Encryption - VideoLectures.NET
Download
Report
Transcript Encryption - VideoLectures.NET
Security
infrastructures
for CNs
Dr. István MEZGÁR
Hungarian Academy of Sciences
[email protected]
1
Structure of the lecture
•
•
•
•
•
•
•
•
Introduction,
Definitions and connections,
Demands of security in a CN,
Fields and elements/components of security,
Security components and technologies for CNs,
Wireless technologies and their security,
Trends in security,
Conclusions.
2
Goal of the lecture
The goal is to give an overview on security
HW & SW elements and technologies that
can be applied in collaborative networks.
This overview doesn’t intend to go into
details (because of the strongly limited
time-frame of the lecture), rather to give
possible starting points for the audience to
find the direction of solutions for security
problems in a CN.
3
Definitions and relations
4
What is security?
• Security can be defined as the state of certainty that
computerized data and program files cannot be accessed,
obtained, or modified by unauthorized personnel.
•
Security is a conscious risk-taking, it is a practice of risk
management, so in every phase of a computer system’s life
cycle must be applied the proper security level. Security
must be so strong, that it would not be worth to attack the
system, because the investment of an attack would be
higher than the expected benefits .
5
Security in practice
• There is no open system that is completely secure
(NO 100 % security!).
• Increases in system security typically decrease
system performance and usefulness.
• At different system levels different security
solutions have to be applied, and these separate
parts have to cover the entire system consistently.
• Important role of human beings/users!
6
Security Infrastructure
• Infrastructure is the set of interconnected
physical and immaterial components that
provide the framework required for a
particular system to function properly.
• In case of Security Infrastructure this means
computer and network security HW and SW
components, security organization &
technologies, and organized staff training.
7
Connection between trust
and security
• When do people feel safe and secure a
system/network, what causes these feelings?
• „The feeling of security experienced by a user of
an interactive system is determined by the user's
feeling of control of the interactive system". The
more a user feels in control of an interactive
program, the more the user will trust the site, the
program and the service represented by the site.
(D’Hertefelt, 2000)
8
Definition of trust
Trust can be defined as a psychological
condition comprising the trustor’s intention
to accept vulnerability based upon positive
expectations of the trustee’s intentions or
behaviour (Rousseau et al. 1998). Those
positive expectations are based upon the
trustor’s cognitive and affective evaluations
of the trustee and the system/world as well
as of the disposition of the trustor to trust.
9
Types of trust
• Intrapersonal trust - trust in one’s own abilities;
• Interpersonal trust - expectation based on
cognitive and affective evaluation of the partners;
• System trust - trust in depersonalised systems (e.g.
legal system, technology);
• Object trust - trust in non-social objects; trust in its
correct functioning (e.g. in an electronic device).
(Luhman 1979).
10
Trust building
Psychology (human-human)
Face-to-face (direct contact)
Without contact (virtual teams)
Technical (human-system)
Interfaces (menu structure, graphical, control)
Security services (confidentiality, integrity,
authentication, access contr., non repudiation)
11
Role of interfaces
• The inteface is the connection between
humans/computers,
• Information Society - everybody is a user,
• Mobility is a demand,
• Multimodal & “All Senses” interfaces,
• “For All or Abled Bodied Only” .
12
Security and Collaborative
Networks
13
CN and security
• During communication in a CN, a huge amount of
extremely valuable technical data and information
(development, product, process data beside
business information) are moving through the
network, making security a vital concern.
• The management of collaborative networks will be
controlled also from mobile devices in the close
future, so security problems of mobile
communication has of vital importance.
14
Specialties of CN
• Very frequent communication on different
channels,
• Type of communication - different mobile,
wireless, wired,
• Availability at any time at any place – wireless
mobile,
• Data Validity became shorter.
• Content of communication can be voice, data,
multimedia, ….
• Not formal - Many human-to-human connection,
15
CN security requirements
• Same level protection of all types of enterprise
data (for all company forming the CN)
Privacy and integrity of all types of documents during all
phases of storage and communication (Data and
communication security – Certification, Encryption),
• To enable companies confidential access control,
• Authorization and authentication of services
(digital signature).
