Professional Documents
Culture Documents
Debremarkos University
School of Computing
Information Security (Chapter One)
Table of Contents
Chapter 1 .......................................................................................................................................... 2
1.1 Introduction ....................................................................................................................... 2
1.2 The Causes of insecurity ........................................................................................................ 4
1.3 Security Goals......................................................................................................................... 5
Confidentiality ........................................................................................................................... 6
Integrity ...................................................................................................................................... 6
Availability ................................................................................................................................ 7
Authenticity: .............................................................................................................................. 7
Accountability: ........................................................................................................................... 7
1.4 Security breach levels ............................................................................................................ 8
1.5 The Challenges of Computer Security ................................................................................. 9
1.6 THE OSI SECURITY ARCHITECTURE ........................................................................ 11
1.6.1 Security Attacks .............................................................................................................. 11
1.6.2 Security Services ............................................................................................................ 16
1.6.3 Security Mechanisms ...................................................................................................... 17
Chapter 1
1.1 Introduction
The term, Computer Security, refers to the protection afforded to an automated information system
in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality
of information system resources (includes hardware, software, firmware, information/data, and
telecommunications). This definition introduces three key objectives, CIA traid (Integrity,
availability, and confidentiality) that are at the heart of computer security.
Information Assurance (IA) is the process for protecting and defending information by ensuring its
confidentiality, integrity, and availability. At its most fundamental level, IA involves
protecting the rights of people and organizations. There are two perspectives to consider. First, IA
can provide organizations with the ability to protect their own rights as entities to survive, coexist,
and grow, since information is so integral to their management and operations. Second, IA can
provide organizations with the ability to protect the rights of other parties that support and interact
with them. These parties include employees, the existing and potential consumers of their
products and services, suppliers, and other organizations that are allies as a result of partnerships
and joint ventures.
IA is a multidisciplinary area of study and professional activity which aims to protect business by
reducing risks associated with information and information systems by means of a comprehensive
and systematic management of security countermeasures, which is driven by risk analysis and cost-
effectiveness. The definition declares two main drivers behind security decisions:
• Risk analysis - IA does not attempt to eliminate all risks, the risks should be prioritized,
according to the organization’s specifics, and reduced to an acceptable level;
• Cost-effectiveness - IA does not attempt to achieve security at any price, but in a most
efficient and cost-effective way.
IA is concerned with the design of a sensible and effective combination of security mechanisms. In
short words, it is possible to say that IA is a comprehensive and systematic management of
Information security.
The U.S Department of Defense (DoD) breaks down IA into three basic elements — people,
technology, and operations. People are the most crucial aspect of IA. The challenge is to provide the
right amount and type of training to all the people and to develop a human resources strategy that
brings the right people to bear at the right time and place. Operation consists of two main aspects:
system management and situation awareness. Operations also include the security procedures
required to ensure that system defenses quickly adapt in response to changing threats. The element
of Technology includes all tools /hardware or software/ which are used to protect information and
information systems: within the network at large; at the enclave boundary; and within the computing
environment of an enterprise.
Information security is not just about stopping viruses, keeping hackers out and putting a lid on
spam email. Information security is also about working with employees and management to make
sure that everyone is aware of current threats and how they can protect their information and systems.
The terms information security, computer security and network security are frequently used
interchangeably. These fields are interrelated often and share the common goals of protecting the
confidentiality, integrity and availability of information; however, there are some subtle differences
between them.
• Information security: refers to the processes and methodologies that are designed and
implemented to protect print, electronic, or any other form of confidential, private and
sensitive information or data from unauthorized access, use, misuse, disclosure, destruction,
modification, perusal, inspection, recording or disruption,
• Computer security: is the generic name for the collection of tools designed to protect the
processed and stored data and to hinder hackers.
