Summary

This document discusses security objectives, attacks, and mechanisms. It covers topics such as confidentiality, integrity, and availability. It also touches upon security architecture and different types of attacks.

Full Transcript

IT2028 Security Attacks deliberate or inadvertent unauthorized manipulation of Security Objectives (Torra, 2018) the system. The identification of security o...

IT2028 Security Attacks deliberate or inadvertent unauthorized manipulation of Security Objectives (Torra, 2018) the system. The identification of security objectives is the first step you can Availability ensures that systems work promptly and the service take to help ensure the security of your application. is not denied to authorized users. A loss of availability is the Security objectives are goals and constraints that affect the disruption of access to or use of information or an information confidentiality, integrity, and availability of your data and system. application. Authenticity: The property of being genuine and being able to Although the use of the CIA triad to define security objectives is be verified and trusted; confidence in the validity of a well established, many in the security field feel that additional transmission, a message, or a message originator. This means concepts are needed to present a complete picture, as illustrated verifying that users are who they say they are and that each input in Figure 1. arriving at the system came from a trusted source. Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, it must be possible to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes. OSI Security Architecture (Torra, 2018) The security architecture for Open Systems Interconnection (OSI) defines a general security architecture that is useful to managers as a way of organizing the task of providing security This standardized architecture defines security requirements. Figure 1. Security Objectives The key concepts that are covered in these sections are summarized in Figures 2-3. Confidentiality: Also known as data confidentiality, this property o Security attacks are any action that compromises the means that information is not made available or disclosed to security of information owned by an organization. unauthorized individuals, entities, or processes. A loss of o Security attacks attempt to gain unauthorized access to confidentiality is the unauthorized disclosure of information. information resources or services, or cause harm or Integrity: This term covers two (2) related concepts: damage to information systems. o Data integrity ensures that data (both stored and is transmitted packets) and programs are changed only in a specified and authorized manner. A loss of data integrity is the unauthorized modification or destruction of information. o System integrity ensures that a system performs its intended function in an unimpaired manner, free from 03 Handout 1 *Property of STI  [email protected] Page 1 of 3 IT2028 unencrypted email or telephone call and intercept it for sensitive information. o Traffic analysis: In this type, an attacker monitors communication channels to collect a range of information, including human and machine identities, locations of these identities, and types of encryption used, if applicable. Passive attacks are very difficult to detect because they do not involve any alteration of the data. Figure 2. Attacks The message traffic is sent and received in a normal fashion, o Security mechanisms are technical tools and and neither the sender nor the receiver is aware that a third party techniques that are used to implement security services has read the messages or observed the traffic pattern. o A process that is designed to detect, prevent, or recover The best way to prevent a passive attack is by using strong from a security attack. network encryption methods. This means that the original o Security service is a processing or communication message should be well encrypted into an unintelligible service that enhances the security of the data language at the sender’s end and should be decoded into an processing systems, and the information transfers of an understandable language at the receiver’s end. organization. Security services are intended to counter Active Attack (Torra, 2018) security attacks, and they make use of security Active attacks involve some modification of stored or mechanisms to provide the services. transmitted data or the creation of false data. There are four categories of active attacks: replay, masquerade, modification of messages, and denial of service. o A masquerade takes place when one entity pretends to be a different entity. A masquerade attack usually includes one of the other forms of active attack. For example, authentication sequences can be captured and replayed after a valid authentication sequence has taken place, thus enabling an authorized entity with few privileges to obtain extra privileges by impersonating an entity that has those privileges. Figure 3. Services o Replay involves the passive capture of a data unit Passive Attack (Torra, 2018) and its subsequent retransmission to produce an Passive attacks are like eavesdropping or monitoring unauthorized effect. transmissions. The goal of the attacker is to obtain information o Data modification simply means that some portion that is being transmitted. Two types of passive attacks are the of a legitimate message is altered or that messages release of message contents and traffic analysis: are delayed or reordered to produce an o Release of message contents: In this type, an attacker unauthorized effect. For example, a message will monitor an unprotected communication medium like stating “Allow Kit Estrada to read confidential file, 03 Handout 1 *Property of STI  [email protected] Page 2 of 3 IT2028 Accounts” might be modified to say, “Allow Fred authentication service is to ensure the recipient that the Brown to read confidential file, Accounts.” message is from the source that it claims to be from. o A denial-of-service attack prevents or inhibits the Access control is the ability to limit and control access to normal use or management of communication host systems and applications via communications links. To facilities. Such an attack may have a specific target; achieve this, each entity trying to gain access must first be for example, an entity may suppress all messages identified or authenticated so that access rights can be directed to a particular destination (e.g., the security tailored to the individual. audit service). Another form of service denial is the Data confidentiality is the protection of transmitted data disruption of an entire network, either by disabling from passive attacks. Concerning the content of data the network or by overloading it with messages to transmission, several levels of protection can be identified. degrade