More Books
Introduction to Computer Security
Introduction to Computer Security
Table of Contents
Copyright
Preface
Goals
Philosophy
Organization
Differences Between this Book and Computer Security: Art and Science
Special Acknowledgment
Acknowledgments
Chapter 1. An Overview of Computer Security
Section 1.1.  The Basic Components
Section 1.2.  Threats
Section 1.3.  Policy and Mechanism
Section 1.4.  Assumptions and Trust
Section 1.5.  Assurance
Section 1.6.  Operational Issues
Section 1.7.  Human Issues
Section 1.8.  Tying It All Together
Section 1.9.  Summary
Section 1.10.  Further Reading
Section 1.11.  Exercises
Chapter 2. Access Control Matrix
Section 2.1.  Protection State
Section 2.2.  Access Control Matrix Model
Section 2.3.  Protection State Transitions
Section 2.4.  Summary
Section 2.5.  Further Reading
Section 2.6.  Exercises
Chapter 3. Foundational Results
Section 3.1.  The General Question
Section 3.2.  Basic Results
Section 3.3.  Summary
Section 3.4.  Further Reading
Section 3.5.  Exercises
Chapter 4. Security Policies
Section 4.1.  Security Policies
Section 4.2.  Types of Security Policies
Section 4.3.  The Role of Trust
Section 4.4.  Types of Access Control
Section 4.5.  Example: Academic Computer Security Policy
Section 4.6.  Summary
Section 4.7.  Further Reading
Section 4.8.  Exercises
Chapter 5. Confidentiality Policies
Section 5.1.  Goals of Confidentiality Policies
Section 5.2.  The Bell-LaPadula Model
Section 5.3.  Summary
Section 5.4.  Further Reading
Section 5.5.  Exercises
Chapter 6. Integrity Policies
Section 6.1.  Goals
Section 6.2.  Biba Integrity Model
Section 6.3.  Clark-Wilson Integrity Model
Section 6.4.  Summary
Section 6.5.  Further Reading
Section 6.6.  Exercises
Chapter 7. Hybrid Policies
Section 7.1.  Chinese Wall Model
Section 7.2.  Clinical Information Systems Security Policy
Section 7.3.  Originator Controlled Access Control
Section 7.4.  Role-Based Access Control
Section 7.5.  Summary
Section 7.6.  Further Reading
Section 7.7.  Exercises
Chapter 8. Basic Cryptography
Section 8.1.  What Is Cryptography?
Section 8.2.  Classical Cryptosystems
Section 8.3.  Public Key Cryptography
Section 8.4.  Cryptographic Checksums
Section 8.5.  Summary
Section 8.6.  Further Reading
Section 8.7.  Exercises
Chapter 9. Key Management
Section 9.1.  Session and Interchange Keys
Section 9.2.  Key Exchange
Section 9.3.  Cryptographic Key Infrastructures
Section 9.4.  Storing and Revoking Keys
Section 9.5.  Digital Signatures
Section 9.6.  Summary
Section 9.7.  Further Reading
Section 9.8.  Exercises
Chapter 10. Cipher Techniques
Section 10.1.  Problems
Section 10.2.  Stream and Block Ciphers
Section 10.3.  Networks and Cryptography
Section 10.4.  Example Protocols
Section 10.5.  Summary
Section 10.6.  Further Reading
Section 10.7.  Exercises
Chapter 11. Authentication
Section 11.1.  Authentication Basics
Section 11.2.  Passwords
Section 11.3.  Challenge-Response
Section 11.4.  Biometrics
Section 11.5.  Location
Section 11.6.  Multiple Methods
Section 11.7.  Summary
Section 11.8.  Further Reading
Section 11.9.  Exercises
Chapter 12. Design Principles
Section 12.1.  Overview
Section 12.2.  Design Principles
Section 12.3.  Summary
Section 12.4.  Further Reading
Section 12.5.  Exercises
Chapte 13. Representing Identity
Section 13.1.  What Is Identity?
Section 13.2.  Files and Objects
Section 13.3.  Users
Section 13.4.  Groups and Roles
Section 13.5.  Naming and Certificates
Section 13.6.  Identity on the Web
Section 13.7.  Summary
Section 13.8.  Further Reading
Section 13.9.  Exercises
Chapter 14. Access Control Mechanisms
Section 14.1.  Access Control Lists
Section 14.2.  Capabilities
Section 14.3.  Locks and Keys
Section 14.4.  Ring-Based Access Control
Section 14.5.  Propagated Access Control Lists
Section 14.6.  Summary
Section 14.7.  Further Reading
Section 14.8.  Exercises
Chapter 15. Information Flow
Section 15.1.  Basics and Background
