jskqjskajksjaks
Download
Report
Transcript jskqjskajksjaks
Data Security and Cryptology, XIII
Database Security. Newtwork
Security
November 25th, 2015
Valdo Praust
[email protected]
Lecture Course in Estonian IT College
Autumn 2015
Technical and Legal Views to Digital
Signature
A legal digital signature (digitaalallkiri, digiallkiri) is a
legal concept which gives the document evidentary
value as handwritten signature gives such a value to
paper document
A technical digital signature (digitaalsignatuur,
sigisignatuur) is a technical or cryptotechnical
construction which uses public-key cryptoalgorithm
for achieving the integrity
• Up to present the only known way for giving a legal digital
signature is a using of technical digital signature
• Each legal digital signature is (up to present) a technical
digital signature. But each technical digital signature isn’t
of course a legal digital signature – it needs some
authorities called public key infrastructure
Essence of (Legal) Digital Signature
(A legal) digital signature
(digitaalallkiri, digiallkiri) is an
additional data set which is added to
signable document (signable data
set) and which is created by a signer
(allkirjastaja) using both the signable
document and a private key of a
signer and is performed by
mathematical operations
Digital signature uses the methods offered by a
public-key cyrpotialgorihm (its use in digital
signature or integrity acheiving mode)
Giving of a Digital Signature
Verifying of a Digital Signature
Private Key as a Chipcard
Such a chip/device, where it’s impossible to
read some internal values (keys) from the
device, are called non-reverse-engineerable
(pöördkonstrueerimatu) device
Principles of Certification
Binding of personal idenfication data (name,
personal identification number) to public key
is called certification (sertifitseerimine)
A result of certification (by the means of
digital signature) is a certificate (sertifikaat)
which is always a digital document
Certificates are usually issued by a
special certificartion authorities
(CAs, sertifitseerimiskeskus,
sertifitseerimisteenuse osutaja)
How Certificate(s) Act
Certification Infrastructure
Certification infrastructure (sertifitseerimise
taristu) or public-key infrastructure (PKI, avaliku
võtme taristu) consists of five following
mandatory components necessary for secure
giving and verifying of digital signatures:
• non-reverese-engineerably realized hardwarebased public-key container
• certification authority (CA)
• validity of approval service (at the CA)
• time-stamping authority
• organization and coordination of services
(usually in national level)
Advantages of Digital Signature, I
1. If we get a digitally signed document and the
signature verifies, then we must always be
sure that the author of document has signed
it using its real name, not a pseudonyme.
Cerificates will be issued only to Estonian
residents using their’ real name.
For a paper documents we can successfully
sign a document using a pseudonyme. This
fact will remain usually unnotable by the
receiver of document (we usually don’t verify
handwritten signatures)
Advantages of Digital Signature, II
2. Digitally signed document is certainly signed
by the person, which name is included into
the signature (certificate). Only exception is
the very rare case when the private key
hasn’t kept by the signer
For a handwritten signature we can make a
fake signatures (handwritten signatures’
verification probability is no more than 99%).
Moreover, for each reading of paper
document we do not verify (compare) the
handwritten signature – we often do not have
the necessary comparing material
Advantages of Digital Signature, III
3. When digital signsature verifies successfully,
we must always be sure that the document
itself hasn’t changed after the signing
process. It is ensured by the mathematical
relationships between document, keys and
signature. During the document preparation,
we can’t think about possible forging methods
In the case of paper document we must
always think about the possible forging
methods when we prepare the document
(especially for a cases of tables, empty boxes
etc)
Advantages of Digital Signature, IV
4. We can always prove the creating (signing) time
of sigitally signed document. It is ensured by a
presence of a time-stamp (which also includes
the physical time)
For a paper document we can generally include
there an arbitrary date (and it is not provable by
the facts which are not related to the document
content)
Digital Document Must
Remain Digital Forever
If we print out the digitally signed
document we always break the
relations which give evidentiary value
to a document
The printout of digitally signed
document must always be considered
as a copy, not an original
Digital representation of a document allows to
use wider elements of documents as a paper
document (hypertext, mutimedia, hypermedia)
Problems of Original and Copy
of a Document
For a paper documents we
distinguish original and copies.