16
Life cycle phases of CN and the needed trusttypes and the realization mechanisms
Life cycle phases of
networked production
system
Types of trust
needed
Security services to
be applied
Security mechanisms
Intrapersonal
Interpersonal
System
Authentication
Confidentiality
Encryption
Forming NO
Start-up operation
Interpersonal
System
Object
Authentication
Confidentiality
Integrity
Non-repudiation
Encryption
Checksums/hash algorithms
System
Object
Access control
Authentication
Confidentiality
Integrity
Non-repudiation
Access control
Authentication
Confidentiality
Integrity
Non-repudiation
Access control
Authentication
Confidentiality
Integrity
Non-repudiation
Encryption
Digital signatures
Operation
Closing operation
Break-up NO
Interpersonal
System
Object
Interpersonal
System
Encryption
Digital signatures
Encryption
Digital signatures
17
Fields, elements and technologies
of security
18
Fields of
computer security
Organization
security
Personal
security
Definition of
security polSW
security icy (e.g. access rights)
Employment of
trained and reliable staff
Placing the
computers in
HW
secure locasecurity tion of the
building and
offices
Physical identification technologies (fingerprints, etc.)
Network (channel)
security
Computer
(end point) security
Using tested appliUsing tested network
cation SW tools, and
SW tools, and concontinuously
tinuously checked
checked operation
communication chansystem, and properly
nels and well configconfigured HW sysured network elements
tems
Prevent direct physiPrevent direct, or
cal access to comclose access to netputers by unauthorwork cables, or
ized persons, or a
application of special
close access in electechnologies
tromagnetic way
19
Computer & environment
security
Levels
Function of the Level
Example
Security method, technology, tool, etc.
What type of security activities are done on the level
secure access to the information displayed on the screen
filtered access to sensitive
data (Excel cell hiding)
User
interfaces
To help the user to use the computer HW and SW possibilities
(USEABILITY)
Xwindow, pop-up
menus, sensitive surfaces (e.g.. HTML,
Windows help)
password protected screen saver
Applications
To help the user in solving the
given tasks through different
program packages
(FUNCTIONALITY)
Word processors, image editors, Excel,
MatLab, etc.
Cryptography SW, password protected
appearance of programs or information
Secure use of applications
and applications related files
Basic
SW and
communication
To manage data, applications
and communication tasks.
Networking SW,
WWW browsers, file
managers, archivation
programs
Password protected archives, and file
systems,
Secure use of SW and the SW
related files
Operation
system
To solve OS dependent tasks by
a specific HW based, more specific SW.
DOS, Windows versions, UNIX versions,
VMS, Mainframe,
Macintosh
user authorization file (SYS$UAF.DAT
on VMS, /etc/passwd on UNIX /etc/shadow on secure UNIX…) and
ACL files (Access Control List) and different rights for different groups/entities.
Secure use of OS and OS related programs, and files.
printer, monitor,
mouse, scanner, plotter
Physical security, tokens, smart cards,
HW locks
To guarantee the secure
physical access to the computer itself.
Ethernet card, modem,
camera, fax, microphone, head-set
Security policy, environment security,
security and disaster plan, education…
To guarantee the secure
physical access to the computer environment
Hardware
Environment
To help in extending computer’s
capabilities: printing, scanning,
presenting on monitor or by a
miller machine in different materials, store data, etc.
To extend the computer’s capacity in connection with the
outside world: phone-modem,
ATM-line, ISDN-line, Internet,
telescope or other tool’s control,
etc.
20
Network security
Laye
r
Num
ber
Layers of
the OSI
reference
model
TCP/IP
Protocols
FTP, SMTP,
TELNET,
SNMP, NFS,
Xwindows,
NNTP,IRC,
HTTP, WAP
ASCII,
EBCDIC,
ASN1, XDR
7.
Application
6.
Presentation
5.
Session
RPC
4.
Transport
TCP, UDP
3.
Network
IP
2.
Data link
X.25, SLIP,
PPP, Frame
Relay
Physical
LAN,
ARPANET
1.
SECURITY PROTOCOLS
S-HTTP, SET
S/MIME,
PEM,
PGP,
MOSS
SMTP
SSL, SSH
Security method, technology, tool, etc.
What type of security activities are done on the
level
-Firewall (typical) - application level
to check digital signatures
- authentication protocols,
- encryption protocols,
- Virus scanner (memory resident)
- identification of the user,
- authenticate messages
- encryption of messages
-virus scanning in active
mode.