• Network security: is the generic name for the collection of tools designed to protect data
during their transmission. Network security is the process of taking physical and software
preventative measures to protect the underlying networking infrastructure from unauthorized
access, misuse, malfunction, modification, destruction, or improper disclosure, thereby
creating a secure platform for computers, users and programs to perform their permitted
critical functions within a secure environment,
The differences among information security, computer security and network security lie primarily
in the approach to the subject, the methodologies used and the areas of concentration. Information
security is concerned with the confidentiality, integrity and availability of data regardless of the form
the data may take: electronic, print, or other forms. Computer security can focus on ensuring the
availability and correct operation of a computer system without concern for the information stored
or processed by the computer. Network security focuses on protecting data during their transmission.
The insecurity of computer systems and networks goes much further than the well-known computer
viruses, and has now become a priority. In the networked world, the new generation of vandals and
data thugs does not need to have physical contact with the victim. Data can be easily copied,
transmitted, modified or destroyed. As a result, the scene of crime is a particularly difficult one:
there are no traces, identification of the culprits is nearly impossible, apprehension even more so and
the legal framework does not make adequate provision for justice in this kind of crime.
The real-time nature of the Internet adds a further dimension to crime: it’s instantaneous. While
many causes exist for security problems, at least three types of fundamental weaknesses open the
door to security problems. These are Technology weakness, Policy weakness, and Configuration
weakness
weakness category is the lack of timely updates of anti-virus software and security patches
for PCs and networking equipment.
• Configuration weaknesses are evidenced by configuration of network servers, switches,
and routers that reduce the security of the network. Examples include leaving unused ports
open on a server, perimeter router ACL configurations that do not mitigate common attack
scenarios, and allowing clear-text Telnet access to routers.
• Security policy weaknesses are characterized by a poorly written, unsupported security
policy. A company’s security policy must be understood and accepted by everyone in the
organization, from the CEO down to the office worker entering data on a PC. There must be
clearly defined behaviors that are not acceptable, and stated consequences for compliance
failure. An example might be a policy whereby no one can install software on any company
computer without written approval from the IT department
Obviously, we could probably add human weakness and some others, but our purpose is to
concentrate on those issues that, once recognized, can be managed, monitored, and improved within
a security strategy.
• Confidentiality - Hidden from unauthorized access. (restricting access through the use of
classification or clearance levels, such as in the military)
• Integrity - Protected from unauthorized change (ensuring that information and systems can
only be accessed by authorized users)
• Availability - Available to an authorized entity when it is needed (ensuring that information
is reliably accessible and available to authorized users as needed)
• Authentication - ensuring that users are who they say they are, through usernames, passwords,
biometrics, tokens and other methods
• Nonrepudiation - ensuring that someone cannot deny an action taken within an information
system because the system provides proof of the action
Confidentiality
This is the most common aspect of information security. Confidentiality is the ability of a system to
ensure that an asset is viewed only by authorized parties. i.e. Only authorized people or systems can
access protected data which refers to Data Confidentiality. The other confidentiality is in terms of
Privacy Which Assures that individuals control or influence what information related to them may
be collected and stored and by whom and to whom that information may be disclosed.
An organization needs to guard against those malicious actions that endanger the confidentiality of
its information. Confidentiality not only applies to the storage of information but also applies to the
transmission of information. When we send a piece of information to be stored in a remote computer
or when we retrieve a piece of information from a remote computer, we need to conceal it during
transmission.
There are many countermeasures that organizations put in place to ensure confidentiality.
Passwords, access control lists and authentication procedures use software to control access to
resources, volume and file encryption, and Unix file permissions. These access control methods
are complemented by the use encryption to protect information that can be accessed despite the
controls, such as emails that are in transit.
Integrity
Information needs to be changed constantly. For example, in a bank when a customer deposits or
withdraws money, the balance of his account needs to be changed. Integrity means that changes need
to be done only by authorized entities and through authorized mechanisms. Integrity violation is not
necessarily the result of a malicious act; an interruption in the system, such as a power surge, may
also create unwanted change in some information.
Integrity covers two related concepts these are Data integrity which Assures that information (both
stored and in transmitted packets) and programs are changed only in a specified and authorized
manner. The other is System integrity which Assures that a system performs its intended function
in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the
system.
Integrity ensures that when an authorized person makes a change that should not have been made
the damage can be reversed. These measures provide assurance in the accuracy and completeness of
data.
