Professional Documents
Culture Documents
3.1 Introduction
Authentication and non-repudiation are tools that system designers can use to
maintain system security with respect to confidentiality, integrity, and availability
(called CIA triad). Understanding each of these six concepts and how they relate to one
another helps security professionals design and implement secure systems. Each
component is critical to overall security, with the failure of any one component
resulting in potential system compromise.
There are three key concepts, known as the CIA triad, which anyone who protects
an information system must understand: confidentiality, integrity, and availability.
Information security professionals are dedicated to ensuring the protection of these
principals for each system they protect. Additionally, there are three key concepts that
security professionals must understand to enforce the CIA principles properly:
authentication, authorization, and nonrepudiation. In this section, we explain each of
these concepts and how they relate to each other in the digital security realm.
Physical threats, such as simple theft, also threaten confidentiality. The consequences
of a breach of confidentiality vary depending on the sensitivity of the protected data.
A breach in credit card numbers, as in the case of the Payment Systems processing
system, could result in lawsuits with payouts well into the millions of dollars.
ii) Integrity
- Is the quality of an IS (Information System) reflecting the logical correctness and
reliability of the operating system; the logical completeness of the hardware and
software implementing the protection mechanisms; and the consistency of the
data structures and occurrence of the stored data. Note that, in a formal security
mode, integrity is interpreted more narrowly to mean protection against
unauthorized modification or destruction of information.
2
when a user has read-to-write access to particular data, but a software vulnerability
might make it possible to circumvent that control. For example, an attacker can exploit
a Structured Query Language (SQL) injection vulnerability to extract, alter, or add
information to a database.
Disrupting the integrity of data at rest or in a message in transit can have serious
consequences. If it were possible to modify a funds transfer message passing between
a user and his or her online banking website, an attacker could use that privilege to
his or her advantage. The attacker could hijack the transfer and steal the transferred
funds by altering the account number of the recipient of the funds listed in the
message to the attacker’s own bank account number. Ensuring the integrity of this
type of message is vital to any secure system.
iii) Authentication
Authentication is a security measure designed to establish the validity of a
transmission, message, or originator, or a means of verifying an individual’s
authorization to receive specific categories of information. Authentication is
important to any secure system, as it is the key to verifying the source of a message or
that an individual is whom he or she claims.
There are four general means of authenticating a user’s identity, which can be used
alone or in combination:
FACTOR EXAMPLES
Something You Information the system assumes others do not know; this
Know information may be
secret, like a password or PIN code, or simply a piece of
information that most people do not know, such as a user’s
mother’s maiden name (or answers to a prearranged set of
questions).
Something You Something the user possesses that only he or she holds;
Have or cryptographic keys, a Radio Frequency ID (RFID) badge,
possesses electronic keycards, smart cards One-Time-Password (OTP)
generating Token, or a physical key
Something You A person’s fingerprint, voice print, or retinal scan—factors
Are (static known as biometrics
biometrics)
• Something You Recognition by voice pattern, handwriting characteristics, and
do (dynamic typing rhythm.
biometrics)
3
All of these methods, properly implemented and used, can provide secure user
authentication. However, each method has problems.
- An adversary may be able to guess or steal a password.
- Similarly, an adversary may be able to forge or steal a token.
- A user may forget a password or lose a token. Furthermore, there is a significant
administrative overhead for managing password and token information on
systems and securing such information on systems.
- With respect to biometric authenticators, there are a variety of problems,
including: dealing with false positives and false negatives, user acceptance,
cost, and convenience.
- For network-based user authentication, the most important methods involve
cryptographic keys and something the individual knows, such as a password.
iv) Availability
- Is the timely, reliable access to data and information services for authorized users.
Availability assures that systems work promptly and service is not denied to
authorized users.
