chapter-2 : computer security gscheme -- 2014 chapter-2 ... authentication and... · user name and...

Chapter-2 : Computer Security – Gscheme -- 2014

1

Chapter-2

Identification, Authentication and Operational Security

Syllabus --- 20 Marks ---- 10 Hours

Objectives: To understand role of people in security To study access control methods

To understand biometrics and network security. Contents: 2.1.User name and password, Managing passwords, choosing password.

2.2 Role of people in Security: Password selection, Piggybacking, Shoulder surfing, Dumpster diving, Installing unauthorized software/hardware, Access by Nonemployees, Security awareness, Individual User responsibilities

2.3 Access controls: Definition, principle, policies: DAC, MAC, RBAC. 2.4 Biometrics: finger prints, hand prints, Retina, patterns, voice patterns, signature

and writing patterns, keystrokes. Role of people in Security

People—A Security Problem

The operational model of computer security acknowledges that prevention

technology is not sufficient to protect our computer systems and networks. There are number of explanations for this, some of them technical, but one of the biggest reasons that prevention technologies are not sufficient is that every network and computer

system has at least one human user.

Poor Security Practices A significant portion of human-created security problems result from poor security

practices. These poor practices may be individual practices where the user is not

following established security policies or processes, or they maybe caused by a lack of security policies, procedures, or training within the user’s organization.

What is Role of People in Security

1. Password Selection

2. Piggybacking and Shoulder Surfing 3. Dumpster Diving 4. Installing un Authorized Hardware and Software

5. Access by Non Employee 6. Social Engineering

7. Reverse Social Engineering Password Selection

For many years, computer intruders have relied on users selecting poor passwords to help them gain unauthorized access to a system or network. If attackers could obtain a list of the users’ names, chances were good chance they could eventually access the

sys tem. Users pick passwords that are easy for them to remember and what easier


2

password could there be than the same sequence of characters that they use for their user ID? If a system had an account with the username of jdoe, a reasonable first guess of

the account’s password would be jdoe. If this didn’t work, then variations on the same would be tried: doej, johndoe, johnd, or eodj. All of which would be reasonable possibilities.

If variations on the username did not yield the correct password all was not lost—more information was simply needed. Users also frequently pick names of family

members, pets, or favorite sports team. If the user lived in San Antonio, TX, for example, a possible password might be

gospurs in honor of their professional basketball team. If these didn’t work, then

hobbies of the user might be tried, or the names of their favorite make or model of car, or similar pieces of information.

The key is that the user often picks something easy for them to remember, which means that the more you know about the user, the better your chance of discovering their password.

In an attempt to complicate the attacker’s job organizations have encouraged their users to mix upper- and lowercase characters and to include numbers and special characters in their password.

While this does make it harder, the basic problem still re mains: users will pick something that is easy for them to remember. Thus, our user in San Antonio may

select the password GO* Spurs, capitalizing two of the letters, inserting a special character, and substituting the number zero for the letter 0.

This has made the password harder to crack, but there are a finite number of

variations on the basic gospurs password so, while the attacker’s job has been made more difficult, it is still possible to guess the password.

Password Selection Policies Organizations have also instituted additional policies and rules relating to password

selection to further complicate an attacker’s efforts.

Organizations, for example, may require users to frequently change their

password. This means that if an attacker is able to guess a password, it is only valid for a limited period of time before a new password is selected and the attacker is locked out.

All is not lost for the attacker, however, since as we mentioned before, users will select passwords they can remember. For example, password changes often result

in a new password that simply incorporates a number at the end of the old one. Thus, our San Antonio user might select GO*spurs1 as the new password and if

so, the benefit in forcing password changes on a periodic, or even frequent, basis has been totally lost. It is a good bet that the next password chosen will be Grspurs2, followed by GO*Spurs3, and so forth.

Another policy or rule governing password selection often adopted by organizations is that passwords should not be written down. This, of course, is

difficult to enforce and thus users will frequently write them down, often as a result of what we can refer to as the password dilemma.

The more difficult we make it for attackers to guess our passwords, and the more frequently we force password changes, the more difficult the passwords are

for authorized users to remember and the more likely they are to write them down.


3

Writing them down and pulling them in a secure place is one thing, but all too often users will write them on a slip of paper and keep them in their calendar,

wallet, or purse. Most security consultants generally agree that if they are given physical access to an office they will be able to find a password somewhere—the top drawer of a desk, inside of a desk calendar, attached to the underside of the

keyboard, or even simply on a yellow ―stickie‖ attached to the monitor.

With the proliferation(is always a great word to know) of computers, networks, and

users, the password dilemma(A difficult situation or problem) has gotten worse. Today, the avenge Internet user probably has at least a half dozen different

accounts and passwords to remember.

Selecting a different password for each account, following the guidelines

mentioned previously regarding character selection and frequency of changes, only aggravates the problem of remembering the passwords. This results in users all too frequently using the same password for all accounts. If a user does this, and

then one of the accounts is broken, all other accounts are subsequently also vulnerable to attack.

As a final comment good password selection and the protection of passwords

also applies to another common feature of today’s electronic world.

Most people have at least one Personal Identification Number (PIN) associated with

things such as their automated teller machine, or a security code to gain physical access to a room.

Again, users will invariably select numbers that are easy to remember, Specific numbers, such as the individual’s birth year, or their spouse’s birth year, or the-

date of some other significant event are all common numbers to select.

Other people will pick patterns that are easy to remember—2580, for example,

uses all of the center numbers on a standard numeric pad on a telephone. Attackers know this, and guessing PINs follows the same sort of process that

guessing a password does. Piggybacking and Shoulder Surfing

People are often in a hurry and will frequently not follow good physical security practices and procedures. Attackers know this and may attempt to exploit this

characteristic in human behavior, Piggybacking is the simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building. An attacker can thus gain access to the facility without having to

know the access code or having to acquire an access card. Shoulder surfing is a similar procedure in which attackers position themselves in

such away as -to be-able to observe the authorized user entering the correct access

code. Both of these attack techniques can be easily countered by using simple procedures to ensure nobody follows you too closely or is in a position to observe your

actions. Dumpster Diving

Attackers need a certain amount of information before launching their attack. One common place to find this information, if the attacker is in the vicinity of the target, is to

go through the target’s trash in order to find little bits of information that could be useful. This process of going through a target’s trash is known in the computer community as dumpster diving.


4

If the attackers are very lucky, and the target’s security procedures are very poor, they may actually find user IDs and passwords. Users sometimes write their password down. If, when the password is changed, they discard the paper the old password was

written on without shredding it, the lucky dumpster diver can gain a valuable clue. Even if the attacker isn’t lucky enough to obtain a password directly, employee

names will undoubtedly be found and from that it’s not hard to determine user IDs.

Manuals from hardware or software that have been purchased may also provide clues as -to what vulnerabilities exist on the target’s computer systems and networks.

The attacker may gather a variety of information which can be useful in a social engineering attack. With the cost of shredders being so small today, there is no excuse for not properly disposing of trash, no matter how small the organization.

Installing Unauthorized Hardware and Software

Organizations should have-a policy that restricts the ability of normal users to install software and new hardware on their systems. A common example is communication software and a modem used to allow an individual to connect to their

machine at work via a modem from their home. In this example, the user that does this sets up a backdoor into the network

which can be used to circumvent all of the other security mechanisms in place.

Backdoors are avenues that can be used to access a system while circumventing normal security mechanisms.

Another common example of software that users often install on their systems is games. Unfortunately, not all games come in shrink-wrapped packages. Numerous small games can be downloaded from the Internet.

The problem with this is that users don’t always know where the software originally came from and what may be hidden inside it. Many individuals have

unwittingly installed what seemed to be an innocuous game, only to have downloaded a piece of malicious code capable of many things, including opening a backdoor that allows attackers to connect to, and control, the system from across the Internet.

