# Introduction to Information Security - Lernzettel ## Security ### Security objectives - Confidentiality Contents of objects cannot be read by third parties. - Integrity Whether or not a message has been modified between origin and receiver. - Availability Guaranteed access to the information for permitted parties. - Access Control Only permitted parties are allowed to access the information. - Non-repudiation Proof that an entity was involved in some event. ### CIA - Confidentiality - Integrity - Availability ### Perkerian hexad - Confidentiality - Integrity - Availability - Utility Ensures that the information is useful and insensitive to e.g. lost keys. - Possession or Control Be sure that the possessor is in control of the information at all times. - Authenticity Verification of claimed identities. Notice: In most cases, this just proves entities (e.g. machines), not humans. Also, there must be a point in time where authentication starts. If this step is taken automatically by a machine (e.g. session start), there is no valid inference to the actual human. ### Secrecy Confidentiality+. Not only provides hidden contents, but also hides the fact that there is content at all. ### Strategy 1. Prevention 2. Detection 3. Reaction ## Reliability Reliability addresses consequences of accidential errors. Reliability checks if service interruptions cause low or medium disturbance. ## Safety Safety addresses catastrophic influences on the environment (e.g. human life). Safety checks if service interruptions cause very high disturbance and even harm. ## Authentication ### Modes As a user, you can be authenticated on the basis of - Something you know (e.g. password) - Something you hold (e.g. ID card) - Who you are (e.g. biometrics) - What you do (e.g. behaviour analysis) - Where you are (e.g. geo-location) ### Passwords - Assure correct receiver of the initial password. Communication might be intercepted. - Call back already authenticated entities, which are authorized to hand over the password. - Force the user to change the password immediately after first login. - Provide multi-factor authentication to let the user to be able to reset forgotten passwords without costly helpdesks. ### Guessing passwords - Brute force - Intelligent search (alphabet limits, length limits) ### Password protection - No expiry dates Studies have shown that this results in worse passwords. - No restrictions in password alphabet Studies have shown that this leads to less possibilities in exhaustive guessing and therefore leads to worse passwords. - Set a minimum length instead Has a higher impact than complexity. Set the maximum to at least 64. - No hints - Show passwords while typing Doing the opposite motivates the user to choose shorter passwords. - Allow passwords to be pasted This enables secure password managers to be used. - Forbid commonly used passwords Makes dictionary attacks difficult. - Limit number of failed password attempts ### Challenge Response Authentication 1. Authenticator knows the password. 2. User identifies himself and requests authentication. 3. Authenticator sends *nonce* (random, temporary number) to the user (challenge). 4. User computes the one-way-function result of the concatenation of password and nonce, sends the result to the authenticator. 5. Authenticator computes the same. 6. Authenticator compares his computed value with the users computed value. If they match, authentication is successful. ### HTTP Digest Authentication Same as *Challenge Response Authentication*, but the compare value is computed as: $$ \text{digest} = \text{h}(\text{h}(\text{username}:\text{realm}:\text{password}):\text{nonce}:\text{h}(\text{method}:\text{digest-uri})) $$, $\text{h}$ being a one-way-function, $\text{:}$ being the concatenation operator. ### Biometrics #### Use cases | Use case | Cardinality | Description | | -------- | ----------- | ----------- | | Identification | 1:n | Identify the user from a set of users in a database. | | Verification | 1:1 | Verifies the single claimed identity by comparing captured patterns to the stored patterns. | #### False match rate (FMR) How often is a false match attempt successful, which it should not be? Best case: $\text{FMR} = 0$. It can be interpreted as a measure of quality of the specific scheme. The lower the value, the better. $\text{FMR} = \frac{\text{\# successful false matches}}{\text{\# attempted false matches}}$ #### False non-match rate (FNMR) How often is a genuine match attempt rejected, which it should not be? Best case: $\text{FNMR} = 0$. $\text{FNMR} = \frac{\text{\# rejected genuine matches}}{\text{\# attempted genuine matches}}$ #### Fitting Rate A value (in %) indicating how much the captured pattern fits the stored pattern in the database. ##### Examples A *Fitting Rate* of 100% indicates that all of the captured pattern data fits the data stored in the database (unlikely, due to noise). A *Fitting Rate* of 50% indicates