Security Principles

Security Principles

Six principles are commonly used to describe the phases for evaluating a system's security or vulnerability. These principles are Authentication, Access Control and Authorization, Nonrepudiation, Privacy and Confidentiality, Integrity, and Auditing. They are presented here in no particular order and are heavily interdependent. In fact, the relative importance of each depends on the system or component being evaluated.

Authentication

Authentication is the principle that users, processes, or hardware components be able to identify other users, processes, or hardware components in the system as who or what they say they are, and vice versa.

When a wireless device requests service from a local wireless service provider, it presents the system with user credentials. This varies from device to device, but a cellular phone, for example, sends the device's ECN (Electronic Control Number) and DCN (Digital Control Number). The local service provider uses these credentials to authenticate the device as an authorized user of the system. Usually, the DCN is a telephone number, but it can be thought of as a userid. The ECN is linked to the device and is a digital serial number, similar to a password. The ECN is used with the intention of confirming that the device claiming to be an individual's phone with that individual's userid is, in fact, the phone assigned to that individual. Changing a cellular phone's DCN is relatively easy and, in many cases, can be done via the device's keypad. Changing the ECN is a much more difficult task, often requiring proprietary hardware and software. Therefore, a service provider who verifies that both are correct has some assurance that the individual is who she claims to be, that authentication has been established.

Why should anyone care about authentication? Better yet, why should anyone sacrifice functionality for accurate authentication? If a user is using a PDA to transfer funds between a bank account and an investment account with a broker, the user wants to be sure that the bank knows that it is not someone else falsely claiming to be that user and transferring funds to his own bank account. Users want the bank to authenticate that the correct user is making the request.

Access Control and Authorization

Access Control and Authorization is the principle that a process or hardware component be capable of controlling access to whatever resources that process or hardware component represents or controls.

Access Control and Authorization are closely tied to Authentication. This service provides access control by requiring a user to provide authentication to verify that he is authorized to use the service. Access control and authorization can also be seen on the wireless device itself. Many phones have a lockout feature; the user must provide an access code before the device can be used. This feature provides protection against an unauthorized person's accessing a cell phone and assuming the owner's identity when using the cellular service.

Bringing this idea home, picture a wireless network setup in your home. You track your finances by using an accounting program on your desktop computer. You also trade stocks with an online brokerage service and store other personal data on the machine. You do not want anyone to access your wireless network without your permission, so you implement access control to authenticate anyone attempting to access your network.

Nonrepudiation

Nonrepudiation is the principle that a user or process be identifiable and accountable for its actions in a manner that prohibits the user or process from denying its involvement at a later date.

To explain nonrepudiation, we will describe a familiar transaction, charging something to a credit card. A vendor requests a credit card, swipes the card in a reader, and enters the transaction amount. The card reader then contacts the card provider and verifies that the card is valid and the amount requested is acceptable for that person's credit profile. Finally, an authorization message is returned. The reader prints the transaction on a carbonized receipt that provides multiple copies of the transaction. The receipt is presented to the user for her signature. The vendor verifies that the signature matches the one on the card. Both the cardholder and the vendor retain a copy of the receipt. The dual receipts, with the card provider's authorization and signature, provide nonrepudiation. The cardholder cannot deny that she made the transaction, because the vendor has a copy of the receipt with her signature. The vendor cannot modify the transaction (for example, alter the amount), because the cardholder has a copy of the receipt. The nonrepudiation in this example easily transfers to a requirement for wireless m-commerce applications. How to implement such a requirement, however, is not as obvious.

Privacy and Confidentiality

Privacy and Confidentiality is the principle that a user, process, or hardware component have the entitlement to protect its information from unauthorized disclosure.

Lately, this topic has generated a lot of press associated with the protection of credit card information over the Web, legal authorities' subpoenaing e-mail and online purchase records, and the monitoring of ISPs to determine users' surfing habits. It has become clear that consumers, and not just government agencies, are concerned about privacy and confidentiality on wired and wireless networks.

Privacy and confidentiality are a tricky and often contentious issue. Consumers who want to surf the Web in anonymity (or with increased privacy) need to be able to conduct commerce over the Internet, where nonrepudiation for a transaction is necessary. At the same time, a transaction must be confidential.

Certain government agencies would prefer that all communications and transactions be visible, at least, to their specific agency. To make this a reality, several foreign governments have gone so far as to outlaw the use of cryptography. To counter this, privacy fanatics have circumvented even this extreme measure by utilizing steganography instead of cryptography. Steganography is the use of techniques to hide information within other, innocuous-looking data files or streams. Several worldwide conferences on steganography are becoming very well attended. Although steganography provides excellent privacy and confidentiality (after all, it is hard to read what you cannot find), it usually requires a relatively large amount of innocuous data to hide a relatively small amount of payload. Therefore, although intriguing, this technique is not well suited for commercial wireless use, so we will not explore this aspect of confidentiality directly. Rather, we will point out that this idea lends itself to other security uses, such as digital watermarking.

Integrity

Integrity is the principle that a user, process, or hardware component have the capability to verify the accuracy of what is sent or delivered and that the process or hardware component has not been altered in some way.

Integrity has always been of prime importance for consumers conducting transactions electronically. For the most part, it is taken for granted. Today, for example, taxpayers can complete their taxes on the Web and submit them electronically. How many complete a parallel copy of the taxes manually, or at least offline, to ensure that the computations are correct and the proper information is being recorded on the proper forms? Certainly not a majority. Couple this with the thought that these returns are then processed on 25-year-old IRS computer systems, and the lack of integrity should make you shudder. Consumers demand that the processes and services they use provide reliability because they deal with critical information that can have serious consequences if its integrity is not maintained.

Auditing

Auditing is the principle that the activities of a user, process, or hardware component be reviewed to ensure that whatever was performed was appropriate for the given entity.

Auditing can be both a reactive and proactive process reactive in that audit logs may be examined at a later date as a forensic measure to identify the source of a security problem or to determine the extent of the exposure, proactive in that audit logs may be examined at or near real time to detect abnormal behavior or prevent someone from attempting to bypass security measures. Clearly, the latter is preferable, but examining logs or monitoring user activity in real time is resource-intensive. If this type of monitoring is deemed appropriate, what is monitored must be carefully planned.

Return for a moment to the cell phone ECN/DCN discussion referring to authentication. If service providers truly believed that their ECN/DCN combination for authentication of the end user could not be replicated, they would not perform as much auditing as they do. Service providers routinely implement an automated auditing system to monitor user access for anomalies for example, the same ECN/DCN combination accessing the system at the same time and the same ECN/DCN pair accessing the network from different locations (say, New York and Miami) within a short time. This activity may be perfectly legitimate, but it falls outside the normal usage pattern and would be flagged in an audit log to be reviewed by one of the service provider's security or auditing staff.

If security could be analyzed and implemented in a vacuum, without other considerations, applying this criteria is all that would be necessary to implement a secure system in any situation. However, in practical applications, security is only one aspect of a complete system. To evaluate the effect that implementing security has on a system, the development or operational principles and the management principles associated with the system must also be considered. We will now briefly discuss these principles to ensure your understanding of the trade-offs made during an analysis of a system and the subsequent implementation of a system, with the proper balance between these principles and security.

 



Wireless Security and Privacy(c) Best Practices and Design Techniques
Wireless Security and Privacy: Best Practices and Design Techniques
ISBN: 0201760347
EAN: 2147483647
Year: 2002
Pages: 73

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net