Because of these potential hazards, many organizations do not allow their users to load software or install new hardware without the -knowledge and assistance of administrators. Many also re strict what individuals can do via received e-mails. Ibis

helps prevent users froth, say, unwillingly executing a hostile program that was sent as part of a worm or virus. Consequently, many organizations have their mail servers strip

off executable attachments to e-mail so users can’t accidentally cause a security problem.

Access by Non-Employees If an attacker can gain physical access to a facility; chances are very good that

enough information can be obtained to penetrate computer systems and networks. Many

organizations require employees to wear identification badges when at work. This is an easy method to quickly spot who has permission to have physical access to the

organization and who does not. While this method is easy to implement and can be a significant deterrent to

unauthorized individuals, it also requires that employees actively challenge individuals

who are not wearing the required identification badge. This is one area where organizations fail.

Combine an attacker who slips in by piggybacking off of an authorized individual and an environment where employees have not been encouraged to challenge


5

individuals without appropriate credentials and you have a situation where you might as well not have any badges in the first place.

Organizations also frequently become complacent when faced with what appears

to be a legitimate reason to access the facility, such as when an individual shows up with a warm pizza claiming it was ordered by an employee.

It has often been stated by security consultants that it is amazing what yell can

obtain access to with a pizza box or a vase of flowers. If the organization doesn’t enforce good password policies, a casual stroll through an office may yield passwords or other

important information. Another aspect that must be considered is personnel who have

legitimate(Conforming to the law or to rules) access to a facility but may not have the

same regard for the intellectual property rights bf the organization that their coworkers do.

Physical access provides an easy opportunity for individuals to look for the occasional piece of critical information carelessly left out. With the proliferation of devices such as cell phones with built-in cameras, an individual could easily photograph

information without it being obvious to employees. Contractors, consultants, and partners frequently not on have physical access to

the facility but may also have network access. Other individuals that typically have

unrestricted access to the facility when no one is around are nighttime custodial crew members and security guards. Such positions are often contracted out. As a result,

hackers have been known to take temporary custodial jobs simply to gain access to facilities.

Social Engineering Social engineering is a technique in which the attacker uses various deceptive

(Giving an appearance or impression different from the true one; misleading) practices to obtain information they would normally not be privileged to, or to convince the target of the attack to do something they normally wouldn’t.

Social engineering is very successful because of two general reasons. Reason No -1

The basic desire by many to be helpful. When somebody asks a question for which

we know the answer, our normal response is not to be suspicious but rather to answer the question. The problem with this is that seemingly innocuous information can be

used either directly in an attack or to build, a bigger picture that can be used to create an aura of authenticity for the attacker.

The more information an individual has about an organization, the easier it will be

to convince others that he is part of the company and has a right to even sensitive information. This type of reasoning can be further broken down into one of three categories.

The attacker may simply ask a question hoping to immediately- obtain the desired information. For the most basic of information that is not considered sensitive,

this generally will work. An example of this might be to call and ask who the IT manager is. If the attacker’s desired information might be even slightly sensitive in nature, and possibly arouse suspicion then another technique may be tried.

The attacker may first attempt to engage the target in conversation and try to evoke sympathy so the target feels sorry for the individual and may more freely

release the information. An example might be an attacker who calls and claims to be under some deadline from a supervisor who is upset for some reason.


6

The target, feeling sorry for a fellow worker, may give up the information thinking that by doing so they are helping the attacker keep out of trouble. The attacker may also try another approach, appealing to the individual’s ego. An example might be

an individual who calls the IT department, claiming to have some sort of problem, and praising them for work they supposedly did to help another worker.

After having somebody tell you how great you are and how much you helped

somebody else, you will often be tempted to supply the same level of help to another individual.

Reason No -2

Social engineering is successful is that individuals will normally seek to avoid

confrontation and trouble, lithe attacker attempts to intimidate the target, threatening to call the targets supervisor because of a lack of help, the target may give in and provide

the information to avoid confrontation. This variation on the attack is often successful in organizations that have a strict hierarchical structure.

In the military, for example, a lower ranking individual may be coerced into

providing information from an individual claiming to be of higher rank or who claims to be working for another individual higher up in the chain of command.

A variation on social engineering uses means other than direct contact between

the target and the attacker. An example of this type of attack might be a forged electronic mail or a bogus web site to obtain information from an individual or convince

the individual to accomplish some action. Again, the goal in social engineering is to convince the target to provide

information or accomplish some act that they normally would not do. An example

of a slightly different attack that is generally still considered a social engineering attack is an attacker who replaces the blank deposit slips in a bank’s lobby with ones

containing his or her own account number but no name. When an unsuspecting customer uses one of the slips, a teller who is not observant may end up crediting the attacker’s account with the deposit.

Social engineering has been discussed in the context of an outsider attempting to gain information about the organization. This does not have to be the case. Insiders may also attempt to gain information they are not authorized to have. In many cases, the

insider may be much more successful since they will already have a certain level of information regarding the organization.

Reverse Social Engineering

A slightly different approach to social engineering is called reverse social

engineering. In this technique, the attacker hopes to convince the target to initiate the contact. This obviously differs from the traditional approach where the target is the one that is contacted. The reason this attack may be successful is that, since the target is

the one initiating the contact, attackers may not have to convince the target of their authenticity. The tricky part of this attack is, of course, convincing the target to make

that initial contact. Possible methods to accomplish this might include sending out a spooled e-mail

claiming to be from a reputable source that provides another e-mail address or phone

number to call for ―tech support,‖ or posting a notice or creating a bogus web site for a legitimate company that also claims to provide ―tech support.‖ This may be especially

successful if accomplished in conjunction with the deployment of a new software or hardware platform.


7

Another potential(Nice) time to target an organization with this sort of attack is when there is a significant change in the organization itself. The sort of upheaval referred to here would occur if two companies merge or if a smaller company is acquired

by a larger one. During these times, employees are not familiar with the new organization or its procedures and amidst the confusion it is easy to conduct either a social engineering or reverse social engineering attack.

People as a Security Tool

When talking of social engineering attacks is that people are not only the biggest

problem and security risk but they are also the best tool in defending against a social engineering attack. The first step a company should take to fight potential social engineering attacks is to create the policies and procedures that establish the roles and

responsibilities for not only security administrators but for all users. What is it that management expects, security-wise, from all employees? What is it that the organization

is trying to protect, and what mechanisms are important for that protection? Security Awareness

Probably the single most effective method to counter potential social engineering attacks after establishment of the organization’s security goals and policies is an active

security awareness program. The extent of the training will vary depending on the organization’s environment and the level of threat, but initial employee training on social engineering at the time a person is hired is important, as well as periodic refresher

training. Many government organizations have created security awareness posters to

constantly remind individuals of this possible avenue of attack. Security newsletters,

often in the form of e-mail, have also been used to remind employees of their security responsibilities.

An important element that should be stressed in training about social engineering is the type of information that the organization considers sensitive and which may be the target-of a social engineering attack.

There are undoubtedly signs that the organization could point to as indicative of an attacker attempting to gain access to sensitive corporate information. All employees

should be aware of these indicators. Individual User Responsibilities

Several times we’ve alluded (Suggest or call attention to indirectly )to specific duties that Users should be expected to perform. These vary between organizations and -the type of business the organization is involved in, but there are certain very basic

responsibilities that all users should adopt. These include: Locking the door to your office or workspace

Not leaving sensitive information inside your car unprotected Securing storage media containing sensitive information in a secure storage device Shredding paper containing organizational information before discarding it

Not divulging sensitive information to individuals (including other employees) that do not have an authorized need to know it

Not discussing sensitive information with family members (the most common

violation of this rule occurs in regards to human resources information as


8

employees, especially supervisors, may complain to their spouse about other employees or problems that are occurring at work)

Protecting laptops that contain sensitive or important organization information

wherever the laptop may be stored or left (it’s a good idea to ensure that sensitive information is encrypted on the laptop so that should the equipment be lost or stolen, the information remains safe)

Being aware of who is around you when discussing sensitive corp information. Does everybody within earshot have the need to hear this information?

Enforcing corporate access control procedures. Be alert to, and do riot allow, piggybacking, shoulder surfing, or access without the proper credentials.

