# Introduction to Information Security - Lernzettel ## Security ### Security objectives - Confidentiality Contents of objects cannot be read by third parties. - Integrity Whether or not a message has been modified between origin and receiver. - Availability Guaranteed access to the information for permitted parties. - Access Control Only permitted parties are allowed to access the information. - Non-repudiation Proof that an entity was involved in some event. ### CIA - Confidentiality - Integrity - Availability ### Perkerian hexad - Confidentiality - Integrity - Availability - Utility Ensures that the information is useful and insensitive to e.g. lost keys. - Possession or Control Be sure that the possessor is in control of the information at all times. - Authenticity Verification of claimed identities. Notice: In most cases, this just proves entities (e.g. machines), not humans. Also, there must be a point in time where authentication starts. If this step is taken automatically by a machine (e.g. session start), there is no valid inference to the actual human. ### Secrecy Confidentiality+. Not only provides hidden contents, but also hides the fact that there is content at all. ### Strategy 1. Prevention 2. Detection 3. Reaction ## Reliability Reliability addresses consequences of accidential errors. Reliability checks if service interruptions cause low or medium disturbance. ## Safety Safety addresses catastrophic influences on the environment (e.g. human life). Safety checks if service interruptions cause very high disturbance and even harm. ## Authentication ### Modes As a user, you can be authenticated on the basis of - Something you know (e.g. password) - Something you hold (e.g. ID card) - Who you are (e.g. biometrics) - What you do (e.g. behaviour analysis) - Where you are (e.g. geo-location) ### Passwords - Assure correct receiver of the initial password. Communication might be intercepted. - Call back already authenticated entities, which are authorized to hand over the password. - Force the user to change the password immediately after first login. - Provide multi-factor authentication to let the user to be able to reset forgotten passwords without costly helpdesks. ### Guessing passwords - Brute force - Intelligent search (alphabet limits, length limits) ### Password protection - No expiry dates Studies have shown that this results in worse passwords. - No restrictions in password alphabet Studies have shown that this leads to less possibilities in exhaustive guessing and therefore leads to worse passwords. - Set a minimum length instead Has a higher impact than complexity. Set the maximum to at least 64. - No hints - Show passwords while typing Doing the opposite motivates the user to choose shorter passwords. - Allow passwords to be pasted This enables secure password managers to be used. - Forbid commonly used passwords Makes dictionary attacks difficult. - Limit number of failed password attempts ### Biometrics #### Use cases | Use case | Cardinality | Description | | -------- | ----------- | ----------- | | Identification | 1:n | Identify the user from a set of users in a database. | | Verification | 1:1 | Verifies the single claimed identity by comparing captured patterns to the stored patterns. | #### False match rate (FMR) How often is a false match attempt successful, which it should not be? Best case: $\text{FMR} = 0$. $\text{FMR} = \frac{\text{\# successful false matches}}{\text{\# attempted false matches}}$ #### False non-match rate (FNMR) How often is a genuine match attempt rejected, which it should not be? Best case: $\text{FNMR} = 0$. $\text{FNMR} = \frac{\text{\# rejected genuine matches}}{\text{\# attempted genuine matches}}$ #### Fitting Rate A value (in %) indicating how much the captured pattern fits the stored pattern in the database. ##### Examples A *Fitting Rate* of 100% indicates that all of the captured pattern data fits the data stored in the database (unlikely, due to noise). A *Fitting Rate* of 50% indicates that half the pattern data fits the data stored in the database. #### Matching Threshold A value (in %) determining the minimum *Fitting Rate* for an matching check to be considered as matching. A lower *Matching Threshold* raises the amount of false positive matching checks, but lowers the amount of rejected genuine matching checks. *FMR* increases, *FNMR* decreases. A higher *Matching Threshold* raises the amount of rejected genuine matching checks, but lowers the amount of false positive matching checks. *FMR* increases, *FNMR* decreases. #### Equal Error Rate (EER) The value of *Matching Threshold*, at which $\text{FMR} = \text{FNMR}$. #### Failure-To-Capture Rate (FTC) Frequency of failing to capture a sample. #### Failure-To-Extract Rate (FTX) Frequency of failing to extract a feature of a sample. #### Failure-To-Acquire Rate (FTA) Frequency of failing to acquire a biometric feature. $\text{FTA} = \text{FTC} + \text{FTX} \times (1 - \text{FTC})$ #### False Accept Rate (FAR) $\text{FAR} = \text{FMR} \times (1 - \text{FTA})$ #### False Reject Rate (FRR) $\text{FRR} = \text{FTA} + \text{FNMR} \times (1 - \text{FTA})$ #### False Positive Identification Rate (FPIR) Probability of some sample to match at least one of the entries in the database. $\text{FPIR} = (1 - \text{FTA}) \times (1 - (1 - \text{FMR})^{n})$ ## Threat scenarios No security issues without threat models! E.g. a password is considered safe without any provided threat model. ### Smurf attack Attacker sends out ICMP ping request with spoofed sender IP address of the victim to the broadcast of some network. All recipients will answer the ping, and send the answer packets to the IP address they think was the sender, which is the victims IP address. In a network with 100 nodes, a single broadcast ICMP request results in 100 answers sent to the victim, causing a denial of service. ### Password compromise Old threat model: One machine, one password. One compromised password means one compromised machine. New threat model: Multiple machines, one or similar passwords. One compromised machine can cause other compromised passwords. ### Password spoofing attack Attacker presents a fake login screen to the victim. Victim enters his password and the attacker captures the data forwarded by the fake login screen. #### Countermeasures - System authentication to the user - Display number of failed logins Indicates compromised password to the user.