Unit-2

Security in the digital age

Private property: from vulnerabilities to risks
• In the digital era, virtual assets (software products, know-how, algorithms, knowledge, information, multimedia,
data, etc.) become integral parts of IS infrastructures designed to provide different services. Faced with such a
distribution of property in the digital infrastructure of interconnected information systems, operators of such
systems, users (businesses and individuals) and the State must face questions on the issue of protection of the
exchanged and contained information.
• Such protection should cover:
— all assets, i.e. both the transported content and the parts used or stored in a given infrastructure;
— all types of actors;
— the entire lifetime, especially respecting the particular aspects of the actual use but also the legal issues (expiration
and forced deletion vs. audit needs).
• Today providing many critical services (air traffic control, defense, emergency services, trading, etc.)
telecommunications systems have become indispensable for all actors in the information society.
 Security in the digital age
Security is often seen as the art of sharing secrets. The definition depends on the implementation of possible security
measures and is necessary in some but not all cases.
We define security in the digital age as a quest for the protection of digital assets and the protection of systems treating
such assets against any act which is unwanted or perceived as abuse by the respective owners. Such unwanted acts are
typically possible because of vulnerabilities present in the ISs. The exploitation of vulnerabilities creates threats
and thus represents a risk from the point of view of the owner.
Security methodology the perception of risks to assets by the owner leads to the implementation of a set of counter-
measures within the IS.
The attacker is typically presumed to be malicious and creates threats exploiting vulnerabilities in or around the asset.
The owner wants to minimize risks and imposes counter-measures that he considers necessary to protect the asset.
 Security in the digital age
The complexity of this issue is due to several factors. Given the architectural and technological complexity and the
dynamism of assets in the context of IS, it is difficult to identify all potential vulnerabilities.
It is often difficult (too expensive, too limiting) to implement all counter-measures that are considered necessary: in
most cases, the owner must assess the practical trade-off between his estimate of the seriousness of a risk and the cost
of implementation of countermeasures.
The installation of all countermeasures deemed necessary increases the complexity of the original IS. Indeed, this new
system, resulting from the addition of counter-measures to the initial system, should be re-evaluated. The trade-offs
accepted by the owner introduce residual risks, which, over time, often result in new vulnerabilities.
The resulting implemented set of counter-measures is usually insufficient, partly because of the ignorance of
certain vulnerabilities due to the complexity of the interactions between the asset and its environment, and partly
because of the applied risk evaluation methodology, typically linked to probabilistic models.
There is no sufficient model, because an attacker uses his intelligence to find vulnerabilities.
 Trust and subjectivity in security

There are two important aspects inherent to any security:

The first aspect is the notion of trust: It is quite clear that trust in any player in the studied environment removes the
need for security.
The second important aspect is subjectivity: the same asset in the same environment, the risk assessment of different
owners can produce radically different results. It not only depends on the presumed trust (based for example on
knowledge and experience of the owner), but also on the investment and the position of the owner in relation to the
object (goals, interests, anticipated usage).
Subjectivity and trust must be evaluated in the context of the targeted environment.
By definition, the subjectivity does not raise any fundamental problems regarding security assessment if the asset is
isolated from the outside world
The digital assets of different owners are treated by different IT systems belonging to various owners; it is often
normal that during its treatment an asset traverses dozens of systems providing different services.
There is a natural interdependence between subjectivity and trust.
An evaluation of counter-measures usually only makes sense within the scope of a given security policy.
 Threat models in telecommunications systems

Threat models first describe the system, all actors in this system and their position in the system (for example, link,
node). Then, the threat model introduces an attacker in the system and demonstrates the attacker's capacities, i.e.
topological position in the system, resources, possible access, etc.
 Threat models in telecommunications systems

The emergence of such a third party increases the complexity of the system, introduces new interfaces and
vulnerabilities and may require a more complicated trust chain.
— Alice and Bob trust each other in the sense of the intended communications, and they both trust the used
telecommunications system to correctly provide the services (private network).
— Alice and Bob trust each other, but do not trust the crossed infrastructure (public network).
— Alice and Bob trust the telecommunications infrastructure but do not trust one another; they will use the
infrastructure as a trusted third party (TTP) to establish a new trust relationship.
 Threat models in telecommunications systems

A terminal with a connection interface to a telecommunications system is a more open entity and is thus more
vulnerable.
Attacker can attack the communication channel linking Alice to the telecommunications system. This attack may
be non-intrusive (reading the exchanged data) or intrusive (modification of exchanged data, injection of data,
replay of old data).
A wireless channel is potentially more vulnerable against passive listening by a third person than a network cable,
which normally at least requires physical access to the medium.
Attacker may try to masquerade as a legitimate part of the infrastructure to attract Alice (or Bob) to use its
services. These forms of access can allow Eve to collect information on communications between Alice and Bob
and to manipulate the data flow between the two.
The intrusion into the infrastructure permits to mount "man in the middle" attacks.

An attacker typically uses a combination of targeted and destructive attacks to achieve their goals.
 Homogenity vs. heterogenity

The heterogenity of information systems is a major obstacle to the deployment of consistent security policies.
The implementation of security mechanisms in a heterogenous environment is naturally more difficult.
For instance on various links and connections, on different pieces of equipment with different properties, capabilities,
vulnerabilities and of varying usage.
Assuming that the probability of presence of vulnerabilities in a realization of a function is constant, the heterogenity
increases the chances of an attacker finding the vulnerability by multiplying the number of different realizations.
In addition, the management of a heterogenous infrastructure is also more complicated, and contributes considerably
to the complexity of the IS in practice, which in turn introduces new vulnerabilities.
Heterogenity is seen as an important vulnerability of an information system: heterogenous IS are more difficult to
protect but easier to attack.
Homogenity at a global scale is a major vulnerability, because it globally exposes any vulnerability. The exploitation
of these vulnerabilities becomes almost certain, but in particular, the search for such vulnerabilities becomes a highly
attractive task.
 The Internet and security

In a system like the Internet, interconnected, standard, open and managed by different authorities (typically by large
operators) under different law systems, attacks are normal. They are different in nature (malicious, failures, oversights,
bad configurations, etc.) and represent different implications, roles and judgments of players with regard to the
targeted resource.