Availability
The information created and stored by an organization need to be available to authorized entities.
i.e. the ability of a system to ensure that an asset can be used by any authorized parties, the systems
work promptly and service is not denied to authorized users. The unavailability of information is
just as harmful for an organization as the lack of confidentiality or integrity. Authentication
mechanisms, access channels and systems all have to work properly for the information they protect
and ensure it's available when it is needed.
Availability measures protect timely and uninterrupted access to the system. Some of the most
fundamental threats to availability are non-malicious in nature and include hardware failures,
unscheduled software downtime and network bandwidth issues.
Example
• If a thief steals your computer, you no longer have access, so you have lost
availability; furthermore, if the thief looks at the pictures or documents you have
stored, your confidentiality is compromised. And if the thief changes the content of
your music files but then gives them back with your computer, the integrity of your
data has been harmed.
Authenticity:
The property of being genuine and being able to be verified and trusted; confidence in the validity
of a transmission, a message, or message originator. This means verifying that users are who they
say they are and that each input arriving at the system came from a trusted source
Accountability:
DMU - HKA Page 7
Chapter1-Introduction
The security goal that generates the requirement for actions of an entity to be traced uniquely to that
entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention,
and after-action recovery and legal action. Because truly secure systems are not yet an achievable
goal, we must be able to trace a security breach to a responsible party. Systems must keep records
of their activities to permit later forensic analysis to trace security breaches or to aid in transaction
disputes.
There are three levels of impact on organizations or individuals that a security breach results (i.e., a
loss of confidentiality, integrity, or availability). These levels are:
Low: The loss could be expected to have a limited adverse effect on organizational operations,
organizational assets, or individuals. A limited adverse effect means that, for example, the loss of
confidentiality, integrity, or availability might:
• Cause a degradation in mission capability to an extent and duration that the organization is
able to perform its primary functions, but the effectiveness of the functions is noticeably
reduced;
• Result in minor damage to organizational assets;
• Result in minor financial loss; or
3. Because of point 2, the procedures used to provide particular services are often
counterintuitive. Typically, a security mechanism is complex, and it is not obvious from the
statement of a particular requirement that such elaborate measures are needed. It is only when
the various aspects of the threat are considered that elaborate security mechanisms make sense.
4. Having designed various security mechanisms, it is necessary to decide where to use them.
This is true both in terms of physical placement (e.g., at what points in a network are certain
security mechanisms needed) and in a logical sense (e.g., at what layer or layers of an
architecture such as TCP/IP [Transmission Control Protocol/Internet Protocol] should
mechanisms be placed).
5. Security mechanisms typically involve more than a particular algorithm or protocol. They also
require that participants be in possession of some secret information (e.g., an encryption key),
which raises questions about the creation, distribution, and protection of that secret
information. There also may be a reliance on communications protocols whose behavior may
complicate the task of developing the security mechanism. For example, if the proper
functioning of the security mechanism requires setting time limits on the transit time of a
message from sender to receiver, then any protocol or network that introduces variable,
unpredictable delays may render such time limits meaningless.
6. Computer and network security is essentially a battle of wits between a perpetrator who tries
to find holes and the designer or administrator who tries to close them. The great advantage
that the attacker has is that he or she need only find a single weakness, while the designer must
find and eliminate all weaknesses to achieve perfect security.
7. There is a natural tendency on the part of users and system managers to perceive little benefit
from security investment until a security failure occurs.
8. Security requires regular, even constant, monitoring, and this is difficult in today’s short-term,
overloaded environment.
9. Security is still too often an afterthought to be incorporated into a system after the design is
complete rather than being an integral part of the design process.
10. Many users and even security administrators view strong security as an impediment to efficient
and user-friendly operation of an information system or use of information.
The difficulties just enumerated will be encountered in numerous ways as we examine the various
security threats and mechanisms.
Security attacks are the computer attacks that compromise the security of the system. Conceptually,
the security attacks can be classified into two types that are active and passive attacks where the
attacker gains illegal access to the system’s resources.