Firewall - max. filter of images, like
Netscape “show images” checkbox
filtered by the HTTP server!
filter, or hide of information (e.g. at password typing)
filter of disallowed requests/services
digitally coded/encrypted
transport after authentication of the next transmission party
Firewall - filtering the query/request
TLS (Transport Layer Security Protocol),
WAP/WTLS
Firewall - coded/encrypted transportation
Screening router (filtering)
IPv6
Screening router (filtering) - Firewall NW level, mainly in router to filter
false/untrusted/not authentic IP addresses
encryption and DNS filter
Screening router (filtering)
Link encryption
Screening router (filtering) e.g.. without valid Ethernet card address declined access, or by an address in a
specified domain: limited access
physical security methods
and tools, mainly not information techniques!
Electromagnetic Emission
standard (89/336/EEC European Economical
Community guideline)
21
Security hierarchy
•
•
•
•
Security policy,
Security services,
Security mechanisms,
Mechanisms are implemented through
algorithms.
22
Security policy
• A security policy identifies the rules and
procedures that all persons accessing computer
resources must adhere to in order to ensure the
confidentiality, integrity, and availability of data
and resources. Furthermore, it puts into writing an
organization’s security posture, describes and
assigns functions and responsibilities, grants
authority to security professionals, and identifies
the incident response processes and procedures.
23
Types of computer security
policy
• Program-level policy is used to create an
organisation’s computer security program.
• Program-framework policy establishes the
organisation’s overall approach to computer
security (i.e., its computer security framework).
• Issue-specific policies address specific issues of
concern to the organisation.
• System- specific policies focus on policy issues
which management has decided for a specific
system.
24
Security services
Confidentiality - Protects against disclosure to
unauthorised identities.
Integrity - Protects from unauthorised data
alteration.
Authentication - Provides assurance of someone's
identity.
Access control: Protects against unauthorised use.
Non-repudiation: Protects against originator of
communications later denying it.
25
Confidentiality
• Confidentiality can be achieved by
technologies that convert/hide the data, text
into a form that cannot be interpreted by
unauthorized persons. Encryption is the
major technique in generating
confidentiality.
•
26
Integrity
• A message integrity check ensures that
information has not been altered message in
transit by unauthorized persons in a way
that is not detectable by authorized users. In
combination with a key, a message integrity
check (or checksum, or keyed hash) insures
that only the holders of the proper key is
able to modify a message in transit without
detection.
27
Authentication
• Authentication is the process of identifying
an individual. The typical computer based
methods involve user ID/password,
biometric templates or digitally signing a
set of bytes using a keyed hash.
Authentication usually relies on either direct
knowledge of the other entity (shared
symmetric key or possession of the other
person's public key), or third party schemes.28
Access control
• Access control is the process of giving
permission for a user to access to network
resources after the user has been
authenticated through e.g. username and
password. The type of information and
services the user can access depends on the
user's authorization level.
29
Non-repudiation
• Non-repudiation provides a method to
guarantee that a party to a transaction
cannot falsely claim that they did not
participate in that transaction. In the real
world, hand-written signatures are used to
ensure this.
30
Security mechanisms
Encryption is used to provide confidentiality can
provide authentication and integrity protection.
Digital signatures are used to provide
authentication, integrity protection, and nonrepudiation.
Checksums/hash algorithms are used to provide
integrity protection can provide authentication.
One or more security mechanisms are combined to provide a
security service.
31
Security mechanisms and services
Encrypt. Hash funct. Dig.sign.
Privacy or confidentiality
Integrity
Authentication
Access control
Non-repudiation
X
X
X
X
X
X
X
X
X
X
32
Basic steps of a security system
design process
• Definition of threats and their attack types
from which the system has to be protected.
• The degree of protection should be applied.
• The place and mode of the protection
should be applied.
• Selection of security mechanisms and
services.
• Selection of HW and SW solutions.