Being aware of the correct procedures to report suspected or actual violations of

security policies Establishing procedures to enforce good password security practices that all

employees should follow. Passwords are such a critical element that they are frequently the ultimate target of a social engineering attack. Though such password procedures may seem too oppressive or strict, they are often the best

line of defense. Finally what….

On user responsibilities, corporate security officers must cultivate an environment of trust in their office, as well as an understanding of the importance of security. If users

fee! that security personnel are on there to make their life difficult or dredge up information that will result in an employee’s termination, the atmosphere will quickly turn adversarial and be transformed into an ―us versus them‖ situation.

Security personnel need the help of all users and should strive to cultivate a team environment where users when faced with a questionable situation, will not hesitate to

call the security office. In situations like this, security officers should remember the old adage of ―don’t shoot the messenger.‖

Security Policies

Prevention technologies are designed to keep individuals from being able to gain access to systems or data they are not authorized to use. Originally, this was the sole

approach to security. In an operational environment, prevention was extremely difficult and relying on prevention technologies alone was not sufficient. This led to the rise of technologies to detect and respond to events that occur when prevention failed. This

gave rise to the operational model for computer security. Prevention technologies are static in the sense that they are put in place and generally left alone. This is not to say that they are not periodically updated as needed, but they

are generally designed to serve in some way as a static barrier to intruders. Detection and response technologies, on the other hand, are dynamic in the sense that

they acknowledge that security is an ongoing process. Systems and networks are constantly changing. They therefore need to be constantly monitored. Monitoring the operation of the various components that make up your security

perimeter is an essential part of any organization’s security program.

Policies, Procedures, Standards, and Guidelines


9

An important part of any organization’s approach to implementing security are the policies, procedures, standards, and guidelines that are established to detail what users and administrators should be doing to maintain the security of the systems and

network. Policies – General management Statement Standard – Specific Mandatory

Guideline – Recommendation/Best Practice Procedure – Step by Step instruction

Policies are high-level, broad statements of what the organization wants to accomplish. They are made by management when laying out the organizations position on some

issue.

Standards are mandatory elements regarding the implementation of a policy. They are accepted specification providing specific details on how a policy is to be enforced. Some standards may be externally driven. Regulations for banking and financial institutions,

for example, may require certain security measures be taken by law. Other standards maybe set by the organization for its own goals.

Guidelines are recommendations relating to a policy. The key term in this case is recommendation—guide lines are not mandatory steps.

Procedures are the step-by-step instructions on how to implement policies in the organization. They describe exactly how employees are expected to act in a given

situation Otto accomplish a specific task. Just as the network itself constantly changes, the policies, procedures, and

guidelines should be living documents that ale periodically evaluated and changed if necessary. The constant monitoring of the network and the periodic review of the relevant documents are part of the process that is the operational model. When applied

to policies, this process results in what is known as the policy life cycle. This operational process roughly consists of four steps:

1. Plan (adjust)

2. Implement 3. Monitor

4. Evaluate 1) The first step is to plan for security in your organization. In this step, you develop

the policies, procedures, and guidelines that will be implemented and design the

security components that will protect your network. Once these are designed and developed, you can implement the plans.

2) Part of the implementation of any policy, procedure, or guideline will be an

instruction period where those who will be affected by the change or introduction of this new document will learn about its contents.

3) Next, you monitor to ensure that both the hardware and the software as well as the policies, procedures, and guidelines are effective in securing your systems.

4) Finally, you evaluate the effectiveness of the security measures you have in place.

This step may include a vulnerabilities assessment and penetration test of your system to ensure the security is adequate. After evaluating your security posture,

you begin again with step one this time adjusting the security mechanisms you have in place, and then continue with this cyclical process.


10

Physical Security

Physical security is the protection of personnel hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire,

natural disasters, theft and terrorism. Physical security describes both measures that prevent or deter attackers from

accessing a facility, resource, or information stored on physical media and guidance on how to design structures to resist various hostile acts.

Security at the physical level is a must. It should be provided to physically protect

the assets and resources in the secured perimeter. Control against natural calamities

Using fire resistant and water resistant material

Implementation of fire monitoring, fire alarm and fire control system

Using fire extinguishers

Proper site design

Insurance cover

Control against power supply problems

Installation of UPS systems

Installation of alternative power sources like generator sets

To improve quality of power using stabilizers, spike guards etc.

Controls for physical access/authentication

Use of token based access control such as barcode, magnetic strip cards, SIM and

smart cards, proximity cards and RFID based identification system

Biometric identification and authentication systems

Multifactor identification system

Door locks, magnetic locks and other physical access controls

Security guards

Controls for protection of Hardware

Burglar alarm systems and intruder detection systems

CCTV (close circuit television) monitoring systems

Locks, padlocks, chain locks etc

Controls for declassification and removing electronic waste

Paper shredders, burners, crushers

Formatting and degaussing of magnetic media

Destruction of electronic waste

Controls against emanation

TEMPEST (Telecommunications Electromagnetic Protection, Equipment,

Standards and Techniques) certification.

Shielding and jamming techniques


11

Controls for data protection

Data redundancy measures such as mirroring shadowing and RAID

configurations

Regular onsite and offsite data backups

Controls for trusted human resources

Security training and ethics training for the organization employees

Screening of vendors and service personnel

Physical frisking at the entry points

Access Controls

Q.What is Access Control?List Different types of it? Ans. The term access control has been used to describe a variety of protection schemes. It is sometimes used to refer to all security features used to prevent unauthorized access

to a computer system or network. In this sense, it may be confused with authentication. More properly, access is the ability of a subject (such as an individual or a process

running on a computer system) to interact with an object (such as a file or hardware device).

Authentication, on the other hand, deals with verifying the identity of a subject. To help understand the difference, consider the example of an individual attempting to log

in to a computer system or network. Authentication is the process used to verify to the computer system or network that the individual is who they claim to be. The most common method to do this is through the use of a userid and password. Once the

individual has verified their identity, access controls regulate what the individual can actually do on the system. Just because a person is granted entry to the system, that

does not mean that they should have access to all data the system contains. To further illustrate, consider another example. When you go to your bank to

make a withdrawal, the teller at the window will verify that you are indeed who you claim to be. This is usually done by asking you to provide some form of identification

with your picture on it, such as your driver’s license. You may also have to provide information such as your bank account number. Once the teller verifies your identity, you will have proved that you are a valid (authorized) customer of this bank. This does

not, however, mean that you have the ability to view all information that the bank protects—such as your neighbor’s balance. The teller will control what information, and funds, you may have access to and will grant you access only to that which you are

authorized. In this example, your identification and bank account number serve as your method of authentication and the teller serves as the access control mechanism.

In computer systems and networks, there are several ways that access controls can be implemented. An access control matrix provides the simplest framework for illustrating the process. An example of an access control matrix is provided in Table 1-1.

In this matrix, the system is keeping track of two processes, two files, and one hardware device.

Process 1 can read both File 1 and File 2 but can write only to File 1. Process 1 cannot access


12

Process 2, but Process 2 can execute Process 1. Both processes have the ability to write to the printer. While simple to understand, the access control matrix is seldom used in computer systems because it is extremely costly in terms of storage space and

processing. Imagine the size of an access control matrix for a large network with hundreds of users and thousands of files. The actual mechanics of how access controls are implemented in a system varies, though access control lists (ACLs) are common. An

ACL is nothing more than a list that contains the subjects that have access rights to a particular object. The list will identify not only the subject but the specific access that

that subject has for the object. Typical types of access include read, write, and execute as indicated in our example access control matrix.

No matter what specific mechanism is used to implement access controls in a

computer system or network, the controls should be based on a specific model of access. Several different models are discussed in security literature, including discretionary

access control (DAC), mandatory access control (MAC), and role-based access control (RBAC).

