Boundary Control

Chapter 10

Materi:
Boundary controls:

Cryptographic controls
Access controls
Personal identification numbers
Digital signatures
Plastic cards
Audit trail controls
Existence controls
2

Introduction
The

boundary subsystem establishes the

interface between the would -be user of a
computer system and the computer system
itself

Controls in the boundary subsystem have three

purpose:
(a)To establish the identity and authenticity of would
be users
(b) To establish the identity and authenticity of
computer system resources that users wish to
employ
To restrict the action undertaken by users who
obtain computer resources to an authorized set

Cryptographic controls
Cryptographic

controls are used extensively

throughout the boundary subsystem.
Cryptographic controls the privacy of data
an d prevent unauthorized modification of
data . They achieve this goal by scrambling
data so it is not meaningful to anyone who
does not have the means to unscramble it
5

Cryptographic controls

There are three classes of techniques used to transform

cleartext data into ciphertext data: (a) transposition
ciphers, (b) substitution ciphers, and product ciphers.
Most modern cryptographic systems use a product cipher
because it is the most difficult to break (it has the highest
work factor) The US National Bureau of Standards Data
Encryption Standard (DES) uses a product cipher

Cryptographic controls (Continued)

A major disadvantage of conventional parties who wish to

exchange information must share a private, secret key. To
overcome this disadvantage , public key cryptosystems
have been develop . Public key cryptosystems use two
different keys to encrypt data and to decrypt data. One key
can be made public, and the other key is kept private

Cryptographic controls (Continued)

From an audit perspective, the most important aspect of

cryptosystems is often the way in which cryptographic
keys are managed. Cryptographic key management must
address three functions (a) how key will be generated; (b)
how they will be distributed to users, and how they will
be installed in cryptographic facilities

Access Controls

Access controls restrict use of computer system resources

to authorized users, limit the actios users can undertake
with respect to those resources , and ensure that users
obtainonly authentic computer resources. They perform
these functions in three steps: (a) they authenticate users
who identify themselvess to the system; (b) they
authenticate the resources requested by the user; and
they confine users action to those that have been
authorized

Access Controls (Continued)

Users can provide three classes of authentication

information to an access control mechanism: (a)
remembered information (e.g. passwords); (b) possessed
object (e.g. plastic card); and personal characteristics
(e.g. fingerprints). Remembered information is the most
commonly used form of authentication Information. Its
major limitation is that it can be forgotten. As a result,
users employ strategies to help them remember the
compromised (e.g. they write down a password)

10

Access Controls (Continued)

Users employ four types of resources in a computer

system: hardware, software, commodities (e.g. processor
time), and data. The most complex actions they take (and
the most difficult to control) relate to data resources

11

Access Controls

An access control mechanism can be used to enforce two

types of access control policy. Under a discretionary
access control policy, users can specify to the access
control mechanism who can access their resources. Under
a mandatory access control policy, both users and
resources are assigned fixed security attributes. Mandatory
access control policies are easier to enforce but they are
less flexible

12

Access Controls (Continued)

Discretionary access control policies can be implemented

via a ticket oriented approach or a list oriented. With a
ticket oriented approach (or capability approach), the
access control mechanism store information about users
and the resources they are permitted to access. With a list
oriented approach, the access control mechanism store
information about each resources and the users who can
access each resources.

13

Access Controls (Continued)

Access control should enforce the principle of least

privilege; Users should be assigned only the minimum set
of resources and action privileges that they need to
accomplish their work

14

Personal Identification Numbers

(PINs)

Personal Identification Numbers (PINs) are a form of

remembered information used to authenticate user of
electronic funds transfer systems. Controls need to be in
place and working to reduce exposures to an acceptable
level at several phases in the life cycle of PINs: (a)
generation of the PIN; (b) issuance and delivery of the PIN
to users; validation of the PIN upon entry at a terminal
device (e.g. an automatic teller machine); (d) tranmission
of the PIN across communication lines;

15

Personal Identification Numbers

Continued

(e) processing the PIN; (f) storage of the PIN; (g) change
of the PIN; (h) replacement of the PIN; and (I)termination
of the PIN

16

Digital Signature

A digital signature is a string of 0s and 1s used to

authenticate a user. It is the equivalent of the analog
signature that humans to sign documents. Unlike analog
signatures, however, digital signatures should be
impossible to forge

17

Digital Signature (Continued)

The most common way to implement digital signatures is

via public key cryptosystems. The sender of a message
signs the message with their private key, and receivers of
the message verify the signature by decrypting the
message ausing the senders public key

18

Digital Signature (Continued)

Sometimes arbitrators must be used with digital signature

systems to prevent the sender of a message reneging or
disavowing the message. The arbitrator acts as an
intermediary between the sender and the receiver. In
essence, the arbitrator is a witness to the contract between
the sender and the receiver

19

Plastic Card

Plastic Card are primarily a means of identifying

individuals who wish to use a computer system. Control
need to be in place and working to reduce exposures to an
acceptable level at a number of phases in the life cycle of
plastic cards: (a) application by the user for a card; (b)
preparation of the card; issue of the card; (d) return of
the card; and (e) destruction of the card

20

Audit Trail Control

Accounting Audit Trail:

1. Identify of the would be user of the system
2. Authentication information supplied
3. Resources requested
4. Action privileges requested
5. Terminal identifier
6. Start and finish time
7. Number of sign on attempts

21

Audit Trail Control (Continued)

8. Resources provided/denied; and

9. Action privileges allowed/denied

OperationAudit Trail

22

Existence Control

Existence controls in the boundary subsytems are usually

straightforward. If the subsystem fails, existence controls
usually do not attempt to restore the subsystem to the point
of failure. Instead, the user is simply asked to undertake
sign on procedure again

23

Tugas Mahasiswa
Tugas
Mahasiswa

mengumpulkan hasil
diskusi atas kasus yang diberikan
dosen.

24