33
Most frequent types of attacks in US
Type of attack
About In %
Virus
75
Insider abuse of net access
50
Laptop/mobile theft
50
Unauthorised access
33
Denial of service
33
Abuse of wireless network
18
System penetration
16
Telecom fraud
10
Thief of proprietary information
8
Financial fraud
7
Misuse of public WEB application
5
Sabotage
2
The 2005 CSI/FBI Computer Crime and Security Survey
34
Security technologies used in the US
Security technologies
About In
%
Firewalls
97
Anti –Virus SW
96
Intrusion detection system
72
Server-based access control
70
Encryption for data transmission
68
Reusable account/login password
52
Encrypted files
46
One-time password token (smart card)
42
Public Key Infrastructure
35
Intrusion prevention system
35
Biometrics
15
35
Tools, methods and techniques for
security
•
•
•
•
•
Security Architectures
Firewalls
Virus defense
Encryption
Identification of persons (not the
equipment) - biometry
• Smart cards
36
Security architectures
• The security architectures represent a structured set of
security functions (and the needed hardware and software
methods, technologies, tools, etc.) that can serve the
security goals of the distributed system. In addition to the
security and distributed enterprise functionality, the issue
of security is as much (or more) a deployment and userergonomics issue as technology issue.
37
Security solutions
for VE
Complex solutions in reference architectures
In NIIIP (National Industrial Information Infrastructure Protocols),
secure communication can be implemented at three levels:
– IP level - protocol security,
– OMG level,
– NIIIP level - data encryption,
In PRODNET (EU project) Communication Infrastructure
– privacy,
– authentication,
– integrity,
– logging information is stored.
38
Client security in NIIIP
39
The Architecture of PRODNET
Communication Infrastructure
PCI
API
API (RPC
(RPC and
and DLL)
DLL)
PICM
PICM
PRODNET
PRODNET Intelligent
Intelligent
Communication
Communication Manager
Manager
MCI
MCI
SECURITY
SECURITY Message
Message Class
Class
Identifier
Identifier
Multi
Multi Protocol
Protocol Access
Access Control
Control
Web
Web Proxy
Proxy
TCP/IP
TCP/IP
SMTP/POP3
SMTP/POP3
...
...
CGI
CGI
40
Firewall
A network firewall protects a computer network from unauthorized access.
Network firewalls may be hardware devices, software programs, or a
combination of the two.
Network firewalls guard an internal computer network (home, school, business
intranet) against malicious access from the outside. Network firewalls may also
be configured to limit access to the outside from internal users.
41
Why HW firewall
• A typical unprotected PC will come under attack
within several minutes of being connected to the
Internet.
• HW - simpler to use than software firewalls, and
they don't have any [performance] impact on the
computer,
• HW firewall doesn’t cause problems when
installing new SW on the system and the firewall
cannot be taken out.
42
Virus defence
• Viruses and other malicious code (worms and Trojans) can
be extremely destructive to the vital information and the
computing systems both for individuals and businesses
systems. There are big advances in anti-virus technology,
but malicious codes remain a permanent threat. The reason
is that the highest-level security technology can be only as
effective as the users operate them. In the chain of
computer security, human beings seem to be the weakest
point, so there is no absolute security in virus defence.
43
Encryption
Encryption is a process of translating a message, called the
Plaintext, into an encoded message, called the Ciphertext.
This is usually accomplished using a secret key and a
cryptographic Cipher.
• Symmetric Encryption, where a single secret key is used
for both encryption and decryption.
• Asymmetric Encryption, where a pair of keys is used -one for Encryption and the other for Decryption.
Problems of strong Encryption - algorithms are freely available
everywhere on the Internet – some states prohibit to use them.
44
Encryption Algorithms
• RSA – 1977 Ron Rivest, Adi Shamir and Len Adleman, most
popular method for public key encryption and digital signatures • DES - symmetric block cipher with 64-bit block size using 56-bit
keys. No secure against attacks! 3DES cumulative key size of
112-168 bits.
• BLOWFISH - Bruce Schneier 1993. Variable-length key, from 32
to 448 bits. Strong encryption algorithm.
• International Data Encryption Algorithm (IDEA) - Dr. X. Lai and
Prof. J. Massey early 1990. 128 bit key, fast algorithm
implemented in hardware chipsets.
• Advanced Encryption Standard (AES) - Rijndael algorithm. US
Government standard, May 26, 2002.
