Elements of Security
- assets,
- threats,
- vulnerabilities,
- impact,
- risk,
- safeguards,
- residual risk,
- constraints.
Assets
Everything that has a value
- Information and Data,
- Hardware,
- Software,
- other Equipment,
- documents,
- services,
- “trust” in services,
- personell,
- A organization’s image
Threats
Everything that potentially harms Assets
- errors,
- faults,
- misuse and theft,
- malicious code,
- hacking,
- sabotage,
- espionage,…
Vulnerabilities
“Vulnerabilities are weaknesses which allow a threat to occur”
(Vulns do not neccesarily cause damage)
- Insecure Communication
- Poorly trained staff
- trivial passwords
- poor access control
- lack of back-ups
safeguards
Means to reduce threats or vulnerabilities
Example: Access Control, Encryption, training of personell,…
- ETSI Baseline Security Standard
- NIST Computer Security Handbook
- ISO TC 68 Banking and Related Financial Services - Information Security Guidelines
Risks
Risk is a Function of
- Assets
- Threats
- Vulnerabilities
- Safeguards
There always remains a residual Risk
Relations
Confidentiality
- No unauthorized access to Information
- sometimes security and confidentiality are use as synonyms
Integrity
- No unauthorized modification of information/resources
- Everything is as it is supposed to be
Availability
No unauthorized denial of access to information / resources
denial of service
prevention of authorised access of resources or the delaying of time-critical operations
⇒ hard to prevent in real life
Privacy and Secrecy
- protection of personal data
- protection of data belonging to an organisation
property
- property is any attribute that can be quantitatively evaluated
- tempurature, pressur, velocity are properties
state
- state of an object is its condition described by a list of properties
- temperature and pressure may describe the state of a gas
integrity property or state
- integrity is a property (of data, of a system)
- data integrity is a specific state of data that is verifiable
integrity a detective or preventative mechanism?
Integrity services are classified according to the following criteria
type of protection they support
- prevention of integrity compromise
- detection of integrity compromise
data integrity mechanisms can be detective or preventative
- most well known mechanisms are detective (e.g. MAC, Digital Siganture)
Security Evaluation
“Security evaluation checks whether a product delivers a promised security service. ”
- A high level of Assurance-Level implies an inspection of a system at a very detailed level.
- Complex systems and a high levels of assurance tend to me mutually exclusive
Security Policy
Specification of Security Properties of a System
- define goals that can be reached with security measures
- often written down in Natural language
- should be aligned with the real world they refer to
E.g. two employees are needed to open the safe with confidential documents, only possible between 9 and 4
→ An electronic System might enforce an equivalent policy
Data origin authentication
- Data origin authentication is the assurance that a given entity was the original source of received data
- Data integrity is the assurance that data has not been altered in an unauthorised (which includes accidental) manner.
Difference DOA from Integrity
- Data origin authentication is the assurance that a given entity was the original source of received data.
- Data integrity is the assurance that data has not been altered in an unauthorised (which includes accidental) manner.
Different from Integrity, see the following relation:
- “Data origin authentication is a stronger notion than data integrity”
- “Confidentiality does not imply data origin authentication”
- “Confidentiality does not imply data integrity
Dual of integrity difference from “no integrity”
Contingency
Contingency describes the verifiable state that the data’s integrity is intended to be unknown. Data in that state is said to be contingent.
- Contingency is a verifiable property explicitly established by the applied protection mechanism and not an accidental state.
- Allows an entity to repudiate the data, but not its creation
- Data origin authentication is required for “intend” to be meaningful
Non-Repudiation - Differences and Relations
- … assurance that entity cannot deny a previous commitment or action
- … assurance that original source of some data cannot deny to a third party that this is the case
Diffrence DOA
- “Data origin authenticationis theassurancethata given entity was theoriginal source of received data.”
- “Non-repudiation of a source is a stronger notion than data origin authentication”
Entity Authentication - Difference and Relations
… is the assurance that a given entity is involved and currently active in a communication session
DIfference to DOA:
- “Data origin authenticationon its own is only concerned with the origin of data, not whether the sender of data is currently active.”
- “Data origin authentication plus a freshness check can provide entity authentication”
Classifying Attackers
- Class I: “Clever Outsiders”.
- Intelligent,
- has technical knowledge and simple equipment.
- Tend to use known vulnerabilities of systems
- Class II: “Knowledgeable Insiders”.
- Technical Training/Education,
- in-depth knowledge of systems,
- has access to sophisticated equipment
- Class III: “Funded Organizations”.
- Teams of specialists,
- access to relevant (Insider-) Information,
- access to dedicated euquipment and significant resources (time, money)