Section 15.2.  Compiler-Based Mechanisms
Section 15.3.  Execution-Based Mechanisms
Section 15.4.  Example Information Flow Controls
Section 15.5.  Summary
Section 15.6.  Further Reading
Section 15.7.  Exercises
Chapter 16. Confinement Problem
Section 16.1.  The Confinement Problem
Section 16.2.  Isolation
Section 16.3.  Covert Channels
Section 16.4.  Summary
Section 16.5.  Further Reading
Section 16.6.  Exercises
Chapter 17. Introduction to Assurance
Section 17.1.  Assurance and Trust
Section 17.2.  Building Secure and Trusted Systems
Section 17.3.  Building Security In or Adding Security Later
Section 17.4.  Summary
Section 17.5.  Further Reading
Section 17.6.  Exercises
Chapter 18. Evaluating Systems
Section 18.1.  Goals of Formal Evaluation
Section 18.2.  TCSEC: 19831999
Section 18.3.  FIPS 140: 1994Present
Section 18.4.  The Common Criteria: 1998Present
Section 18.5.  SSE-CMM: 1997Present
Section 18.6.  Summary
Section 18.7.  Further Reading
Section 18.8.  Exercises
Chapter 19. Malicious Logic
Section 19.1.  Introduction
Section 19.2.  Trojan Horses
Section 19.3.  Computer Viruses
Section 19.4.  Computer Worms
Section 19.5.  Other Forms of Malicious Logic
Section 19.6.  Defenses
Section 19.7.  Summary
Section 19.8.  Further Reading
Section 19.9.  Exercises
Chapter 20. Vulnerability Analysis
Section 20.1.  Introduction
Section 20.2.  Penetration Studies
Section 20.3.  Vulnerability Classification
Section 20.4.  Frameworks
Section 20.5.  Summary
Section 20.6.  Further Reading
Section 20.7.  Exercises
Chapter 21. Auditing
Section 21.1.  Definitions
Section 21.2.  Anatomy of an Auditing System
Section 21.3.  Designing an Auditing System
Section 21.4.  A Posteriori Design
Section 21.5.  Auditing Mechanisms
Section 21.6.  Examples: Auditing File Systems
Section 21.7.  Audit Browsing
Section 21.8.  Summary
Section 21.9.  Further Reading
Section 21.10.  Exercises
Chapter 22. Intrusion Detection
Section 22.1.  Principles
Section 22.2.  Basic Intrusion Detection
Section 22.3.  Models
Section 22.4.  Architecture
Section 22.5.  Organization of Intrusion Detection Systems
Section 22.6.  Intrusion Response
Section 22.7.  Summary
Section 22.8.  Further Reading
Section 22.9.  Exercises
Chapter 23. Network Security
Section 23.1.  Introduction
Section 23.2.  Policy Development
Section 23.3.  Network Organization
Section 23.4.  Availability and Network Flooding
Section 23.5.  Anticipating Attacks
Section 23.6.  Summary
Section 23.7.  Further Reading
Section 23.8.  Exercises
Chapter 24. System Security
Section 24.1.  Introduction
Section 24.2.  Policy
Section 24.3.  Networks
Section 24.4.  Users
Section 24.5.  Authentication
Section 24.6.  Processes
Section 24.7.  Files
Section 24.8.  Retrospective
Section 24.9.  Summary
Section 24.10.  Further Reading
Section 24.11.  Exercises
Chapter 25. User Security
Section 25.1.  Policy
Section 25.2.  Access
Section 25.3.  Files and Devices
Section 25.4.  Processes
Section 25.5.  Electronic Communications
Section 25.6.  Summary
Section 25.7.  Further Reading
Section 25.8.  Exercises
Chapter 26. Program Security
Section 26.1.  Introduction
Section 26.2.  Requirements and Policy
Section 26.3.  Design
Section 26.4.  Refinement and Implementation
Section 26.5.  Common Security-Related Programming Problems
Section 26.6.  Testing, Maintenance, and Operation
Section 26.7.  Distribution
Section 26.8.  Conclusion
Section 26.9.  Summary
Section 26.10.  Further Reading
Section 26.11.  Exercises
Chapter 27. Lattices
Section 27.1.  Basics
Section 27.2.  Lattices
Section 27.3.  Exercises
Chapter 28. The Extended Euclidean Algorithm
Section 28.1.  The Euclidean Algorithm
Section 28.2.  The Extended Euclidean Algorithm
Section 28.3.  Solving ax mod n = 1
Section 28.4.  Solving ax mod n = b
Section 28.5.  Exercises
Chapter 29. Virtual Machines
Section 29.1.  Virtual Machine Structure
Section 29.2.  Virtual Machine Monitor
Section 29.3.  Exercises
Bibliography
Index
SYMBOL
A
E
F
I
L
T