There is always a certain (fixed)
number of originals
For a digital documents (at first sight) we
can’t distinguish originals and copies – all
entities of file (document) can be coinsidered
as originals and their’ number isn’t fixed
Evidentiary Value Problem, I
Mein difference between paper documents and
digital documents: evidentialy value of paper
document is based on physical values which remain
intact for a long-term perspective. Evidentiary value
of digital document is based on mathematical
properties of cryptoalgorithms which became
breakable for a long-time perspective
It is assumed that Moore’s
rule applies at least next
30-50 years
Evidentiary Value Problem, II
Problem: the security properties of all
contemporary cryptohgraphic algorithms has
limited time horizon to apply (practical security).
After 20-30 years a lot of them will be probably
practically breakable
It is reasonable, that Estonian (legal)
digital siginatures, which are given
between 2002 and 2011 and which base
on RSA-1024 and SHA-1, will be
practivally breakable (fakeable) after 2030 years or even earlier
Solution to Evidentiary Value
Problem
Solution: we must oversign (ülesigneerimine)
long-term preserved document before the
previous signature will become practically
breakable. Resinging must be performed by a
new, stronger algorithms, which lasts again 1030 years (before new oversigning)
Probably, the oversigning will be a
obligation of a digital archiving instance
Essence of Oversigning
Oversiging of a document by a archining
instance can be considered as a statement “I
saw the document in a verifiable form and the
mathematical algorithms of the previous
signature are not yet broken. I confirm it by a
new digital signature which is based on stronger
mathematics”
It creates comparison and verificartion
possibilities for the future. The moment of
oversigning can be proved by a
corresponding time-stamp
Database Security – Source Point
1. It’s assumed that data is represented by
a relational database (relatsiooniline
andmebaas) - tables, their’ relationships,
records, fields etc
2. It’s necessary to achieve a confidentiality
separately for a different fields. We must
ensure that there can be realized an
access for a different subjects to
different fields
3. It’s determined outside the database,
who (which user groups) can read and
create/change different data
Database Security – Source
Point
4. It’s necessary to ensure integrity for
both the (sometimes multiplechangable) data and the whole
database. Sometimes it’s necessary to
determine the whole history of data
entity (previous forms and all editors)
5. Usually it’s assumed, that different
database users having a writing
access to the same data
The Simplest Approach: an
Application-Software Based
•
•
•
The storing of different events (data adding,
changing etc) will performed by application software
Users authenticate itself using their’ user names and
passwords
Application software together with database works
on server, which is directly accessable only by
system administrators
Shortcoming: database is stored
(in uncrypted form) to server and
administratirs can access (also can
change) the data – risks
concentration is quite high
Errorness of Application Software
Actually each application software has some
errors (vulnerabilities). Sometimes these errors
are critical allowing to access or change
something by an unauthorized subject
Usually there will issue patches in order to
repair these vulnerabilities
Cruel reality: between the publishing of
vulnerability and making of a patch the
software is often remained unprotected
for the corresponding attacks
Integrity of Full Database
Sad reality: if we equip each record (field) of a
database with a (legal) digital signature, it
ensures the integrity of a record, but doesn’t
ensure the integrity of full database
There will remain the possibility
to erase unauthorizedly and
undetectedly the whole records
(together with their digital
signatures)
Integrity versus Accountability
Integrity (terviklus) means that we must determine
the source (creator, creating time) of a data
Accountability (jälitatavus) means that we must
know all the history (all previous states, creators,
changes, changing times etc) of a certain entity
If there’s allowed the changing of
previously stored data, then
instead of integrity there’s often
used and needed an accountability
Ensuring the Integrity of Full
Database
Solution: additionally to digital signatures we
must equip a database with the
(cryptographical) mechnisms which tie
different records to each other and therefore