performance. The broadest service protects all user data transmitted between two users over a period. For example, when a logical network connection is set up between two systems, this broad protection prevents the release of any user data transmitted over the connection. Data integrity ensures that messages are received as sent, with no duplication, insertion, modification, reordering, or replays Data integrity ensures that information is modified only in appropriate ways by persons authorized to change it. Nonrepudiation prevents either a sender or a receiver from denying a transmitted message. Thus, when a message is sent, the receiver can prove that the alleged sender sent the message. Similarly, when a message is received, the sender can prove that the alleged receiver received the message. Availability service means that a system or a system resource is accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; that is, a system is available if it provides services according to the system design whenever users request them. References: Figure 4. Types of attacks in the context of a client/server Kumar, G., Saini, DK., Huy Cuong, NH. (2020). Cyber defense mechanisms: Security, privacy, and challenges. CRC Press. interaction. Stallings, W. (2019). Information privacy engineering and privacy by design: Security Services (Torra, 2018) Understanding privacy threats, technologies, and regulations. Assison-Wesley Authentication service is concerned with ensuring that Professional. Torra, V. (2018). Data privacy: foundations, new developments, and the big data challenge. Springer International Publishing. communication is authentic. In the case of a single message, such as a warning or an alarm signal, the function of the 03 Handout 1 *Property of STI  [email protected] Page 3 of 3 IT2028 Online Privacy Data collectors collect information directly from their customers, Online Ecosystem (Stallings, 2019) audience, or other types of users of their services. Online privacy refers to privacy concerns related to user Data brokers compile large amounts of personal data from interaction with Internet services through web servers and several data collectors and other data brokers without having mobile apps. direct online contact with the individuals whose information is in Websites collect personal information explicitly through a variety the collected data. Data brokers repackage and sell the collected of means, including registration pages, user surveys, and online information to various data users, typically without the contests, application forms, and order forms permission or input of the individuals involved. Because It also collects personal information through means that are not consumers generally do not directly interact with data brokers, obvious to consumers, such as cookies and other tracking they have no means of knowing the extent and nature of the technologies. Figure 1 illustrates the many players involved in information that data brokers collect about them and share with the online collection and use of personal data. others for their financial gain. Data brokers can collect information about consumers from various public and nonpublic sources, including courthouse records, website cookies, and loyalty card programs. Typically, brokers create profiles of individuals for marketing purposes and sell them to data users. The data users category encompasses a broad range. One type of data user is a business that wants to target its advertisements and special offers. Other uses are fraud prevention and credit risk assessment. Web Security and Privacy (Stallings, 2019) The WWW is fundamentally a client/server application running over the Internet. The use of the Web presents several security challenges: o The Web is vulnerable to attacks on web servers over the Internet. o Casual and untrained (in security matters) users are common clients for web-based services. Such users are not necessarily aware of the security risks that exist and do not have the tools or knowledge to take effective countermeasures. o A web server can be exploited as a launching pad into a corporation’s or an agency’s entire computer complex. Once a web server is subverted, an attacker may be able to gain access to data and systems not part of the Web itself but connected to the server at the local site. A useful way of breaking down the issues involved is to consider Figure 1. Personal Data Ecosystem the following classification of security and privacy issues: 04 Handout 1 *Property of STI  [email protected] Page 1 of 4 IT2028 o Web server security and privacy are concerned with Figure 2 shows the following elements in the ecosystem within the vulnerabilities and threats associated with the which mobile device applications function: platform that hosts a website, including the operating o Cellular and Wi-Fi infrastructure: Modern mobile system (OS), file and database systems, and network devices are typically equipped with the capability to use traffic. cellular and Wi-Fi networks to access the Internet and to o Web application security and privacy are concerned place telephone calls. Cellular network cores also rely with web software, including any applications accessible upon authentication servers to use and store customer via the Web. authentication information. o Web browser security and privacy are concerned with o Public application stores (public app stores): Public the browser used from a client system to access a web app stores include native app stores; these are digital server. distribution services operated and developed by mobile OS vendors. For Android, the official app store is Google Mobile Ecosystem Play, and for iOS, it is simply called the App Store. These The execution of mobile applications on a mobile device may stores invest considerable effort in detecting and involve communication across several networks and interaction thwarting malware and ensuring that the apps do not with some systems owned and operated by a variety of parties. cause unwanted behavior on mobile devices. In addition, there are numerous third-party app stores. The danger with third-party stores is uncertainty about what level of trust the user or the enterprise should have that the apps are free of malware. o Device and OS vendor infrastructure: Mobile device and OS vendors host servers to provide updates and patches to the OS and apps. Other cloud-based services may be offered, such as storing user data and wiping a missing device. o Enterprise mobility management systems: Enterprise mobility management (EMM) is a general term that refers to everything involved in managing mobile devices and related components (e.g., wireless networks). EMM is much broader than just information security; it includes mobile application management, inventory management, and cost management. Although EMM is not directly classified as a security