Discretionary Access Control Both discretionary access control and mandatory access control are terms originally

used by the military to describe two different approaches to controlling what access an individual had on a system. As defined by the ―Orange Book,‖ a Department of Defense document that at one time was the standard for describing what constituted a trusted

computing system, discretionary access controls are ―a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The

controls are discretionary in the sense that a subject with a certain access permission is capable of

passing that permission (perhaps indirectly) on to any other subject.‖ While this may appear to many to be typical ―government-speak‖ and confusing, the principle is really rather simple. In systems that employ discretionary access controls, the owner of an

object can decide which other subjects may have access to the object and what specific access they may have. One common method to accomplish this is the permission bits

used in UNIX-based systems. The owner of a file can specify what permissions (read/write/execute) members in the same group may have and also what permissions all others

may have. Access control lists are another common mechanism used to implement discretionary access control.


13

Mandatory Access Control A less frequently employed system for restricting access is mandatory access control. This system, generally used only in environments where different levels of security

classifications exist, is much more restrictive of what a user is allowed to do. Again referring to the Orange Book, we can find a definition for mandatory access controls, which is ―a means of restricting access to objects based on the sensitivity (as

represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity.‖

In this case, the owner or subject can’t determine whether access is to be granted to another subject; it is the job of the operating system to decide. In MAC, the security mechanism controls access to all objects and individual subjects cannot change that

access. The key here is the label attached to every subject and object. The label will identify the level of classification for that object and the level that the subject is entitled

to. Think of military security classifications such as Secret and Top Secret. A file that has been identified as Top Secret (has a label indicating that it is Top Secret) may be viewed only by individuals with a Top Secret clearance.

It is up to the access control mechanism to ensure that an individual with only a Secret clearance never gains access to a file labeled as Top Secret. Similarly, a user cleared for Top Secret access will not be allowed by the access control mechanism to

change the classification of a file labeled as Top Secret to Secret or to send that Top Secret file to a user cleared only for Secret information. The complexity of such a

mechanism can be further understood when you consider today’s windowing environment. The access control mechanism will not allow a user to cut a portion of a Top Secret document and paste it into a window containing a document with only a

Secret label. It is this separation of differing levels of classified information that results in this

sort of mechanism being referred to as multilevel security. A final comment should be made: just because a subject has the appropriate level of clearance to view a document, that does not mean that they will be allowed to do so. The concept of ―need to know,‖

which is a discretionary access control concept, also exists in mandatory access control mechanisms.

Role-Based Access Control Access control lists can be cumbersome and can take time to administer properly.

Another access control mechanism that has been attracting increased attention is the role-based access control (RBAC). In this scheme, instead of each user being assigned specific access permissions for the objects associated with the computer system or

network, that user is assigned a set of roles that the user may perform. The roles are in turn assigned the access permissions necessary to perform the tasks associated with the role. Users will thus be granted permissions to objects in terms of the specific duties

they must perform—not of a security classification associated with individual objects.

Q.Write short note on Authentication Ans. Authentication Access controls define what actions a user can perform or what objects a user can have

access to. These controls assume that the identity of the user has been verified. It is the job of authentication mechanisms to ensure that only valid users are admitted.

Described another way, authentication is using some mechanism to prove that you are who you claim to be. There are three general methods used in authentication. In order


14

to verify your identity, you can provide: • Something you know • Something you have

• Something about you (something that you are) The most common authentication mechanism is to provide something that only

you, the valid user, should know. The most frequently used example of this is the

common userid (or username) and password. In theory, since you are not supposed to share your password with anybody else, only you should know your password, and thus

by providing it you are proving to the system that you are who you claim to be. In theory, this should be a fairly decent method to provide authentication. Unfortunately, for a variety of reasons, such as the fact that people have a tendency to choose very poor

and easily guessed passwords, this technique to provide authentication is not as reliable as it should be. Other authentication mechanisms are consequently always being

developed and deployed. Another method to provide authentication involves the use of something that only

valid users should have in their possession. A physical-world example of this would be a

simple lock and key. Only those individuals with the correct key will be able to open the lock and thus provide admittance to your house, car, office, or whatever the lock was protecting. A similar method can be used to authenticate users for a computer system or

network (though the key may be electronic and may reside on a smart card or similar device).

The problem with this technology is that people will lose their keys (or cards), which means they can’t log in to the system and somebody else who finds the key may then be able to access the system, even though they are not authorized. To address this

problem, a combination of the something-you-know/something-you-have methods is often used so that the individual with the key may also be required to provide a

password or passcode. The key is useless unless you know this code. An example of this is the ATM card most of us carry. The card is associated with a personal identification number (PIN), which only you should know. Knowing the PIN without having the card is

useless, just as having the card without knowing the PIN will also not provide you access to your account.

The third general method to provide authentication involves something that is

unique about you. We are used to this concept in our physical world, where people’s fingerprints, or a sample of their DNA, can be used to identify them. This same concept

can be used to provide authentication in the computer world. The field of authentication that uses something about you or something that you are is known as biometrics. A number of different mechanisms can be used to accomplish this type of authentication,

such as a voice print, a retinal scan, or hand geometry. All of these methods obviously require some additional hardware in order to operate. While these three approaches to

authentication appear to be easy to understand and in most cases easy to implement, authentication is not to be taken lightly, since it is such an important component of security. Potential attackers are constantly searching for ways to get past the system’s

authentication mechanism, and there have been some fairly ingenious methods employed to do so. Consequently, security professionals are constantly devising new methods, building on these three basic approaches, to provide authentication

mechanisms for computer systems and networks.


15

BioMetrics Biometrics" means "life measurement" but the term is usually associated with the

use of unique physiological characteristics to identify an individual. The application which most people associate with biometrics is security. However, biometrics identification has eventually a much broader relevance as computer interface becomes

more natural. Knowing the person with whom you are conversing is an important part of human interaction and one expects computers of the future to have the same

capabilities. A number of biometric traits have been developed and are used to authenticate the person's identity. The idea is to use the special characteristics of a person to identify

him. By using special characteristics we mean the using the features such as face, iris, fingerprint, signature etc.

The method of identification based on biometric characteristics is preferred over

traditional passwords and PIN based methods for various reasons such as: The person to be identified is required to be physically present at the time-of-identification.

Identification based on biometric techniques obviates the need to remember a password or carry a token. A biometric system is essentially a pattern recognition system which makes a personal identification by determining the authenticity of a specific

physiological or behavioral characteristic possessed by the user. Biometric technologies are thus defined as the "automated methods of identifying or authenticating the identity

of a living person based on a physiological or behavioral characteristic". A biometric system can be either an 'identification' system or a 'verification'

(authentication) system, which are defined below.

Identification - One to Many: Biometrics can be used to determine a person's identity

even without his knowledge or consent. For example, scanning a crowd with a camera and using face recognition technology, one can determine matches against a known

database. Verification - One to One: Biometrics can also be used to verify a person's identity. For

example, one can grant physical access to a secure area in a building by using finger scans or can grant access to a bank account at an ATM by using retinal scan.

Biometric authentication requires to compare a registered or enrolled biometric sample (biometric template or identifier) against a newly captured biometric sample (for

example, the one captured during a login). This is a three-step process

Capture,

Process,

Enroll followed by a

Verification or

Identification process.

During Capture process, raw biometric is captured by a sensing device such as a fingerprint scanner or video camera.


16

In this phase of processing is to extract the distinguishing characteristics from the raw biometric sample and convert into a processed biometric identifier record (sometimes called biometric sample or biometric template).

In this phase of enrollment the processed sample (a mathematical representation of the biometric - not the original biometric sample) is stored / registered in a storage medium for future comparison during an authentication.

In many commercial applications, there is a need to store the processed biometric sample only. The original biometric sample cannot be reconstructed from this identifier.

Type of Biometrics

Biometrics refers study of methods for uniquely recognizing humans based upon one of more intrinsic physical or behavioral characteristics

Biometric identification Is used on the basis of some unique physical attribute of the user that positively identifies the user.

Examples: Finger print recognition, retina scan techniques, palm capillary mapping,

voice synthesis and recognition, face recognition.


17

Biometric characteristics can be divided in two main classes Physiological are related to the shape of the body.