45
Public key infrastructure
Public key infrastructure (PKI) is the most widely applied
technology on public networks such as the Internet. PKI is
a framework encompassing the laws, policies, standards,
hardware, and software to provide and manage the use of
public key cryptography. This is a method of encryption
that uses a pair of mathematically related keys: a public
key and a corresponding private key. Either key can be
used to encrypt data, but the corresponding key must be
used to decrypt it. This method is also called asymmetric
encryption.
46
Digital signature
Digital signature is a data that binds a
sender's identity to the information being
sent. Digital signature may be tied with any
message, file, or other digitally encoded
information, or transmitted separately.
Digital signatures are used in public key
environments and provide non-repudiation
and integrity services.
47
Biometry
Generally, biometrics refers to the study of measurable
biological characteristics. In computer security, biometric
technologies are defined as automated methods of
identifying or authenticating the identity of a living person
based on his/her physiological (e.g. fingerprint, hand, ear,
face, eye – iris/retina) or behavioural (e.g. signature, voice,
keystroke) characteristic. This method of identification is
preferred over current methods involving passwords and
pin numbers as the person to be identified is required to be
physically present at the point-of-identification, so the
person of user is identified not the device as in case of PIN
and password.
48
Biometry approaches
Method
Individuality
Invariabilty
Falsification
Deceive
Forcing
Twins
Realisation
DNS
perfect
OK
From a hair
copy
Not avoidable
[?]
Complex, costly
Fingerpr.
Close perfect
Accident, oper.
OK
Mission
Impossible
Another finger
92%
works
Palm
OK
Accident, oper.
OK
OK
undetectable
[?]
works
Iris
perfect
OK
OK
OK
Only eye can be seen
[?]
works
Retina
perfect
OK
OK
OK
Only eye can be seen
[?]
dengerouos
Handwritng
OK
Some time after
Dynamics
imposs.
Not possible
probably[?]
Can be
distinguished
Needs developm.
Voice
OK
Flu enough
OK
Tape recorder
Only listening/voice
analysis
Can be hear
Works, complex
Visual
OK
OK
OK
OK
Can be seen the
number
Pritty similar
Too complex
Smelling
[?]
Alters quickly
[?]
Thef of cloth
[?]
[?]
[?]
©By Bernát Balázs, Jakabfy Tamás - Eötvös Loránd Tudományegyetem, Budapest
49
Smart Card (ISO 7816)
50
Inside smart card
Present
CPU - 8..64 bit
RAM - 256..4KB
ROM- 32 ..128 KB
EEPROM, NV RAM,
Flash, - KB…..MB
Future
FRAM - 64KB
ROM- 128 MB
51
Applications
52
Wireless technologies and their
security
53
Wired security
At the beginning of networking there was a need
mainly for the reliable operation, but the secure
and authentic communication has became a key
factor for today. According to Internet users,
security and privacy are the most important
functions to be ensured and by increasing the
security the number of Internet users could be
double or triple according to different surveys.
The main reason of the increased demand is the
spread of electronic commerce through the
Internet, where money transactions are made in a
size of millions of dollars a day.
54
TCP/IP- and security protocols in the network
Layer
Number
Layers of
the OSI
reference
model
TCP/IP Protocols
7.
Application
6.
Presentation
5.
Session
FTP, SMTP,
TELNET,
SNMP, NFS,
Xwindows,
NNTP,IRC,
HTTP, WAP
ASCII,
EBCDIC,
ASN1, XDR
RPC
4.
Transport
TCP, UDP
3.
Network
IP
Data link
X.25, SLIP,
PPP, Frame
Relay
2.
SECURITY PROTOCOLS
S-HTTP, SET
S/MIME,
PEM,
PGP,
MOSS
SMTP
SSL, SSH
TLS (Transport Layer Security
Protocol), WAP/WTLS
IPv6
Electromagnetic Emission
standard (89/336/EEC - European Economical Community
guideline)
55
Trends of wireless applications
According to market researcher Gartner
• 45 percent of the American workforce is using
mobile technology of some kind, including
laptops, PDAs, and new sensor networks.
• By 2007 more than 50 percent of enterprises with
more than 1,000 employees will make use of at
least five wireless networking technologies.
56
Enterprises and wireless
technology
Possibilities/demands
• enterprises need new business communication strategies,
• possibilities for new resources,
• new information/security infrastructures.
