210 likes | 297 Vues
COMP 208/214/215/216 – Lecture 10. Implementation Issues Security. Database and system Security. Authentication Privacy Integrity Audits and control. Authentication. Commonly based on shared secret Passwords are typically Stored in hashed form
 
                
                E N D
COMP 208/214/215/216 – Lecture 10 Implementation Issues Security
Database and system Security Authentication Privacy Integrity Audits and control
Authentication • Commonly based on shared secret • Passwords are typically • Stored in hashed form • Used as part of challenge handshake response • Should be encrypted before transmitting over the network
Password hashing • One way function • Hash(“secret”)= A13FCB34DF • Now the password cannot be read plain from dbase table • Salt, helps to protect against pre-computed “rainbow” table, (salt is random bits stored with hash) • Rainbow table • “cat” ABCEF • “fred” 24ABFC • “password” 4BAF12 • Now to attack a particular hash seen on the network one would need to use all different salt combinations
SSL/TLS/https SSL Secure sockets layer, developed by Netscape for secure connection between browsers and web servers TLS IETF standard, based on SSL https This means http (hyper text transfer protocol transfer securely over TLS)
Different Keys used for Encryption and Decryption Plaintext Hi Mum Hi Mum Plaintext Key 123 Key ABC Asymmetric Key Hi Mum Hi Mum Hi Mum Hi Mum Hi Mum Hi Mum Encryption Hi Mum Decryption Hi Mum Hi Mum Hi Mum GH BVC Hi Mum GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC GH BVC H BVC GH BVC GH BVC GH BVC GH BVC GH BVC Hi Mum Cipher text Internet Security
Digital Signature • Example Signature Internet Security
Digital Signature • Transmission Operation I would like to transfer $1,000,000 Thank you. I would like to transfer $1,000,000 Thank you. <sig>34E02B2BC8 D746A21B4285C87 E64BA29<sig> Hash Function Digital signature Hash Result E12D4378BA980C1214390 Signing Function Sender’s private key Internet Security
Sender’s public key Digital Signature Reception Operation I would like to transfer $1,000,000 Thank you. <sig>34E02B2BC8 D746A21B4285C87 E64BA29<sig> Decrypt Hash Result E12D4378BA980C1214390 Hash values the same? Hash Function accept reject Internet Security
Secure Hash Functions • h = H(M) • Where h = hash value H = hash function M = message • Special properties of hash function • Different h value for different messages (random distribution) • Impossible (very difficult to generate message with given hash value) • Very difficult to generate two messages with same hash value i.e. two message M1, M2 where H(M1)=H(M2) Internet Security
PKI Public Key Infrastructure • Services defined • Key/identity binding • Key distribution • Key integrity • Key revocation Internet Security
PKI Public Key Infrastructure When you connect to web server, using TLS Web server sends certificate containing Organisation’s identity Organisation’s public key Digital Signature of certification authority The certificate is validated and then the public key and the private key held at the server is used to Authenticate the server Help establish encryption keys between client and server
Limitations of https • Only secures data transmission over the Internet, so is just secure transport • Does not • Secure data in database • Provide user authentication • Provide security for relayed messages (example for email security)
Database Encryption options • Database encryption functions (backend) • e.g. MySQL AES_Encrypt • Drawbacks… technology specific, change dbase needs re-write • Puts extra load on database server • Needs secure connections between middleware and backend • Middleware encryption (application layer) • Easier to port • Easier to integrate hardware support for encryption • Client side • True end to end security • Relies on client side key management which is hard to keep secure, v.complex • Clients have to be attacked 1 by 1 makes large scale attacks difficult
Authentication and authorization • Authentication • Who are you? • Authorization • What can you do?
Authentication • Challenge handshake response • Server sends long random number as challenge (nonce) • Client responds with nonce encrypted with private key • Commonly used in • ISP access as part of PPP
Authorization • Run all code through standard API • For each user/table have • Read/write/insert/delete permissions • Can be done at • MySQL level (poor granularity, need different MySQL creds. For each user role) • Application layer (better flexibility, more coding)
Security policy • Gives the organization • A fixed set of rules to secure • Passwords, data base access • Backups and data integrity • Policy • Can be analysed and amended to look for weaknesses • Guards against adhoc security decisions
Security policy examples • Password strength • Procedures for password retrieval (email, post or phone) • Media • Document, USB stick shredding and destruction • Removal from site • Bringing on to site • Backups • Encryption • Firewall • Configuration policy
Bell–LaPadula security model • Each user is given security clearance (top secret, secret, public) • All documents they develop are automatically set at that clearance • Each user can • Must not read any document above their clearance (no read up) • Must not write any document below their clearance (no write down) • Trusted subjects • Are allowed to write down, to lower the clearance of secured information
Summary • To secure your system you need to • Secure the network transport • Secure all persistent data • Have a proper security policy • Protect against physical failure