For example, finger print face recognition, DNA, Palm print, hand geometry, iris

recognition, which has largely replaced retina, and odor/scent.

Behavioral are related to the behavior of a person.

For example, typing rhythm, gait, signature and voice. This class of biometrics is termed

as behaviometrics.

Physiological vs. Behavioral Biometrics

Physiological biometrics analyzes the physiological characteristics of an individual.

By definition, physiology is ―a branch of biology that deals with the functions and

activities of life or of living matter (as organs, tissues, or cells) and of the physical and

chemical phenomena involved". This division of biometrics includes the following:

fingerprints face recognition, iris recognition, hand and finger geometry, and DNA

analysis. A second division of biometrics is behavioral. Behavioral biometrics deals with

the identification or verification of individuals based on the manner in which they

conduct themselves through various activities. The behavioral division of biometrics

includes the following: keystroke recognition, speaker (voice) recognition, and signature

recognition.


18

Block Diagram of Biometric System

(Above Shown Block Diagram can be used) A biometric system can operate in the following two modes

Verification - A one to one comparison of a captured biometric with a stored template to

verify that the individual is who he claims to be. Can be done in conjunction with a smart card, username or ID number.

Identification - A one to many comparison of the captured biometric against a biometric database in attempt to identify an unknown individual. The Identification only

succeeds in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold.

The first time an individual uses a biometric system is called an enrollment. During the enrollment, biometric information from an individual is stored. In subsequent uses, biometric information Is detected and compared with the information stored at the time

of enrollment.

The (sensor) is the interface between the real world and the system; it has to

acquire all the necessary data.

The next it performs all the necessary pre-processing: it has to remove artifacts

from the sensor, to enhance the input (For example, removing background noise), to use some kind of normalization, etc.

After preprocessing system extracts necessary features. This step is an important step as the correct features need to be extracted in the optimal way. A vector of

numbers or an image with particular properties Is used to create a template. A template is a synthesis of the relevant characteristics extracted from the source. Elements of the biometric measurement that are not used in the comparison

algorithm are source. Elements of the biometric measurement that are not used in the comparison algorithm are discarded in the template to reduce the file size and

to protect the identity of the enrollee.

If enrollment is being performed, the template is simply stored somewhere (on a

card or within a database or both). If a matching phase is being performed, the


19

obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (For example, Hamming distance). The matching program will analyze the template

with the input. This will then be output for any specified use or purpose (For example, entrance in a restricted area).

Hand Geometry

Background

Hand geometry is a form of physiological biometrics

that uses the shape of the hand for authentication purposes. Various traits of the hand, such as finger length, width and curvature, as well as unique features may be used for

identification. Hand geometry scan require that users place their hands onto a surface with 5 pegs. This aligns the hand

so that the scanner can get a consistent reading on each scan. The scan is then compared to the database for verification. A typical scan will take two pictures of the hand:

one of the top and one of the side. Another type of biometric scan can be done to identify

the dorsal venous network of the hand. This essentially shows the blood vessels on the back of the hand and may be another useful factor for verification.

Studies on the use of hand geometry have been performed by Michigan State University. In their tests, users interacted with hand verification systems to grant access to web-based services. The use of hand verification as opposed to another form of

biometric security might be favorable due to the sensitive nature of fingerprint, DNA, or iris-based systems.

Problems and Implementation

Hand geometry is not a unique form of biometric security. More than one person may have the same or very similar hand shapes. This limits the usefulness of hand geometry to verification, not identification. Combining hand geometry with another form

of biometric security, such as fingerprint biometrics, would provide a very secure


20

identification system. A system where hand geometry was used to verify the fingerprint input would add an additional layer of security and create a very effective identification system.

Hand geometry is currently in use for physical security purposes, namely building access, due to its ease of use, low cost and relatively impersonal data it uses. Implementing a security system based on hand geometry alone would not be a viable

security system, however when combined with fingerprint biometrics it is a suitable security system for almost any business need.

Eye Biometric

Background As early as the 1930’s researchers began to notice that the blood vessels on the back of a human eye are unique to every person. Even identical twins have different patterns of

these blood vessels. In the thirties, however, there was not sufficient technology to implement these retinal characteristics into a form of advanced security. Once the

correct technology was acquired, retina biometrics, one of the most sophisticated forms of security, was born.

How it Works Today, there are many different machines designed to perform retina scans but all follow

the same basic principles. These machines require a person to take off any glasses they may be wearing and stand with their eyes very close to a scanner. The machine takes around ten seconds to shine a ―low intensity coherent light source‖ onto the retina to

illuminate the blood vessels.The individual being scanned must remain still and stare at a specific point while the device is processing the scan. Once the machine has a copy of the scan, it compares the picture to all the different scans on file, looks for a match, and

identifies the individual. Machine Scanning an Eye:

Example of a scanned retina: Advantages

A few advantages to Retina Biometrics include: No two retinas will ever be exactly alike

Even after deceased, the blood vessels cannot be imitated since they decay rapidly

Fast, accurate scan

Implementation Since the retina scan machines are fairly expensive, a popular use of this type of

security is with government agencies to identify employees. Also, some companies (both large and small) use the retina scan machines to keep track of attendance of employees

and control access areas within a building.Since these machines are extremely accurate, they tend to be used in highly protected areas. Companies use retina scans to limit access to, usually, the top employees only. This ensures that important data will only be

seen by the people with clearance. Companies also like to use these retina scanning machines since they are highly accurate in a short amount of time. Employees only have to spend around ten seconds at the machine to be granted access or denied.


21

Facial BioMetrics

Background

Facial recognition Biometrics was introduced in the 1960’s. The US government hired a man named Woodrow W. Bledsoe to create the very first semi-automated face recognition system. The machine located key features on the face and calculated the

ratios between them for identification. A decade later three men named Goldstein, Harmon, and Lesk joined forces to enhance the existing machines. They developed a 21

point check for the machines to identify and calculate the ratios between these facial structures. The 21 points included very intricate features of the face such as thickness of the lips and color of the hair. In the 1980’s facial recognition systems were beginning

to become available in commercial retail. How it Works

Facial recognition starts by using a digital video camera to record a person’s face as they enter a certain area. This type of biometrics does not require anyone to physically touch

a machine, just stand within a designated space. The picture is then analyzed by ―comparing distances between things like the eyes, nose, mouth, and jaw edges‖ of a person. This method compares angles and ratios of a person’s face to a database of

previously collected ratios to correctly identify the individual.

Application in Business

Facial recognition biometrics is slowly creeping into many aspects of today’s world. For example, starting in 1988, a sheriff’s department in Los Angeles started the first

commercial facial recognition system to combine a database of digital mug shots to help ensure arresting the correct suspect. Also, after the terrorist attack of September 11th, many airports have implemented a facial recognition system. This seems like the ideal

place for this type of security since it can process the large amount of traffic moving through an airport. Another system implemented after 9/11 was at the Super Bowl of

2001. The staff scanned everyone hoping to be able to identify anyone with any sort of criminal record. Other ideal locations for facial recognition systems are places like ―casinos, public transportation, financial institutions‖ or anywhere with numerous

people.

Future Implementation Problems

Many businesses like facial recognition biometrics since their patrons aren’t even aware that they are being screened, yet for this same reason, some patrons get upset about

this invasion of privacy. Ethical problems such as this may make implementation in the future difficult. Also, advancement in media technology may prove to be an obstacle for companies that have already implemented a facial recognition system. Most systems use

a 2D picture to store in their database, yet when technology advances to 3D the systems database will not combine since the files are different. Also, the more advanced

technology gets, the more expensive this media equipment will get.

DNA Biometics

What is DNA?