57
Types of Wireless Networks
Based on their coverage range WNs can be
categorized into five groups :
• Satellite communication (SC),
• Wireless Wide Area Networks (WWAN),
• Wireless Metropolitan Area Network (WMAN)
• Wireless Local Area Networks (WLAN) and
• Wireless Personal Area (or Pico) Network (WPAN).
58
Wireless
network type
Satellite
WWAN
GSM
(2-2.5 G)
3G/UMTS
iMode
(3G/
FOMA)
FLASH-OFDM
WMAN
IEEE 802.16
WWLAN
IEEE 802.11A
IEEE 802.11b
IEEE 802.11g
WPAN
BLUETOOTH
UWB
ZigBee
Infrared
RFID
Operation
frequency
2170–2200
MHz
Data rate
824-1880 MHz
9.6 - 384 kbps
(EDGE)
2.4 Mbps
1755-2200 MHz
800 MHz
Different (9.6 kbps
- 2 Mbps)
Operation
range
Satellite
coverage
Characteristics
Cellular
coverage
Cellular
coverage
Cellular
coverage
Cellular
coverage
Reach, quality, low cost
Relative
high
availability
cost,
Speed, big attachments
450 MHZ
64 - 384kpbs
(W-CDMA)
Max. 3 Mbps
Always on, easy to use
2-11 GHz
Max.70 Mbps
3-10 (max. 45)
km
Speed,
range
5 GHz
2.4 GHz
2.4 GHz
54 Mbps
11 Mbps
54 Mbps
30m
100 m
100-150m
Speed, limited range
Medium data rate
Speed, flexibility
2.4 GHz
1.5 – 4 GHz
2.4 GHz, 915 868 Mhz
300 GHz
30-500 KHz
850-950 MHz
2.4-2.5 GHz
720 kbps
50-100 Mbps
250 Kbps
10 m
100-150 m
1-75 m
9.6 kbps-4Mbps
linked to bandwidth, max. 2
Mbps
0.2-2 m
0.02–30 m
Cost, convenience
Low cost, low power
Reliable, low power, cost
effective
Non interfere, low cost
High reading speeds,
responding in less than
100 milliseconds
High speed, respond time
less then 50 milliseconds
high
operation
59
Security Technologies for Wireless
communication
Secure communication is a key point of every type
of wireless communication
• In enterprises/organizations a big amount of
extremely valuable technical data and information
(development, product, process data beside
business information) are moving through the
network, making security a vital concern.
• Wireless technologies are more sensitive for
attacks (e.g. sniffing of Wi-Fi).
60
Complexity of wireless apps.
61
Wireless security
There are a variety of simple security procedures to protect
the Wi-Fi connection. These include enabling 64-bit or
128-bit Wi-Fi encryption (Wired Equivalent Privacy WEP), changing the password or network name and
closing the network.
WEP and other wireless encryption methods operate strictly
between the Wi-Fi computer and the Wi-Fi access point or
gateway. When data reaches the access point or gateway, it
is unencrypted and unprotected while it is being
transmitted out on the public Internet to its destination —
unless it is also encrypted at the source with SSL or when
using a VPN (Virtual Private Network). WEP protects the
user from most external intruders, but WEP also has
known security holes.
62
VPN (Virtual Private Network)
VPN works by creating a secure virtual "tunnel" from the
end-user's computer through the end-user's access point
or gateway, through the Internet, all the way to the
corporation's servers and systems. It also works for
wireless networks and can effectively protect
transmissions from Wi-Fi equipped computers to
corporate servers and systems.
The special VPN software on the remote computer or
laptop uses the same encryption scheme, enabling the
data to be safely transferred back and forth with no
chance of interception.
63
VPN components
• The best processors are designed for advanced networking
applications like virtual private networking (VPN)
broadband routers, wireless access points, VPN edge
router/gateways, firewall/VPN appliances, and other
network and customer premise equipment. Some of them
can handle a variety of IPsec and SSL/TLS protocols
including DES, 3 DES, AES and public key. In addition to
IPsec and SSL protocols, the temporal key integrity
protocol (TKIP) and AES counter mode encryption can be
also supported.
64
VoIP application
• Voice over Internet Protocol (VoIP), is a
technology that allows people to make telephone
calls using a broadband Internet connection
instead of a regular (or analog) phone line. VoIP
technologies convert digitized voice into data
packets that are encapsulated in Internet protocol.