10.3. Networks and Cryptography

Before we discuss Internet protocols, a review of the relevant properties of networks is in order. The ISO/OSI model [894] provides an abstract representation of networks suitable for our purposes. Recall that the ISO/OSI model is composed of a series of layers (see Figure 10-2). Each host, conceptually, has a principal at each layer that communicates with a peer on other hosts. These principals communicate with principals at the same layer on other hosts. Layer 1, 2, and 3 principals interact only with similar principals at neighboring (directly connected) hosts. Principals at layers 4, 5, 6, and 7 interact only with similar principals at the other end of the communication. (For convenience, "host" refers to the appropriate principal in the following discussion.)

Figure 10-2. The ISO/OSI model. The dashed arrows indicate peer-to-peer communication. For example, the transport layers are communicating with each other. The solid arrows indicate the actual flow of bits. For example, the transport layer invokes network layer routines on the local host, which invoke data link layer routines, which put the bits onto the network. The physical layer passes the bits to the next "hop," or host, on the path. When the message reaches the destination, it is passed up to the appropriate level.


Each host in the network is connected to some set of other hosts. They exchange messages with those hosts. If host nob wants to send a message to host windsor, nob determines which of its immediate neighbors is closest to windsor (using an appropriate routing protocol) and forwards the message to it. That host, baton, determines which of its neighbors is closest to windsor and forwards the message to it. This process continues until a host, sunapee, receives the message and determines that windsor is an immediate neighbor. The message is forwarded to windsor, its endpoint.

Definition 105. Let hosts C0, …, Cn be such that Ci and Ci+1 are directly connected, for 0 i < n. A communications protocol that has C0 and Cn as its endpoints is called an end-to-end protocol. A communications protocol that has Cj and Cj+1 as its endpoints is called a link protocol.

The difference between an end-to-end protocol and a link protocol is that the intermediate hosts play no part in an end-to-end protocol other than forwarding messages. On the other hand, a link protocol describes how each pair of intermediate hosts processes each message.

EXAMPLE: The telnet protocol is an applications layer protocol that allows users to obtain a virtual terminal on a remote host. Thus, it is an end-to-end protocol. IP is a network layer protocol that guides messages from a host to one of its immediate neighbors. Thus, it is a link protocol.


The protocols involved can be cryptographic protocols. If the cryptographic processing is done only at the source and at the destination, the protocol is an end-to-end protocol. If cryptographic processing occurs at each host along the path from source to destination, the protocol is a link protocol. When encryption is used with either protocol, we use the terms end-to-end encryption and link encryption, respectively.

EXAMPLE: If the messages between the telnet client and server are enciphered [915], the encipherment and decipherment occur at the client and the server only. The protocol uses end-to-end encryption. The PPP Encryption Control Protocol [627] enciphers messages between intermediate hosts. When a host gets the message, it deciphers the message, determines which neighbor to send it to, reenciphers the message using the key appropriate for that neighbor, and sends it to that neighbor. This protocol uses link encryption.


In link encryption, each host shares a cryptographic key with its neighbor. (If public key cryptography is used, each host has its neighbor's public key. Link encryption based on public keys is rare.) The keys may be set on a per-host basis or a per-host-pair basis. Consider a network with four hosts called windsor, stripe, facer, and seaview. Each host is directly connected to the other three. With keys distributed on a per-host basis, each host has its own key, making four keys in all. Each host has the keys for the other three neighbors, as well as its own. All hosts use the same key to communicate with windsor. With keys distributed on a per-host-pair basis, each host has one key per possible connection, making six keys in all. Unlike the per-host situation, in the per-host-pair case, each host uses a different key to communicate with windsor. The message is deciphered at each intermediate host, reenciphered for the next hop, and forwarded. Attackers monitoring the network medium will not be able to read the messages, but attackers at the intermediate hosts will be able to do so.

In end-to-end encryption, each host shares a cryptographic key with each destination. (Again, if the encryption is based on public key cryptography, each host hasor can obtainthe public key of each destination.) As with link encryption, the keys may be selected on a per-host or per-host-pair basis. The sending host enciphers the message and forwards it to the first intermediate host. The intermediate host forwards it to the next host, and the process continues until the message reaches its destination. The destination host then deciphers it. The message is enciphered throughout its journey. Neither attackers monitoring the network nor attackers on the intermediate hosts can read the message. However, attackers can read the routing information used to forward the message.

These differences affect a form of cryptanalysis known as traffic analysis. A cryptanalyst can sometimes deduce information not from the content of the message but from the sender and recipient. For example, during the Allied invasion of Normandy in World War II, the Germans deduced which vessels were the command ships by observing which ships were sending and receiving the most signals. The content of the signals was not relevant; their source and destination were. Similar deductions can reveal information in the electronic world.

EXAMPLE: ARS&C is an engineering firm developing the next generation of network protocols. Each employee of ARS&C has his or her own workstation. All network traffic is enciphered using end-to-end encryption. A competitor of the company appears to be obtaining proprietary data. ARS&C has hired Alice to figure out who is leaking the information.

Alice begins by monitoring all network traffic. She notices that the workstations are grouped into three different divisions: corporate management, sales, and engineering. The leaks are coming from the engineering systems. She looks at the sources and destinations of all connections to and from the engineering systems and notices that the connections from corporate management center on three systems: curly, larry, and moe. The connections from larry always occur between midnight and four in the morning; those from the other two occur during the day. Alice then looks at the events of the days on which the connections take place. The connections from curly and moe occur on the days of management reviews and are invariably to the ftp or www port. The connections from larry are more infrequent and are to the telnet port. A few days after each connection, the competitor seems to have acquired new proprietary information.

From this analysis, Alice suggests that the host larry is somehow involved in the problem. She needs to check the systems that larry connects to and see if the proprietary data is on those systems. At no time has Alice read any of the traffic, because it is encrypted; but from the traffic analysis, she has determined the system involved in the compromise.