prevent their’ unnoticable erasing
This can be done by a queue of cryptographic
hash functions (next record must include the
hash of the previous record) – so-called “local
time-stamp”
In these cases we can’t never erase something
from the database
Properties of Hash Queue
Ensuring the Integrity
Advantages:
• Each erasing of full record will be always
noticable (queue of hashes doesn’t verify)
• We can also give the evidentiary value to a
negative query results
• The integrity of records itself can be protected by
a digital signature
Disadvantages:
• Needs the implementing of hash (hash queue)
and their’ verifiability check in the level of
database application software
Ensuring the Confidentiality of a
Database
• We cannot encrypt these attributes of a
database which must be considered as
secondary keys (used a basis for a search)
• These data must be available for a database
engine (database environment) as a plaintext
• Ensuring the confidentiality of these data for
a database administrators needs a special
accessing achitecture or is impossible
Other data (attributes that we don’t consider as
secondary keys) can be replaced by a ciphertext (and
be made unavailable for a database environment) with
the appropriate key distribution system
Most-of-Used Practical Solution to a
Database Confidentiality Problem
Principle: data are stored into disk in encrypted form - there
is a hardware security module (HSM, riistvaraline
turvamoodul) included to database which enables to
encipher/decipher and to generate/hold a corresponding key
We can’t read the used key from HSM, we can only generate
and use it inside HSM
In these cases there are currently only these data available
in non-encrypted which are under processing – temporal
isolation. Other data (stored data) are kept in encrypted
form and it’s impossible to decrypt them without HSM
HSM can be usually started by a special chipcard (sets of
chipcards)
Ensuring the Availability of a
Database
Usually is ensured by an arhciving or backuping
(arhiveerimine, varundamine): we store the same
data in many physical places
The necessary condition: if we use (not
enough trustable) third parties for
backuping, then it’s reasonable to
encrypt and digitally sign the archieved
data with creating corresponding key
management system
This allows to reduce the
confidentiality risk
Basics of “Network“ (Internet)
• Contemporary WAN (Wide Area Network) is
usually an Internet
• Internet is a network which is based on TCP/IP
protocol where all transfered information is
divided to (and managed by) certain IP packets
which are considered and transferred separately
Each IP packet bears information
about:
• source (IP address)
• destination (IP address)
• name of service which part it is
Internet as a Collection of Services
Internet consists of a lot of different
services (teenused) which determine the
type of information transferring principle
and to which corresponds different
protocols (protokollid)
Examples:
• e-mail (e-post, meil) –SMTP protocol
• WWW (veeb) – HTTP protocol
• FTP (file transfer) –FTP protocol
• DNS – associates a name with IP address
A a lot of services (protocols) are used for a Internet
internal management and they are often hidden for a
typical end user
Threats from a Internet
A symmetry principle: as well as we can access to
the Internet (Internet services), as well the user
from an Internet can access our computer or local
network (services available there)
• An unauthorized access to our
computers/network/services
• An eavesdropping of a confidential information - typical
Internet-based protocols transfer non-encrypted
information)
• Changing of transferred information, so-called man-in-the
middle attack (vahemeherünne) - typical Internet-based
protocols transfer non-signed information
• Denial-of-service attack, DOS (teenusetõkestusrünne)
Shortcomings of an Open Internet
Access
Paradox: a hacker can easily
access to your system or network
Ina typical computer/LAN there operates a
couple of services/protocols and some of them
are certainly harmable and has some
vulnerabilites
It’s inevitable that application software and
Internet serfvices has always some
weaknesses sand vulnerabilities
A Typical Solution: Firewall
A multifunctional firewall: (tulemüür)
a special gateway between Internet
and your computer or local network)
• May be both, a hardware device or software product
• As a rule, controls all the traffic between Internet and
physically secured computer or local network,
allowing only some services/protocols in a predefined manner
• For a hardware device (local network separation)
