replaying of transmitted messages.
• Nonrepudiation: Requires that neither the source nor the receiver of a message be able to deny the transmission.
• Access control: Requires that access to information resources may be controlled by or for the target system.
• Availability: Require that computer system assets be available to authorized parties when needed.

 

Security mechanisms

 

There is no single mechanism that will provide all the services just listed or perform all the functions needed. There are a variety of mechanisms that come into play. However, we can note at this point that there is one particular element that underlies most of the security mechanisms in use: cryptographic techniques. Encryption or encryption-like transformations of information are the most common means of providing security.

 

Security attacks

 

Since they carry and hold information of enormous total value, computer networks are exceedingly attractive targets to attack. Networking brings more resources within reach of more potential attackers, considering the vulnerabilities of transmission media.

The nature of the attack that concerns an organization varies greatly from one set of circumstances to another. Fortunately, we can approach the problem from a different angle by looking at the generic types of attack that might be encountered.

Attacks on the security of a computer system or network are best characterized by viewing the function of the computer system as providing information. In general, there is a flow of information from source, such as a file or region of main memory, to a destination, such as another file or a user. This normal flow is depicted in figure 1.a. the remaining parts of the figure show the following four general categories of attack:

• Interruption: Also called “denial of service”, where an asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability. Examples include destruction of a piece of hardware, such as hard disk, the cutting of communication line, or the disabling of the file management system.
• Interception: An unauthorized party gains access to an asset. This is an attack on confidentiality. The unauthorized party could be a person, a program, or a computer. Examples include wiretapping to capture data in a network, and the illicit copying of files or programs.
• Modification: An unauthorized party not only gains access to but also tampers with an asset. This is an attack on integrity. Examples include changing values in a data file, altering a program so that it performs differently, and modifying the content of messages being transmitted in a network.
• Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. Examples include the insertion of spurious messages in a network or the addition of records to a file.

 

Figure (1): Security Threats

 

A useful categorization of these attacks is in terms of passive attacks and active attacks.

 

Passive Attacks

Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions where the intruder or the opponent simply listens or eavesdrop to obtain information that is being transmitted without actively changing anything. Two types of passive attacks are release of message contents and traffic analysis.

The release of message contents is to learn the contents of the transmitted information. Information being transmitted may be sensitive or confidential. So, we would like to prevent the opponent from learning the contents of message.

The second passive attack, traffic analysis, is more subtle. Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message. The common technique for masking contents is encryption. If we had encryption protection in place, an opponent might still be able to observe the pattern of these messages. The opponent could determine the location and identity of communicating hosts (i.e., source and destination) and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication that was taking place.

Passive attacks are very difficult to detect because they do not involve any alteration of the data. However, it’s feasible to prevent the success of these attacks. Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.

 

Active Attacks

The second major category of attack is active attacks. These attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service.

A masquerade (or fabrication) takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequences has taken place, thus enabling an unauthorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges.

Replay involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.

Modification of a message simply means that some portion of a legitimate message is altered, or that messages are delayed or recorded, to produce an unauthorized effect. For example, a message meaning “Allow John Smith to read confidential accounts” is modified to mean “Allow Fred Brown to read confidential file accounts.”

The denial of service (or interruption) prevents or inhibits the normal use or management of communications facilities. This attack may have specific target; for example, an entity may suppress all messages directed to a particular destination (e.g., the security audit service). Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance.

Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success. On the other hand, it is quite difficult to prevent active attacks absolutely, because to do so would require physical protection of all communications facilities and paths at all times. Instead, the goal is to protect them and to recover from any disruption or delays caused by them. Because the detection has deterrent effect, it may also contribute to prevention.

 

AUTHENTICATION

 

Authentication in operating systems is mainly user authentication. A user claims an identity and presents evidence to back up the claim. The evidence is something the user knows, has, or does. The system evaluates the evidence, using stored authentication information. Authentication in networks must solve a broader problem under circumstances of great threat. The problem is broader because:

• Not only users but also other entities need to be authenticated. Hosts must authenticate themselves to other hosts, and processes to processes. The OSI terminology is peer entity authentication; another term is identity authentication. The network entities that participate in authentication are principals. Principals include users, hosts, and processes.
• Users must authenticate themselves to many different hosts and services. For convenience, users want single sign-on, where one login authenticates a user to all the network resources.
• Multiple domains of authority are involved. There are many authentication services, with different policies. The trust relationships among them are complex, yet they need to cooperate on authentication.
• Although the network is “broken” or partly broken most of the time, authentication service must be available when it is needed.

 

The circumstances hold more threat in that:

·        Authentication information, such as passwords, is subject to eavesdropping.

·        Authentication done at the beginning of a session or connection is at greater risk of becoming invalid during the connection.

·        Attacks can modify messages, including those for authentication.

·        Some links and nodes of the network may not be trusted by the source and destination hosts.

·        Intruders are more remote and harder to trace.

 

Types of Authentication

 

The simplest type of authentication is called simple authentication, which is one-way; a claimant (such as a user or client process) authenticates itself to a verifier (such as an operating system or server process) by providing some proof of identity, such as a password or token. Simple authentication is called disclosing because the proof of identity is disclosed to eavesdroppers.

 

 

 

 

This protocol has fatal flaws in the network environment:

1. Eavesdropper can learn the password and later use it to impersonate the claimant.
2. Passwords tend to be weak.
3. Authentication is only one-way.

 

These problems can be eliminated by using challenge-response methods with time stamp or a nonce as in the following protocol:

 

 

 

 

 

The verifier sends a nonce as a challenge: the correct response can be computed only by a claimant who knows the secret key. Eavesdropping on previous exchanges would not help an intruder, who would never have seen this specific nonce.

Strong one-way authentication is not enough for distributed system, which needs mutual authentication, in which each principal verifies the other’s claim of identity. A user logs on to a remote host assumes that host will behave responsibly (take good care of his data, give correct answers, not perform transactions in his name that he did not authorize). The user trusts the host, based on his knowledge about it, and needs to be sure that some other host is not impersonating the one he trusts. Similarly, a client process needs assurance that the intended server is handling its request. Each principal must authenticate the other. With strong mutual authentication, neither principal risks disclosure of the secret information that it uses to prove its claim. No secret is disclosed to the other principal or to an eavesdropper.