Information security

From Citizendium
Revision as of 18:27, 9 August 2008 by imported>Howard C. Berkowitz (Request not to apply subpages)
Jump to navigation Jump to search
Please do not put subpages on this until the title is firm.

Communications security are the set of protective measures applied to information that traverses a telecommunications network or computer network. There are a wide range of such measures, and not all are needed in every situation. There is no longer any sharp distinction between communications and information security. In a simpler world, once a user could gain access to a computer, all resources on that computer became available. As information threats grew, user rights were restricted on individual computers; a casual user of a public library no longer could install a new operating system. Now that many applications, invisibly to the user, may be executed using multiple computers, the distinction becomes minimally useful.

Still, it is reasonable to talk about the needs of the entire system. Governments may invest billions in communications intelligence organizations dedicated to breaking the strongest military and diplomatic communications of other governments. Each individual and organization has to address the question of whether a miscreant, whether an individual or a government, is likely to try to access one's own information and communications, and how much effort and expense the miscreant will use.

If one is a celebrity, the risks are greater. [1] In the cited example of hospital employees looking at an entertainer's records, however, the unauthorized access came from authorized access of the computer system, who had no justification to access those records. Restricting access, by health care workers, to a strict subset of records could limit the needed ability for legitimate access in an emergency. There are no simple answers.

Many years ago, Dennis Bransted, then with the U.S. National Institute of Standards and Technology coined the "5-S mnemonic that described attributes of a secure communication. We have additional threats today, but this is an excellent start about deciding if a given application needs all of these properties, or if some are not needed. For example, it may be important that a stock market transaction be protected against modification, but, since it will soon be announced, secrecy is not terribly important.

  • Sealed: cannot be modified without detection
  • Sequenced: protected against loss, replaying, or reordering of messages
  • Secret: protected against unauthorized disclosure
  • Signed: confirmed as coming from the sender
  • Stamped: the sender cannot deny sending and the receiver cannot deny receiving

The Security Process

One eternal truth about security is that it does not exist unless every action affecting a secure event can be audited. A reliable (often replicated) tamper-proof log is essential.

Administration

As an example, CZ gives limited privileges to a user who has not established an account. In the CZ case, to gain additional privileges, one minimally gives one's name and has it verified. That conveys author privilege. Additional privilege is needed to be an author or constable, and there appear to be additional system administrator and software modification privileges.

Articles, and text with them, have varying levels of object sensitivity. Anyone can read them. Any author can add or edit an unlocked version. Deletion of articles, however, requires constable privileges.

Note that privileges are described here as an administrative assignment, as are the restrictions on operations that can be performed on articles. These administrative controls precede interaction with the system.

Interactions

Access

To gain access beyond general reader, one begins by entering a user name known to CZ. Identification, in this security context, is the process of claiming an identity. Once that claim is made, it is subject to user authentication that confirms the user's identity.

While user authentication can be complex, any reasonably secure scheme uses at least two "factors": a purported identity, and a factor by which the system verifies the identity. In the CZ case, the second factor is "something you know", such as a password. In other cases, the second factor might be "something you are", such as a person with a biometrically verified fingerprint, or "something you have", such as a physical key or electronic security token.

After the user is authenticated, the system grants credentials. In an information system, a credential is a right to use a privilege. This usage of the term probably originated in the Kerberos authentication system. [2]

A user might have a privilege that cannot be exercised due to additional rules of credentialing. For example, a given user might need to be at a workstation within a physically secured perimeter to use some privilege; the credential to use that privilege will not be granted to the same user accessing the protected system from the public Internet.

The wise user, however, may want mutual authentication. Some excellent online banking systems not only require two-factor authentication from the user, but also to the user. Phishing is a security attack in which the miscreant convinces the user that a false server is the real one. A common phishing technique is to send an HTML-formatted electronic mail message, which appears to have a link to the real server. Unless the HTML code is examined, for purposes of this example, there is no easy way to distinguish a well-forged message, linking to the miscreant's server, from a real message.

If, however, server identification is in effect, the server must present a second factor to the user, such as a password the user assigned to the bank account from the bank's customer service department. More sophisticated techniques present digital certificates, which, minimally, use cryptography as a means of authentication. By adding server authentication of any sort, the overall authentication process now has at least three factors. Techniques of encrypting or all of the factors make the authentication even stronger.

Information transfer

Atomic integrity

Sequential integrity

Content confidentiality

Nonrepudiation

Sender nonrepudiation

Receiver nonrepudiation

Denial of service

References

  1. "27 suspended for Clooney file peek", Cable News Network, 10 October 2007
  2. C. Neuman, T. Yu, S. Hartman, K. Raeburn (July 2005), The Kerberos Network Authentication Service (V5), Internet Engineering Task Force, RFC 4120