A. Passive attacks
B. Active attacks
Passive attacks attempt to learn or make use of information from the system but do not affect system
resources. A passive attack is one where the attacker only monitors the communication channel. A
passive attacker only threatens the confidentiality of data. Due to passive attack, there is no any
harm to the system. Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is being transmitted.
These types of attacks threaten the confidentiality of information. Two types of passive attacks are
related to message contents and traffic analysis:
services running on a target computer by scanning the and Ping Sweeps kind of network attack
where the intruder sends ping ICMP ECHO packets to a range of IP addresses to find out which
one respond with an ICMP ECHO REPLY TCP/UDP ports. Thus, the attacker can identify
which computers are up and which computers are down.
o Traffic Analysis: An unauthorized entity can obtain some other type information by monitoring
online traffic. For example, he can find the email id of the sender or the receiver. He can collect
pairs of request and response to help him guess the nature of transaction Traffic analysis: It
refers to the process of intercepting and examining messages in order to deduce information
from patterns in communication. It can be performed even when the messages are encrypted
and cannot be decrypted. In general, the greater the number of messages observed, or even
intercepted and stored, the more can be inferred from the traffic.
The most important thing is that, in active attack, Victim gets informed about the attack. This Attack
threaten Integrity: The integrity of data can be threatened by several kinds of attacks: modification,
masquerading, replaying and repudiation. Active attacks involve some modification of the data
stream or the creation of a false stream and can be divided
into six categories:
impersonates somebody else. For example, the attacker might steal the bank card and PIN of
a customer and pretend that he is that customer.
• Replay: In this kind of attack, a valid data transmission is maliciously or fraudulently
repeated or delayed. This is carried out either by the originator or by an adversary who
intercepts the data and retransmits them, possibly as part of a masquerade attack. (Path 1,2,
and 3 active). Replaying: The attacker obtains a copy of a message sent by the user and
later tries to reply it. For example, a person sends a request to his bank to ask for payment
to the attacker who has done job for him. The attacker intercepts the message and sends it
again to receive another payment from the bank.
• Modification of messages: The attacker removes a message from the network traffic, alters
it, and reinserts it. (Path 1,2, active) Modification: After intercepting or accessing
information, the attacker modifies the
information to make it beneficial to himself.
For example, a customer sends a message to
a bank to do some transaction. The attacker
intercepts the message and changes the type
of transaction to benefit him. Eg. “Allow
JOHN to read confidential file X” is
modified as “Allow Ebba to read confidential file X”.
• Repudiation: It is performed by one of the parties in the communication: the sender or the
receiver. The sender of the message might later deny that he has sent the message; the
receiver of the message might later deny that he has received the massage. For example,
customer ask his Bank “To transfer an amount to someone” and later on the sender(customer)
deny that he had made such a request. This is repudiation.
• Denial of Service (DoS) and Distributed Denial of Service (DDoS): A denial of service
(DoS) attack is an incident in which a user or organization is deprived of the services of a
resource they would normally expect to have. In a distributed denial-of-service, large
numbers of compromised systems (sometimes called a botnet) attack a single target. (Path 3
active). Attacks threatening Availability: We mention only one attack threatening
availability: denial of service. It is a common attack, which may slow down or totally
interrupt the service of a system. The attacker can use several strategies to achieve this. He
may send so many bogus requests to a server that the server crushes because of heavy load.
The attacker may intercept and delete a server‘s response to a client, making the client believe
that the server is not responding.
• Advanced Persistent Threat (APT): It is a network attack in which an unauthorized person
gains access to a network and stays there undetected for a long period of time. The intention
of an APT attack is to steal data rather than cause damage to the network or organization.
APT attacks target organizations in sectors with high-value information, such as national
defense, manufacturing and the financial industry.
An active attack usually requires more effort and often more dangerous implication. When the hacker
attempts to attack, the victim gets aware of it.
The active attacks can be in the form of interruption, modification and fabrication.
