1 boundary control chapter 10. 2 materi: boundary controls: cryptographic controls access controls...
TRANSCRIPT
1
Boundary ControlBoundary Control
Chapter 10
2
Materi:Materi:Boundary controls:Boundary controls:
Cryptographic controls Access controls Personal identification numbers Digital signatures Plastic cards Audit trail controls Existence controls
3
IntroductionIntroduction
The boundary subsystem establishes the interface between the would -be user of a computer system and the computer system itself
4
Controls in the boundary subsystem have three Controls in the boundary subsystem have three purpose:purpose:
(a)To establish the identity and authenticity of would be users
(b) To establish the identity and authenticity of computer system resources that users wish to employ
© To restrict the action undertaken by users who obtain computer resources to an authorized set
5
Cryptographic controlsCryptographic controls
Cryptographic controls are used extensively throughout the boundary subsystem. Cryptographic controls the privacy of data an d prevent unauthorized modification of data . They achieve this goal by scrambling data so it is not meaningful to anyone who does not have the means to unscramble it
6
Cryptographic controlsCryptographic controls
There are three classes of techniques used to transform cleartext data into ciphertext data: (a) transposition ciphers, (b) substitution ciphers, and © product ciphers. Most modern cryptographic systems use a product cipher because it is the most difficult to break (it has the highest work factor) The US National Bureau of Standards’ Data Encryption Standard (DES) uses a product cipher
7
Cryptographic controls (Continued)Cryptographic controls (Continued)
A major disadvantage of conventional parties who wish to exchange information must share a private, secret key. To overcome this disadvantage , public key cryptosystems have been develop . Public key cryptosystems use two different keys to encrypt data and to decrypt data. One key can be made public, and the other key is kept private
8
Cryptographic controls (Continued)Cryptographic controls (Continued)
From an audit perspective, the most important aspect of cryptosystems is often the way in which cryptographic keys are managed. Cryptographic key management must address three functions (a) how key will be generated; (b) how they will be distributed to users, and © how they will be installed in cryptographic facilities
9
Access ControlsAccess Controls
Access controls restrict use of computer system resources to authorized users, limit the actios users can undertake with respect to those resources , and ensure that users obtainonly authentic computer resources. They perform these functions in three steps: (a) they authenticate users who identify themselvess to the system; (b) they authenticate the resources requested by the user; and © they confine users’ action to those that have been authorized
10
Access Controls (Continued)Access Controls (Continued)
Users can provide three classes of authentication information to an access control mechanism: (a) remembered information (e.g. passwords); (b) possessed object (e.g. plastic card); and © personal characteristics (e.g. fingerprints). Remembered information is the most commonly used form of authentication Information. Its major limitation is that it can be forgotten. As a result, users employ strategies to help them remember the compromised (e.g. they write down a password)
11
Access Controls (Continued)Access Controls (Continued)
Users employ four types of resources in a computer system: hardware, software, commodities (e.g. processor time), and data. The most complex actions they take (and the most difficult to control) relate to data resources
12
Access ControlsAccess Controls
An access control mechanism can be used to enforce two types of access control policy. Under a discretionary access control policy, users can specify to the access control mechanism who can access their resources. Under a mandatory access control policy, both users and resources are assigned fixed security attributes. Mandatory access control policies are easier to enforce but they are less flexible
13
Access Controls (Continued)Access Controls (Continued)
Discretionary access control policies can be implemented via a ticket oriented approach or a list oriented. With a ticket oriented approach (or capability approach), the access control mechanism store information about users and the resources they are permitted to access. With a list oriented approach, the access control mechanism store information about each resources and the users who can access each resources.
14
Access Controls (Continued)Access Controls (Continued)
Access control should enforce the principle of least privilege; Users should be assigned only the minimum set of resources and action privileges that they need to accomplish their work
15
Personal Identification Numbers Personal Identification Numbers (PINs)(PINs)
Personal Identification Numbers (PINs) are a form of remembered information used to authenticate user of electronic funds transfer systems. Controls need to be in place and working to reduce exposures to an acceptable level at several phases in the life cycle of PINs: (a) generation of the PIN; (b) issuance and delivery of the PIN to users; © validation of the PIN upon entry at a terminal device (e.g. an automatic teller machine); (d) tranmission of the PIN across communication lines;
16
Personal Identification Numbers Personal Identification Numbers ContinuedContinued
(e) processing the PIN; (f) storage of the PIN; (g) change of the PIN; (h) replacement of the PIN; and (I)termination of the PIN
17
Digital SignatureDigital Signature
A digital signature is a string of 0s and 1s used to authenticate a user. It is the equivalent of the analog signature that humans to sign documents. Unlike analog signatures, however, digital signatures should be impossible to forge
18
Digital Signature (Continued)Digital Signature (Continued)
The most common way to implement digital signatures is via public key cryptosystems. The sender of a message signs the message with their private key, and receivers of the message verify the signature by decrypting the message ausing the sender’s public key
19
Digital Signature (Continued)Digital Signature (Continued)
Sometimes arbitrators must be used with digital signature systems to prevent the sender of a message reneging or disavowing the message. The arbitrator acts as an intermediary between the sender and the receiver. In essence, the arbitrator is a witness to the contract between the sender and the receiver
20
Plastic CardPlastic Card
Plastic Card are primarily a means of identifying individuals who wish to use a computer system. Control need to be in place and working to reduce exposures to an acceptable level at a number of phases in the life cycle of plastic cards: (a) application by the user for a card; (b) preparation of the card; © issue of the card; (d) return of the card; and (e) destruction of the card
21
Audit Trail ControlAudit Trail Control
Accounting Audit Trail: 1. Identify of the would be user of the system 2. Authentication information supplied 3. Resources requested 4. Action privileges requested 5. Terminal identifier 6. Start and finish time 7. Number of sign –on attempts
22
Audit Trail Control (Continued)Audit Trail Control (Continued)
8. Resources provided/denied; and 9. Action privileges allowed/denied
OperationAudit Trail
23
Existence ControlExistence Control
Existence controls in the boundary subsytems are usually straightforward. If the subsystem fails, existence controls usually do not attempt to restore the subsystem to the point of failure. Instead, the user is simply asked to undertake sign on procedure again
24
Tugas MTugas Mahasiswaahasiswa
TugasMahasiswa mengumpulkan hasil diskusi
atas kasus yang diberikan dosen.