• Security – can be a hole in the enterprise system prohibited applications
65
RFID applications
• The main purpose of the RFID (Radio Frequency
Identification) technology is the automated
identification of objects with electromagnetic
fields. RFID systems have three basic
components: transponders (tags), interrogators
(readers or scanners) and middleware (application
systems) for further processing of the acquired
data.
• Problems with security – memory capacity, air
interface.
66
Mobile security
Mobile security is inherently different than LAN-based
security. The basic demands for privacy (confidentiality),
integrity, authenticity and non-repudiation are even harder
as the range of users is broader as in traditional networks.
As security in the mobile world is more complex and
different it need more advanced network security models,
it can stated that mobile communication is one of the
biggest changes in the security market. Mobile security
measures depend on the types of data and applications
being mobilized. The more sensitive the data, the more
effective security measures must be introduced.
67
Special considerations for mobile
security
• “Two Factor Authentication” had to be introduced. This
technology is used to verify both the device and the
identity of the end-user during a secure transaction
• Minimize end user requirements - user participation,
involvement should be restricted to quick, easy and
mandatory tasks.
• Implement WPKI authentication technology - WAP PKI
(used by VeriSign) to maintain security. PKI, or Public Key
Infrastructure, is a protocol enabling digital certificates on
wired devices. WPKI is an adaptation of PKI for mobile
devices that meets m-commerce security requirements.
68
WAP security model
There are three steps of the WAP security model:
- WAP gateway simply uses SSL to communicate
securely with a Web server, ensuring privacy,
integrity and server authenticity.
- WAP gateway takes SSL-encrypted messages from
the Web and translates them for transmission over
wireless networks using WAP’s WTLS security
protocol.
- Messages from the mobile device to the Web server
are likewise converted from WTLS to SSL. In
essence, the WAP gateway is a bridge between the
WTLS and SSL security protocols.
69
The WAP Security Model
70
Standards
• “Orange book” (Orange book, 1996) - to classify the
reliability and security level of computer systems an
evaluation system,
• The ISO/IEC 10181- (ISO, 1996) multi-part (1-8)
“International Standard on Security Frameworks for Open
Systems” addresses the application of security services in
an “Open Systems” environment,
• The ISO/IEC 15408 standard (ISO, 1999) consists of three
parts, under the general title “Evaluation Criteria for
Information Technology Security”. Originates from the
“Common Criteria” (CC).
71
Technical vision
• Complex networked ICT systems cover the whole globe ubiquitous/ambient/etc. systems,
• Everybody intend/have to use the different systems (Xbillion users with very-very different user profiles –
disabled, analphabets, criminals, researchers, etc.),
• New, extended, integrated applications – e.g. integrated
mobile/wireless systems – Six-level MultiSphere
Reference Model - PAN/BAN -> Cyber World
• Mixed business and private applications,
• Communications among objects, humans and cymans (the
synthetic counterparts of users in the virtual cyber-world –
kind of autonomous avatars),
• Cyber World will be truly user centred.
72
Trends in security
•
•
•
•
•
•
•
Agent-based technologies,
Application of smart cards,
General security architectures,
Importance of standardization,
Bio-inspired security,
Quantum Cryptography,
Nano-scale security mechanisms.
73
Conclusions
• Novel networking technologies are basic components in
the communication of collaborative networks.
• Wireless technologies cause remarkable modifications in
the structure, in the operation, in the collaboration
techniques, in the cost structure and in business processes
of networked organizations.
• Information systems of networked organizations will be
always a security risk originating from their openness and
flexibility.
• Complex, flexible security systems are needed that are user
friendly and platform independent at the same time.
• New generations of networking technologies make
significant changes in the cultural and social environments
as well.
74
Useful URLs
• Internet Security Threat Reports http://www.symantec.com/enterprise/threatreport/index.jsp
• Bruce Schneier weblog - http://www.schneier.com/
• About Viruses - http://www.mcafee.com/uk/
• NIST CRSC publications http://csrc.nist.gov/publications/nistpubs/
• Guide to Information Technology Security Services – NIST,
2003
http://csrc.nist.gov/publications/nistpubs/800-35/NISTSP80035.pdf#search=%22computer%20security%20services%22
• MultiSphere Reference Model - www.wireless-worldresearch.org
75
Thanks for your attention
76