22

Deoxyribonucleic acid (DNA) is the genetic material found in most organisms, including humans. Each individual human is identifiable by hereditary traits found in their DNA, which is located in the nucleus of the cells as well as the mitochondria. DNA

serves as a genetic code that is unique to every organism, no two being exactly alike; only identical twins are an exact DNA match. An organism’s DNA code is comprised of four bases: adenine (A), guanine (G), cytosine (C), and thymine (T). These bases combine

in a specific sequence to form base pairs that determine the anatomy and physiology of the organism. Each base pair is attached to a sugar and phosphate molecule creating a

nucleotide. Nucleotides compose two long strands connected by the base pairs in a ladder-like formation that form the common spiral known as the double helix.

In the case of human beings, there are about 3 million bases, 99% of which are the same from person to

person. The variations found in the final 1% are the means by which DNA becomes unique to each individual. The final 1% also serves as the foundation

for DNA biometrics, being the location of the unique traits by which DNA recognition can identify or verify the identification of an individual person. Image: How DNA recognition works?

The cells that contain DNA share genetic material (information) through chromosomes.

Humans have 23 chromosomes that house a person’s DNA and their genes. Of the 46 total chromosomes, 23 come from each parent of an offspring. 99.7% of an offspring’s DNA is shared with their parents. The remaining .3% of an individuals DNA is variable

repetitive coding unique to an individual. This repetitive coding is the basis of DNA biometrics. DNA recognition uses genetic profiling, also called genetic fingerprinting, to

isolate and identify these repetitive DNA regions that are unique to each individual to either identify or verify a person’s identity. The basic steps of DNA profiling include:

1. Isolate the DNA (sample can originate from blood, saliva, hair, semen, or tissue) 2. Section the DNA sample into shorter segments containing known variable number

tandem repeats (VNTRs)—identical repeat sequences of DNA

3. Organize the DNA segments by size 4. Compare the DNA segments from various samples

The more repeats of sequences there are for a given sample, the more accurate the DNA comparison will be, thus decreasing the likelihood of the sample matching multiple individuals. In other words, the more detailed the sample is, the more precise the

comparison is in identifying the individual who possesses the DNA from the sample. A few drawbacks of this technique are the depth of the procedure, the physical invasiveness of obtaining the DNA sample, and the time required to perform a DNA

comparison. Also contamination of the sample renders the comparison impossible. Most often, DNA biometrics is used for identification purposes as opposed to verification

because the technique has yet to automate through technological advances. DNA sequencing, the process of generating a DNA profile, is compared to DNA samples previously acquired and catalogued in a database. The most common DNA database in

existence is the CODIS System used by the Federal Bureau of Investigation. DNA biometrics technology is not advanced enough for universal use. Current DNA

biometrics is far from that depicted in the movies.


23

The Future of DNA Biometrics

The future of DNA biometrics in terms of physical and network security will rely on

experts’ ability to make it a more cost efficient method of identification. Whether this means portability or mass production, development will depend on technological advances in the areas of DNA sequencing and sample comparison techniques. A

professor at National University in San Diego, California is working on creating a portable DNA sequencer that will combine existing DNA biosensors with a new device

called the ion-selective field-effect transistor (ISFET). This product would allow a handheld device to perform the same activities that currently must take place in a laboratory. As these kinds of advancements take place, the implementation of DNA

biometrics into civilian business environments for use in physical and network security will expand to a great extent. The precision and accuracy of DNA recognition will make it

a much desired means of identification, and hopefully verification, in the foreseeable future.

KeyStrokes

Introduction

Keystroke Dynamics are the behavioral study of how

individual humans type on a keyboard, considering factors such as Flight Time (the time it takes to move from one key to another) and Dwell time (the time a

person spends on any given key). The history of keystroke as a field of study dates back to early days of the telegraph, where operators learned

the ―voices‖ of other operators as they transmitted messages. During World War II, as part of the

cryptanalysis of the British, female code breakers learned the ―voices‖ of telegraph transmitters in the German military.This allowed the Allies to point when transmissions were highly important or likely falsified information. The identification mark, an

individual rhythmic pattern to transmitting signals known as the ―fist of the sender‖ became the cornerstone for the study of Keystroke Dynamics. How Keystroke Dynamics Work?

The basis for testing or observing one’s pattern for typing is the repetition of typing so

that differences can be noted and patterns observed between words. Today, a template is made consisting of the user typing a series of words over several sessions to break up the time. Forced typing over long periods of time can induce fatigue, stress, and other

factors, such as simple typing mistakes, which may inhibit the template’s accuracy.Once proper calibrated, the template will be easily able to distinguish whether

the acceptable user is typing or not by comparing the flight and dwell times to those set on the template.

Disadvantages

The failure of ease in regards to using this system is what inhibits its uses from the public arena. Setting up a series of accepted users is time consuming and based on the

studies of one particular study, may be hard to duplicate by that user than by that of


24

another user. Also, the failure of the system to easily identify new acceptable user while in place limits its use. Although developments are being made to prepare the system for such intelligence, it has not yet been incorporated. Applications

One of the most likely possible uses for Keystroke Dynamics in the business and

information world today would be for user identification purposes. By having the specific user calibrated to typing a specific phrase or password, the analytical software would be

able to decipher whether or not the user is the allowed source based upon hesitation and rapidity of the stroke. Thus simply typing the password or pasting it within the appropriate filed would not work because the flight time and dwell times would not

match. This would eliminate security threats to an information system even if the actual text or character combination was revealed to an outside source.

Additionally, this software could be used to distinguish one person from another in signal based communications, such as typing or telegraphing, where the user is manually inputting the signals according to their own rhythmic patterns. Although not

able to identify new users, the software can compare input signals to established templates and determine whether or not the desired user is the one transmitting the signal.

Signature

Signature Introduction

Dynamic Signature Verification refers to the process of analyzing one’s signature according to the speed, pressure, and

timing that the user takes to complete the signature. The process is ideal for security

purposes because it allows a frequently used writing (the signature) that is unique to each user based upon the amount of

time and effort that they specifically put into their writing. History

Signatures date back to the early

beginnings of written language, which began in the Sumerian civilization.It wasn’t until the Romans, under Valentitian III, began using the subscripto(a short phrase used to verify wills), that the signature had

its birth. It quickly spread to other legal documents as a unique verification tool to ascertain several key elements: message authentication, message/data integrity, and

non-repudiation (legal aspect of events). From this base, the signature has become a staple of western civilization, to the point that today, the signature is a legally binding entity. Advantages

The key advantage to this particular system of behavioral biometrics is that it is based

on an already accepted form of identification. Incorporation of a security system based


25

on Dynamic Signature Verification would require a certain amount of investment in equipment and software to analyze the inputs, but no real cost to train people on how to input signals. At the same time, it is reliant upon unique characteristics that are not

easily duplicable, with even the same users having slight (neglible) differences between their own signatures. Many companies, such as IBM, are already offering software that provides this service, easily comparing the input signature to six given templates by the

authenticated user. Not only does it boast a low total error rate (1.5%) but it also requires little time (1 sec/signature), cheap equipment cost, and low storage space. Applications

Signature Verification itself is used and has been successfully

incorporated into the public domain. Each time a user signs on a digital notepad to approve a credit card transaction, they are using a form of

signature verification. The difference though is that this form does not take into account the pressure, timing, and speed with which the user inputs the signal, it only compares the input signature to the one on file. This is due to the simplicity of

the system, which often uses only a simple scanner. Thus a forger who can reasonably reproduce the signature of a copy submitted electronically can easily be mistaken for the authentic. Dynamic Signature Verification would require the use of a scanner, a camera

to observe how the signature is being made(speed and timing), and a pen with sensors or that uses ultrasonic sensing to observe the pressure. By incorparating these elements

into the observed cateogory, the percentage of successful forging attempts is significantly reduced.

Voice Biometrics

Background Information

Much like the uniqueness of fingerprints, voice can also be used as a form of security for

identifying an individual.


26

Voice is able to be used because of each individuals tone, pitch, and atonality of words.