The major difference between active and passive attacks is that in active attacks the attacker
intercepts the connection and modifies the information and causes a lot of damage to the system
resources and can affect its operation. Whereas, in a passive attack, the attacker intercepts the transit
information with the intention of reading and analyzing the information not for altering it and
therefore doesn’t causes any damage.
A security service is a service that ensures adequate security of the systems or of data transfers.
Security services are implemented by security mechanisms according to security policies. For over
twenty years, information security has held confidentiality, integrity and availability (known as the
CIA triad) to be the core principles of information security. ITU-T has defined five services relating
to the security goals and attacks:
• Data Confidentiality: This service is designed to protect data from disclosed attacks. The
service encompasses confidentiality of the whole message or part of a message and also
protection against traffic analysis. It is designed to protect against snooping and traffic
analysis attack (passive attacks)
• Data Integrity: this is designed to protect the data from modification, insertion, deletion,
and replaying by an adversary. It may protect the whole message or the part of the message.
Thus, the connection-oriented integrity service addresses both message stream modification
and denial of service. On the other hand, a connectionless integrity service, one that deals
with individual messages without regard to any larger context, generally provides protection
against message modification only. (Active Attack)
• Authentication: This service provides the authentication of the party at the other end of the
line. In connection-oriented communication, it provides authentication of the sender or
receiver during the connection establishment; and it assures that the connection is not
interfered. In connectionless communication, it authenticates the source of the data. The
function of the authentication service is to assure the recipient that the message is from the
source that it claims to be from. The peer entity authentication provide confidence in the
identity of the entities connected. The Data origin authentication provides assurance that the
source of received data is as claimed.
• Non-repudiation: This service protects against repudiation by either the sender or the
receiver of the data. In non-repudiation with proof of the origin, the receiver of the data can
later prove the identity of the sender if denied. In non-repudiation with proof of the delivery,
the sender of the data can later prove that data were delivered to the intended recipient
• Access Control: This service provides protection against unauthorized access to data. The
term access in this definition is very broad and can involve reading, writing, modifying,
executing programs and so on.
• Availability Service: the property of a system or a system resource being accessible and
usable upon demand by an authorized system entity, according to performance specifications
for the system (i.e., a system is available if it provides services according to the system design
whenever users request them). A variety of attacks can result in the loss of or reduction in
availability. Some of these attacks are amenable to automated countermeasures, such as
authentication and encryption, whereas others require some sort of physical action to prevent
or recover from loss of availability of elements of a distributed system. This service addresses
the security concerns raised by denial-of-service attacks. It depends on proper management
and control of system resources and thus depends on access control service and other security
services.
Security mechanism is a process that implements security services based on hardware (technical),
software (logical), physical or administrative approach. Security mechanisms support the security
services and execute specific activities for the protection against attacks or attack results.
The security mechanisms are divided into those that are implemented in a specific protocol layer
and those that are not specific to any particular protocol layer or security service.
Security Mechanisms that are specific to a particular OSI security service or protocol layer:
• Routing control enables selection of particular physically secure routes for certain data and
allows routing changes, especially when a security breach is suspected. This mechanism also
involves perimeter security. Routing control is used to choose either dynamically or by
prearrangement specific routes for data transmission. Routing control means selecting and
continuously changing different available routes between sender and receiver to prevent the
opponent from eavesdropping on a particular route.
• Notarization is a mechanism that uses a trusted third party to assure certain properties of a
data exchange. Notarization means selecting a third trusted party to control the
communication between two entities. The receiver can involve a trusted third party to store
the sender request in order to prevent the sender from later denying that she has made a
request.
Security Mechanisms that are not specific to any particular OSI security service or protocol layer.
• Trusted Functionality: That which is perceived to be correct with respect to some criteria
(e.g., as established by a security policy).
• Security Label: The marking bound to a resource (which may be a data unit) that names or
designates the security attributes of that resource.
• Event Detection: Detection of security-relevant events.
• Security Audit Trail: Data collected and potentially used to facilitate a security audit,
which is an independent review and examination of system records and activities.
• Security Recovery: Deals with requests from mechanisms, such as event handling and
management functions, and takes recovery actions.
Reading assignment