that half the pattern data fits the data stored in the database. #### Matching Threshold A value (in %) determining the minimum *Fitting Rate* for an matching check to be considered as matching. A lower *Matching Threshold* raises the amount of false positive matching checks, but lowers the amount of rejected genuine matching checks. *FMR* increases, *FNMR* decreases. A higher *Matching Threshold* raises the amount of rejected genuine matching checks, but lowers the amount of false positive matching checks. *FMR* increases, *FNMR* decreases. #### Equal Error Rate (EER) The value of *Matching Threshold*, at which $\text{FMR} = \text{FNMR}$. #### Failure-To-Capture Rate (FTC) Frequency of failing to capture a sample. #### Failure-To-Extract Rate (FTX) Frequency of failing to extract a feature of a sample. #### Failure-To-Acquire Rate (FTA) Frequency of failing to acquire a biometric feature. $\text{FTA} = \text{FTC} + \text{FTX} \times (1 - \text{FTC})$ #### False Accept Rate (FAR) $\text{FAR} = \text{FMR} \times (1 - \text{FTA})$ #### False Reject Rate (FRR) $\text{FRR} = \text{FTA} + \text{FNMR} \times (1 - \text{FTA})$ #### False Positive Identification Rate (FPIR) Probability of some sample to match at least one of the entries in the database. $\text{FPIR} = (1 - \text{FTA}) \times (1 - (1 - \text{FMR})^{n})$ #### Biometrics in remote authentication *FPIR* scales up with increased *n* (database size), which makes it unusable in remote authentication with large databases. ##### Examples Using a biometric scheme with $\text{FMR} = 0.01\%$ and a database of size $\text{n} = 80000$ results in $\text{FPIR} = (1 - 0) \times (1 - (1 - 0.0001)^{80000}) = 99.97\%$. ## Encryption ### Cipher #### Block Cipher *Block Cipher* encrypts long sequences of data with the same key. Single bit errors in ciphertext cause bit errors on half of the cleartext on average. #### Stream Cipher *Stream cipher* encrypts short sequences of data with a changing key per sequence, coming from a *key stream*, generated by a *key generator*. Security of ciphertext depends on the security of the *key generator*. Single bit errors in ciphertext cause single bit errors in cleartext. This is commonly used in noisy channels. ### Public Key Encryption *A* encrypts message with public key of *B* (publicly available via *Public Key Infrastructure* (PKI)). This message is only decryptable with the private key of *B* (only available to *B*). Public keys need to be bound to the actual receiver! You have to make sure the public key you have is actually the key of the receiver and not somebody you think is the receiver (receiving machine being used by many users, spoofing). ### Message Authentication Codes (MAC) *Message Authentication Codes* are used to verify the integrity of a message (proof, that the message has not been modified between sender and receiver). 1. Sender and receiver share a common secret key *k*. 2. Sender computes $\text{MAC}_\text{sent} = \text{h}(\text{k}, \text{x})$, *h* being a one-way-function, *x* being the message. 3. Sender sends message *x* with $\text{MAC}_\text{sent}$. 4. Receiver receives the message and $\text{MAC}_\text{sent}$ and $\text{MAC}_\text{received} = \text{h}(\text{k}, \text{x'})$ with *x'* being the received message. 5. Receiver compares $\text{MAC}_\text{sent}$ and $\text{MAC}_\text{received}$. If they match, the message is considered not modified. ### Digital Signatures *Digital Signatures* are used to verify the integrity of a message, same as *MAC*. Compared to *MAC*, it does not rely on shared secret keys. Instead, it uses *Private Key* for signing, and *Public Key* to verify. 1. Sender computes $\text{sig} = \text{h}(\text{private}, \text{message})$. 2. Sender sends message and appends signature $\text{sig}$. 3. Receiver verifies signature $\text{sig}$ using *Public Key* of the sender. ## Threat scenarios No security issues without threat models! E.g. a password is considered safe without any provided threat model. ### Smurf attack Attacker sends out ICMP ping request with spoofed sender IP address of the victim to the broadcast of some network. All recipients will answer the ping, and send the answer packets to the IP address they think was the sender, which is the victims IP address. In a network with 100 nodes, a single broadcast ICMP request results in 100 answers sent to the victim, causing a denial of service. ### Password compromise Old threat model: One machine, one password. One compromised password means one compromised machine. New threat model: Multiple machines, one or similar passwords. One compromised machine can cause other compromised passwords. ### Password spoofing attack Attacker presents a fake login screen to the victim. Victim enters his password and the attacker captures the data forwarded by the fake login screen. #### Countermeasures - System authentication to the user - Display number of failed logins Indicates compromised password to the user.