The voice is unique because of the individual shape of the vocal cavities and the way the individual moves their mouth when they speak

Matching Techniques

The wave patterns in the voice and the measurement of physiological characteristics, such as the nasal passages and vocal chords, as well as the frequency,

cadence and duration of the vocal pattern are all included in considering a voiceprint. The voiceprint is a biometric voice identifier not a recording or a sound file; so an imposter could not record one’s words and replay them into the system and get access

granted. A voiceprint allows the user to gain access to information or give authorization without being physically present; this way the user can give authorization by way of a

simple phone call. Advantages

A couple major advantages of Voice biometrics are: Security Accuracy

Convenience Shortened Verification/ Speeds

Protects Privacy All of these reasons demonstrate voice biometrics as an easy, quick, and safe method for identifying individuals.


27

Disadvantages

Voiceprints are not a perfected technology; as in every technology based system,

there are still glitches still to be worked out. A way has been configured for unauthorized users to hack the system by simply obtaining a recording of the authorized person's password (this is usually by way of phone). To counteract this fraudulent activity, many

systems have randomly chosen passwords or general voiceprints instead of prints for specific words to decrease possibility of access. Business Applications

Many companies have freed up a lot of space on their hard drives by the

implementation of voice printing; due to the fact that voice printing eliminates the need for passwords. Companies such as VoiceVault have created special filters and

algorithms to eliminate background noise as well as to aid in detecting and rejecting any attempt to use voice recordings . Another good example of this ―special filter‖ is automated voicemail systems. Many companies have utilized voiceprints to help them in

dealing with their many customers by allowing the voiceprint to acknowledge and understand what the customer is saying and transfer them to the right department accordingly.


28

Q.Describe methods of Defense Security is the process of ensuring the confidentiality, integrity, authenticity, non-repudiation, and availability of electronic communications and transactions. To ensure

the security of an e-business and e-commerce it is necessary to implement security policies and technologies that enable trusted electronic transactions and communalizations. The methods for ensuring security in systems include:

Authentication Authentication is the process of determining whether someone or something is, in fact,

who or what it is declared to be. In private and public computer networks (including the Internet), authentication is commonly done through the use of logon pas words. Knowledge of the password is assumed to guarantee that that user is authentic. Each

user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the

previously declared password. The weakness in this system for transactions that are- significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.

For this reason, Internet business and many other transactions require a more stringent authentication process. The use of digital certificates issued and verified by a Certificate Authority (CA) as part of a PM is considered likely to become the standard way to

perform authentication on the Internet. Logically, authentication precedes authorization (although they may often seem to be combined). Authorization: Authorization is the process of giving someone permission to do or have something. In multi-u4er computer systems, a system administrator defines for the system which

users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth).

Assuming that someone has logged in to a computer operating system or aç4plication, the system or application may want to identify what resources the user can be given during this session. Thus, authorization is sometimes seen as both the preliminary

setting up of permissions by a system administrator and the actual checking of the permission values that have been set up when a user is getting access. Logically, authorization is preceded by authentication.

Cryptography:

Cryptography mathematical methods and techniques are used to ensure the confidentiality, integrity and non-repudiation of communications and transactions. Cryptography will be discussed in detail in next chapter.

Risks Analysis: In order for an effective security strategy to be implemented, assets must be identified,

probable risks determined, and an approximate value placed on organizational assets. Value in an intangible electronic medium can sometimes be difficult to determine.

However the enterprise must assess the value of issues like reputation, customer confidence, financial fraud, disclosure of proprietary information, and trade secrets. After a detailed risk analysis is conducted, cost- effective e-business and e-commerce

enabling policies, processes, and procedures can be developed to minimize the risk of unauthorized access and disclosure of organizational assets. Costs associated with

minimizing risks should never exceed the cost of replacing the asset. Security Policy:


29

It is essential that easy-to-understand and enforceable security policies be documented and disseminated to all e-business and e-commerce constituencies including employees, customers, partners, and suppliers. Security policies should clearly define the proper

use of network resources and e-business assets. Roles and responsibilities- need to be defined for policy creation, revision, and implementation. Security technologies are designed to implement, monitor, and verify organizational security policies. Processes

and procedures need to be established for the implementation and - maintenance of authentication, authorization, accounting, and cryptography standards in support of the

e business and e-commerce. In order for a secure e-business and e-commerce initiative to be effective it Is critical that an organization establish simple and effective ground rules for the proper use of network resources and assets.

Audit and Assessment:

The purpose of a security assessment is to determine the effectiveness of the current security infrastructure by identi1 the extent of network-level vulnerabilities and the organization’s ability to monitor, detect, and respond to network-driven attacks.

Legal framework:

To fight against the crime the cyber laws has been adopted by the various

countries of the world. In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted the UNCITRAL Model Law on Electronic Commerce. Its

consent is to harmonize and unify international trade law to remove unnecessary legal obstacles. The Model Law is prepared to serve as a model to countries for the evaluation and modernization of certain aspects of their laws and practices in the field of

commercial relationship involving the use of computerized or other modern communication technique, and for the establishment of relevant legislation where none

presently exist. The model law enables or facilitates the use of electronic commerce and provides

equal treatment to users of paper-based documentation and to the users of computer-

based information. Depending on the situation in each enacting State, the Model Law could be implemented in various ways, either as a single statute or in several pieces of legislation

In addition to information technology act of .the respective countries the international rules and regulate has strengthen the power against cyber crimes. The

International Corporation for Assigned Names and Numbers (ICANN) has adopted Uniform Domain Name Dispute Resolution Policy to resolve domains name disputes. World Intellectual Property Organization (WIPO) has prepared new copyright treaties viz,

the Copyright treaty, and the Performance and Phonograms treaty to fight against Intellectual Property and Licensing.

Controls: Above mentioned methods of defense like authentication, authorization and

cryptography are implemented using various Hardware and Software controls. Different hardware controls like smart cards, firewalls, intrusion detection system, locks

or cables limiting access, devices to verify user’s identities etc. are used. Software controls that aids in a secure computing environment are internal

program controls that are themselves parts of the program and enforce security restrictions, operating system and network. System controls are the limitations enforced


30

by operating systems or networks. Independent control programs are the application programs which verifies passwords, detect intrusion, scans viruses etc. Quality standards that are enforced in software development like cycle to prevent software faults

from becoming exploitable vulnerabilities.


31

Q.What is Kerberos and CHAP describe Ans. Kerberos

Developed as part of MIT’s project Athena, Kerberos is a network authentication protocol designed for a client/server environment. Taking its name from the three-headed

dog of Greek mythology, Kerberos is designed to work across the Internet, an inherently insecure environment. Kerberos uses strong encryption so that a client can prove its

identity to a server and the server can in turn authenticate itself to the client. The basis for authentication in a Kerberos environment is something known as a ticket. Tickets are granted by the authentication server, which is an entity trusted by both the client and

the server the client wishes to access. The client can then present this ticket to the server to provide proof of identity. Since the entire session can be encrypted, this will

eliminate the inherently insecure transmission of items such as a password that can be intercepted on the network. Since the tickets are time-stamped, attempting to reuse them will not be successful. To illustrate how the Kerberos authentication service works,

think about the common driver’s license. You have received a license that you can present to other entities to prove you are who you claim to be. Because these other

entities trust the state the license was issued in, they will accept your license as proof of your identity. The state the license was issued in is analogous to the Kerberos authentication service. It is the trusted entity both sides rely on to provide valid

identifications. This analogy is not perfect, because we all probably have heard of individuals who obtained a phony driver’s license, but it serves to illustrate the basic idea behind Kerberos.

CHAP

CHAP, the Challenge Handshake Authentication Protocol, is used to provide authentication across a point-to-point link using the Point-to-Point Protocol (PPP). In this protocol, authentication after the link has been established is not mandatory. CHAP

is designed to provide authentication periodically through the use of a challenge/response system sometimes described as a three-way handshake, as

illustrated in Figure . The initial challenge (a randomly generated number) is sent to the client.

The client uses a one-way hashing function to calculate what the response should be and then sends this back. The server compares the response with what it calculated the

response should be. If it matches, communication continues. If the two values don’t match, then the connection is terminated. This mechanism relies on a shared secret between the two entities so that the correct values can be calculated.