uses proxies for services and allows to use
independent address space behind the firewall
Advantages of a Firewall
•
Potential attacks are
concentrated to one wellprotected and well-designed
point (firewall) instead of a
couple of unsecure services and
applications
• Possibility to hide the topology of a local network
• Possibility to save IP addresses (IPv6 alias IPng
is not yet everywhere spread, number of
“traditional” addresses are quite limited)
• Possibililty to add FTP and/or WWW-server to the
firewall (gateway)
Main Shortcoming of a Firewall
For an authorized users it
hinders to access to the local
resources (local network) from
the other parts of Internet
Conclusion: it restricts the
Internet-related remote access
possibilities (virtual office,
telecommuting, etc)
As well as firewall blocks the unauthorized
accesses from “big” Intetnet, it also blocks
such a trials for an authorized users. A typical
(“classical”) firewall is unable to distingush
authorized access trials from unauthorized ones
Solution for a Remote Access:
Encryption and Signing
A sad fact: typical Internet services
(protocols) – http, telnet, ftp, nntp,
smtp – are not secure, i.e. does not
allow secure and authenticated
communication. They can be easily
both eavesdropped or changed by a
classical man-in-the middle attack
Hint for a secure remorte access: we must use
both encryption (protects confidentiality) ja
signing (protects integrity)
Firewall + Secure Remote Access Client
Secure Remote Access Client (turvaline
kaugpöördusklient) uses the encryption and signing of
transferrable data, ensuring both confidentiality and
integrity of communication
Is usually realized by TLS (SSL) protocol
A secure remote access (as a
connection unattackable by a man-in.the middle attack) can be securely
passed through firewalls
This enables to restore the (secure)
remote access for the systems
including firewalls
Virtual Private Network
A typical Secure Remote Access Client is a suitable
solution when we have one physical (physically protected)
local area network and a lot of remote clients in different
places (an example – a company and its’ telecommuters)
But there arises another problem – a company with several
(physically protected ) local networks in different places
which we wish to use as a single system with its’ services,
resources etc.
Solution: a virtual private network (virtuaalne privaatvõrk),
which connect different physically secured local networks
together into one virtual private network with the united
address space. The physical connection between different
networks will be performed by using encrypted and signed
(usually TLS-protected) data transfer via public Internet
Virtual Private Network
This technique allows to
connect a couple of
different physical networks
Different local networks
communicate with other
local networks via Internet
using special cryptowalls
(krüptomüür) which often
support TLS-protocol
For a typical and user all different physical
networks together seems to be as one big local
network
Virtual Private Network: Different
Configurating Possibilities
In order to get access to
the public Internet, we can
add a firewall to VPNs (at
least to one of many
physical networks):
In these cases all traffic between VPN and “big”
Internet will go through the firewall (despite of the
physical location of current physical network)
Virtual Private Network: Different
Configurating Possibilities
We can also add
some firewalls in
different networks,
additional physical
networks etc
We can also add
some secure remote
acceess clients if it’s
necessary
Conclusion: Main (Classical) Means
of Network Security
•
Firewall (tulemüür) for a secure connection of a
local network (single computer) to Internet
•
Secure Remote Access Client (turvaline
kaugtööklient) which allow a secure connection
which may go even through fireewalls etc and
enables autehntication of the related parties
•
Virtual Private Networks (virtuaalsed
privaatvõrgud) which can connect different
physically secured networks into one unique
virtual network
•
A symbiosis of all above-mentioned means and
components
Necessary Additional Components
•
•
•
Password management
(paroolihaldus): who generates, how
stored, how transferred and used etc
Key management (võtmehaldus): who
generates, how stored and kept, their’
relationship with passwords and
devices etc
Authentication means
(autentimisvahendid): non-reverseengineerable chipcards, HSMs,
biometrics, passwords, etc
Remainder: TLS (SSL) needs an additional
information (certificate) during handshaking