technology, it can help in deploying policies to an enterprise’s device pool and monitoring a device’s state. Figure 2. Mobile Ecosystem 04 Handout 1 *Property of STI  [email protected] Page 2 of 4 IT2028 Mobile Application Vetting evaluates additional criteria to determine if the app violates any organization-specific security requirements that could not be ascertained by the analyzers The auditor then makes a recommendation to someone in the organization who has the authority to approve or reject an app for deployment on mobile devices. If the approver approves an app, the administrator can then deploy the app on the organization’s mobile devices. Threats from Application The first step in developing privacy by design and privacy engineering solutions for online privacy is to define the threats to online privacy. These threats are divided into two (2) areas: web application privacy and mobile app privacy. Web application privacy: The Open Web Application Security Project (OWASP) top 10 privacy risks project provides a list of the top privacy risks in web applications. The goal of the project is to identify the most important technical and organizational privacy risks for web applications from the perspectives of both Figure 3. App Vetting Process the user (data subject) and the provider (data owner). The risks are: The process of evaluation and approval or rejection of apps o Web application vulnerabilities: Failing to suitable within an organization, referred to as app vetting, is illustrated in design and implement an application, detect a problem, Figure 3. The vetting process begins when an app is acquired or promptly apply a fix (patch), which is likely to result in from a public or enterprise store or submitted by an in-house or a privacy breach. Vulnerability is a key problem in any third-party developer. system that guards or operates on sensitive user data. An administrator is a member of the organization who is o User-side data leakage: Failing to prevent the leakage responsible for deploying, maintaining, and securing the of any information containing or related to user data, or organization’s mobile devices as well as ensuring that deployed the data itself, to any unauthorized party resulting in loss devices and their installed apps conform to the organization’s of data confidentiality. Leakage may be introduced due security requirements. to either intentional malicious breach or mistake (e.g., The administrator submits the app to an app testing facility in caused by insufficient access management controls, the organization that employs automated and/or human insecure storage, duplication of data, or a lack of analyzers to evaluate the security characteristics of an app, awareness). including searching for malware, identifying vulnerabilities, and o Insufficient data breach response: Not informing the assessing risks. The resulting security report and risk affected persons (data subjects) about a possible assessment are conveyed to an auditor or auditors. breach or data leak, resulting in either from intentional The role of an auditor is to inspect reports and risk assessments or unintentional events; failure to remedy the situation from one or more analyzers to ensure that an app meets the by fixing the cause; not attempting to limit the leaks. security requirements of the organization. The auditor also 04 Handout 1 *Property of STI  [email protected] Page 3 of 4 IT2028 o Insufficient deletion of personal data: Failing to o Insecure network communications: Network traffic delete personal data effectively and/or in a timely needs to be securely encrypted to prevent an adversary fashion after the termination of the specified purpose or from eavesdropping. Apps need to properly authenticate upon request. the remote server when connecting to prevent man-in- o Non-transparent policies, terms, and conditions: Not the-middle attacks and connection to malicious servers. providing sufficient information describing how data are o Web browser vulnerabilities: Adversaries can exploit processed, such as their collection, storage, and vulnerabilities in mobile device web browser processing. Failure to make this information easily applications as an entry point to gain access to a mobile accessible and understandable for non-lawyers. device. o Collection of data not required for the primary o Vulnerabilities in third-party libraries: Third-party purpose: Collecting descriptive, demographic, or any software libraries are reusable components that may be other user-related data that are not needed for the distributed freely or offered for a fee to other software system. Applies also to data for which the user did not vendors. Software development by component or provide consent. modules may be more efficient, and third-party libraries o Sharing of data with a third party: Providing user data are routinely used across the industry. However, a to a third party without obtaining the user’s consent. flawed library can introduce vulnerabilities in any app Sharing results either due to transfer or exchanging for that includes or makes use of that library. Depending on monetary compensation or otherwise due to the pervasiveness of the library, its use can potentially inappropriate use of third-party resources included in affect thousands of apps and millions of users. websites, such as widgets (e.g., maps, social networking buttons), analytics, or web bugs. o Outdated personal data: Using outdated, incorrect, or bogus user data and failing to update or correct the data. o Missing or insufficient session expiration: Failing to effectively enforce session termination. May result in the collection of additional user data without the user’s consent or awareness. o Insecure data transfer: Failing to provide data transfers over encrypted and secured channels, excluding the possibility of data leakage. Failing to enforce mechanisms that limit the leaking surface (e.g., allowing to infer any user data out of the mechanics of web application operation). Mobile app privacy: Legitimate mobile apps may be vulnerable References: to several privacy and security threats, typically due to poor Kumar, G., Saini, DK., Huy Cuong, NH. (2020). Cyber defense mechanisms: Security, coding practices used in app development or underlying privacy, and challenges. CRC Press. vulnerabilities in the mobile device operating system. Consider Stallings, W. (2019). Information privacy engineering and privacy by design: the following threats against vulnerable applications, Understanding privacy threats, technologies, and regulations. Assison-Wesley Professional. Torra, V. (2018). Data privacy: Foundations, new developments, and the encompassing both privacy and security threats: big data challenge. Springer International Publishing. 04 Handout 1 *Property of STI  [email protected] Page 4 of 4

Use Quizgecko on...
Browser
Browser