Certificates


32

Certificates are a method to establish authenticity of specific objects such as an individual’s public key (more on this specific subject in Chapter 10) or downloaded software. A digital certificate is generally seen as an attachment to a message and is

used to verify that the message did indeed come from the entity it claims to have come from. The digital certificate can also contain a key that can be used to encrypt further

communication. Tokens

A token is a hardware device that can be used in a challenge/response authentication process. In this way, it functions as both a something-you-have and something- you-

know authentication mechanism. There have been several variations on this type of device, but they all work on the same basic principles. The device has an LCD screen and may or may not have a numeric keypad. Devices without a keypad will display a

password (often just a sequence of numbers) that changes at a constant interval, usually about every 60 seconds. When an individual attempts to log in to a system, they enter

their own user identification number and then the number that is showing on the LCD. The system knows which device they have and is synchronized with it so that it will know the number that should have been displayed. Since this number is constantly

changing, a potential attacker who is able to see the sequence will not be able to use it later, since the code will have changed. Devices with a keypad work in a similar fashion

(and may also be designed to function as a simple calculator). The individual who wants to log in to the system will first type their personal identification number into the calculator. They will then attempt to log in. The system will then provide a challenge;

the user must enter that challenge into the calculator and press a special function key. The calculator will then determine the correct response and display it. The user provides the response to the system they are attempting to log in to, and the system verifies that

this is the correct response. Since each user has a different PIN, two individuals receiving the same challenge will have different responses. The device can also use the

date or time as a variable for the response calculation so that the same challenge at

different times will yield different responses, even for the same individual. Multifactor

Multifactor is a term used to describe the use of more than one authentication mechanism at the same time. An example of this is the hardware token, which requires

both a personal identification number or password and the device itself to determine the correct response in order to authenticate to the system. This means that both the something- you-have and something-you-know mechanisms are used as factors in

verifying authenticity of the user. Biometrics are also often used in conjunction with a personal identification number so that they too can be used as part of a multifactor

authentication scheme, in this case something you are as well as something you know. The purpose of multifactor authentication is to increase the level of security, since more than one mechanism would have to be spoofed in order for an unauthorized individual

to gain access to a computer system or network. The most common example of multifactor security is the common ATM card most of us have in our wallets.

Mutual Authentication


33

Mutual authentication is a term used to describe a process in which each side of an electronic communication verifies the authenticity of the other. We are used to the idea of having to authenticate ourselves to our Internet service provider (ISP) before we

access the Internet, generally through the use of a user identification/password pair, but how do we actually know that we are really communicating with our ISP and not

some other system that has somehow inserted itself into our communication (a man-in-the-middle attack). Mutual authentication would provide a mechanism for each side of a client/ server relationship to verify the authenticity of the other to address this issue.

B

oa

rd

Qu

est

ion

P

ape

r S

ol

uti

on

Sample Paper -1

a. List and Describe basic components of computer security

Ans.Refer Q.No. b. Describe the of denial of service attack with help of diagram.

Ans.Refer Q.No.

c. What is virus and Worms? Describe the virus spreading mechanism.


34

Ans.Refer Q.No. d. Describe Threat , Vulnerability and attack as characteristics of Computer

Ans.Refer Q.No.

Sample Paper – II

a. Describe Criminal organization and Terrorist and Information warfare. Ans.Refer Q.No.

b. What is attack, Describe DOS , DDOS , POD. Ans.Refer Q.No.

c. Describe stealth virus , polymorphic virus , macro Virus ,Boot sector

virus. Ans.Refer Q.No.

d. Describe in details different layers of security. Ans.Refer Q.No.

e. What is threat , describe Interruption , modification , fabrication related to threat.

Ans.Refer Q.No.

Winter 2008 a. Describe the following terms:

(i)Overwriting viruses (ii)Stealth viruses Ans.Refer Q.No.

b. Describe the different phase of viruses Ans. Refer Q.No.

c. What is computer security? Describe any three function of computer security

Ans. Refer Q.No. d. With neat sketch diagram, explain the following:

(i) SYN flood attack (ii) Bucket-Bridge attack Ans. Refer Q.No.

Summer 2009 a. Describe the term authentication. Explain authenticity

Ans. Refer Q.No. b. Describe the term virus and worms with example.

Ans. Refer Q.No.

Winter 2009 a. Compare Intruders and Insiders.


35

Ans. Refer Q.No. b. Explain denial of service attack

Ans. Refer Q.No. c. Explain different methods of authentication.

Ans. Refer Q.No.

d. What are the different ways of spoofing ? Explain Ans. Refer Q.No.

Summer 2010 a. List and describe basic component of computer security.

Ans. Refer Q.No. b. Define the terms data security, information security n/w security and

computer security Ans. Refer Q.No.

c. What is virus and worm? Describe the worms spreading mechanism Ans. Refer Q.No.

d. Describe Sniffing and Spoofing.

Ans. Refer Q.No.

e. Describe Trojan horse, Rabbit Bacterium and Scavenging.

Ans. Refer Q.No.

Question Bank Chapter-1 Q1. Describe the basic components of Computer Security. Q2. Differentiate between Viruses and Worms.

Q3. Describe the term Viruses. Q4. Describe the term Worms,

Q5. Describe the term Trojan Horse. Q6. Describe the term Logic Bombs. Q7. Discuss why insiders are considered such a threat to organization?

Q8. What is Threats? Describe all types of Threats. Q9. Describe the importance of Security.

Q10. What are the main types of PC Viruses?

Q11. Describe the term Polymorphic Virus. Q12. List different types of attacks.

Q13. Describe the two categories of Viruses. Q14. List the Triggers of the Virus Attack, Q15. Describe the steps for protection against viruses.

Q16. Draw the structure of a worm. Q17. Describe two example of worm.

Q18. What is meant by Attacks? List the types of Attack.


36

Q19. What is meant by Backdoors Attack? Q20. What is meant by Trapdoors Attack? Q21. Explain the operational model of computer security?

Q22. Explain in why the criminal organizations are to flow into the structured threat category?

Q23. What is Information warfare? Why many nations are conducting Information

warfare? Q24. What are different possible ways of attack?

Q25. Explain the Backdoor and Trapdoor attacks? Q26. What are different ways of spoofing? Q27. Describe the term Denial of Service (DOS) Attack.

Q28. Describe the term Sniffing. Q29. Describe the term Spooling Attack.

Q30. Draw and describe the Man-in-the Middle Attack. Q31. What is TCP/IP Hijacking? Q32. What is CIA of a security?

Q33. what are layers of security? Q34. Explain different models of access controls? Q35. Explain different methods of authentication?

Q36. Describe the basic components of Computer Security? Q37. Differentiate between Viruses And Worms.

Q38. What is Threats? Describe all types of Threats. Q39. What are the main types of PC Viruses? Q40. Describe the two categories of Viruses.

Q41. List the triggers of the Virus Attack. Q42. Describe the steps for protection against viruses.

Q43. Describe the term TCP/IP Hijacking Q44. Describe the term Boot Sector Viruses. Q45. Describe the layers of the Computer Security.

Q46. Describe the two methods used in Mandatory Access Control. Q47. Describe two Access Control Techniques. Q48. Describe the term Memory Resident Viruses.

Q49. Describe the term TCP/IP Hijacking. Q50. Describe the term Encryption Attacks.

Q51. Describe the term Malware. Q52. List the types of Malicious Code. Q53. List the characteristics of Virus.

Q54. Describe the term Boot Sector Viruses. Q55. Describe the term Memory Resident Viruses. Q56. Describe the details of Security Basics.

Q57. Describe the layers of Computer Security. Q58. Describe two Access Control Techniques.

Q59. What are the two concept in Discretionary Access Control? Q60. Describe the two methods used in Mandatory Access Control. Q61. Describe the three primary rules for role Based Access Control

Q62. What is Authentication? List the two example. Q63. Write a short note on

- DOS - Sniffing


37

- Viruses - Man-In-Middle attack

chapter-2 : computer security gscheme -- 2014 chapter-2 ... authentication and... · user name and...

Documents