Information systems (hence Cyberspace) must be accessible to users for these systems
to provide any value. If a system is down or responding too slowly, it cannot provide
the service it should. Attacks on availability are somewhat different from those on
integrity and confidentiality. The best-known attack on availability is a denial of
service (DoS) attack.
A DoS can come in many forms, but each form disrupts a system in a way that
prevents legitimate users from accessing it:
- One form of DoS is resource exhaustion, whereby an attacker overloads a
system to the point that it no longer responds to legitimate requests. The
resources in question may be memory, central processing unit (CPU) time,
network bandwidth, and/or any other component that an attacker can
influence. One example of a DoS attack is network flooding, during which the
attacker sends so much network traffic to the targeted system that the traffic
saturates the network and no legitimate request can get through.
Understanding the components of the CIA triad and the concepts behind how to
protect these principals is important for every security professional. Each component
acts like a pillar that holds up the security of a system. If an attacker breaches any of
the pillars, the security of the system will fall. Authentication, authorization, and
nonrepudiation are tools that system designers can use to maintain these pillars.
Understanding how all of these concepts interact with each other is necessary to use
them effectively.
v) Non-repudiation
- Is assurance the sender of data is provided with proof of delivery and the recipient
is provided with proof of the sender’s identity, so neither can later deny having
processed the data.
4
Non-repudiation provides protection against denial by one of the entities involved in
a communication of having participated in all or part of the communication.
Two types of Non-repudiation are:
- Non-repudiation, Origin – Proof that the message was sent by the specified
party.
- Non-repudiation, Destination – Proof that the message was received by the
specified party.
Imagine a scenario wherein Alice is purchasing a car from Bob and signs a contract
stating that she will pay $20,000 for the car and will take ownership of it on Thursday.
If Alice later decides not to buy the car, she might claim that someone forged her
signature and that she is not responsible for the contract. To refute her claim, Bob
could show that a notary public verified Alice’s identity and stamped the document
to indicate this verification. In this case, the notary’s stamp has given the contract the
property of non-repudiation.
5
Origin Non-repudiation of origin is a combination of approval and sending.
Receipt Non-repudiation of receipt provides proof that the recipient received the
message.
There is also a difference between the legal concept of non-repudiation and non-
repudiation as an information security/cryptographic concept.
In the legal sense, an alleged signatory to a paper document is always able to repudiate
a signature that has been attributed to him or her by claiming any one of the following:
- Signature is forged
- Signature is a result of fraud by a third party
- Signature was unconscionable conduct by a party to transaction
- Signature was obtained using undue influence by a third party
In the information security context, one should keep in mind that the cryptographic
concept of non-repudiation may, and often does, differ from its legal counterpart.
Moreover, in some countries there is a trend of moving the burden of proof from the
party relying on the signature (which is applicable to regular on-paper signatures) to
the alleged signatory party, who would have to prove that he or she did not sign
something. Chapter 11 of this book looks at cryptography in more detail.
6
be assigned a low confidentiality rating or indeed no rating. This information is
typically freely available to the public and published on a TUM’s Web site.
Availability The more critical a component or service, the higher is the level of
availability required. Consider a system that provides authentication services for
critical systems, applications, and devices. An interruption of service results in the
inability for customers to access computing resources and staff to access the resources
they need to perform critical tasks. The loss of the service translates into a large
financial loss in lost employee productivity and potential customer loss.
An example of an asset that would typically be rated as having a moderate availability
requirement is a public Web site for a university; the Web site provides information
for current and prospective students and donors. Such a site is not a critical component
of the university’s information system, but its unavailability will cause some
embarrassment.
An online telephone directory lookup application would be classified as a low
availability requirement. Although the temporary loss of the application may be an
annoyance, there are other ways to access the information, such as a hardcopy
directory or the operator.
7
• Govern: Identifying and managing security risks.
• Protect: Implementing security controls to reduce security risks.
• Detect: Detecting and understanding cyber security events.
• Respond: Responding to and recovering from cyber security incidents.