Distributed Systems Security

1
Distributed Systems Security

• Distributed Systems Security

2
Objectives

• To look at possible security Models
• To extend our discussion into the realms of
  E-Commerce

3
Security Models

• Secrecy classification is common-place in
  military and espionage
• Top Secret, For Your Eyes Only etc
• Concept of a level of clearance
• Security models are multi-level
• Top Secret
• Secret
• Classified etc
• Security Models are upward flow only
• users with a higher level clearance should be
  unable to copy secret data to lower clearances

4
Computer Security Models

• US DoDs Orange Book Trusted Computer System
  Evaluation Criteria, 1983
• Four general divisions
• A (most secure)
• B (subdivided into 3 classes)
• C (subdivided into 2 classes)
• D (least secure)
• Each level has all the functionality of the lower
  levels
• Involves a trade off
• increased security means increased resources

5
Orange Book Security Levels

• D Minimal Protection
• C Discretionary Protection
• C1 Discretionary Security - user decides security
  for own objects
• C2 Controlled Access - auditing required for user
  accountability

6
Orange Book Security Levels

• B Mandatory Protection
• B1 Labelled Protection - users have security
  levels, objects have sensitivity levels
• B2 Structured Protection - rigorous design, based
  on a formal security model,
• B3 Security Domain - security kernel must be
  rigorously designed and proven to be secure
• A Verified Protection
• A1 Verified Design - formal proof of system
  design, trusted distribution from supplier to
  customer

7
Security Summary

• Computer systems must be protected from
  unauthorised access, malicious damage or
  modification and loss of data integrity
• A security policy is required to define
  management responsibility
• An important concept is Security domains
• A key method for data confidentiality is
  cryptography

8
Security Summary

• Authentication
• Use of a recognised approach
• Costly
• High degree of policy and maintenance

9
E-Commerce Issues

• Dangers in a Changing paradigm of business.
• Banking on the Internet
• Investing on the Internet
• Contracts via the Internet

10
E-Commerce

• Thomas Jefferson Wrote
• Money not morality is the principle commerce of
  a civilised nation
• This is True today..
• Money not morality will drive the Internet
• Hype and Hysteria abound in E-Commerce
• Need to review consider implications
• Security is simply the most important factor.

11
Threats to E-Commerce

• Vandalism and Sabotage
• Breach of Privacy
• Theft and Fraud
• Violation of data Integrity
• Denial of service

12
E-Commerce Security

• Client Security
• Secure Transport
• Web Server Security
• Operating System Security

13
Client Side Vulnerability

• Deadly Contents
• Before we had executable content HTML only
• Interactive Web session pose a real threat
• ActiveX control Java etc.
• Interaction makes executable appealing
• but this is the potential threat...
• Java applet runs on page access starts a process
  to try and break clients security cipher !
  MALWARE.

14
Client Side Vulnerability

• ActiveX Controls and Containers
• Composite Documents etc.
• Very effective for E-Commerce
• Unintended Consequence
• Created by interactive complexity
• Allows malicious hacking to create rogue effects
  from what seem to be benign controls

15
Scripting

• ActiveX and Java scripting on a page poses yet
  other threats.
• No Compilation so can be modified without trace.
• Controls can be made script active without users
  knowledge
• Developers must be more careful to ensure
  scripting does not cause side effects.

16
Authenticode

• A mechanism to try and authenticate and certify
  scripting on Controls
• Digital signature on scripts
• Does not validate action of a script

17
Client Browser Security

• Trust based Model for ActiveX and applets made
  worse by several factors
• Browser security can be set on the fly
• Flaws in the control code exploited by hackers
• Browser tend to default to allow execution to
  change this is normally in the custom setting and
  this is ignored by majority of users.

18
Java Security

• Java accepted because it is a true multi platform
  language
• Sandbox Security model
• The sandbox is intended to restrict Java to
  access only a defined area of the system
  resources.
• Sandbox uses three definitions
• File access, network access, task access
• Problem any one mistake lets Java loose!

19
More Client Side Problems

• Plug-ins and Graphics Files
• Plug ins execute interpretative code
• E.g. Postscript includes - rename, delete create
  etc. !!!
• Attachments to Email
• Direct execution via file associations etc.
• Push Technology
• Automatic distribution of Web info without
  specific request.

20
Java .NET

• Look at the Security issue from a different
  perspective
• Look at capability security as a mechanism

21
Using Data Encryption

• A quote in 1997 on E-commerce said..
• Using encryption on the Internet is the
  equivalent of arranging an armoured car to
  deliver credit card information from some one
  living in a cardboard box to some one living on a
  a Park Bench!

22
Secure Sockets Technology

• How safe is the little padlock in IE?
• SSL offers end to end encryption but is the real
  answer ?

23
E-Commerce Secure Transaction

• Three popular stored account systems
• First Virtual Payment
• Cybercashs Secure Internet Payment System
• Secure Electronic Transaction (SET)

24
Secure Channels

• Internet is connectionless
• IP gives the universal protocol
• TCP is stacked on Top of IP to offer reliable end
  to end service
• This offers little or no security even with the
  security fields in TCP

25
SSL

• Secure Sockets layer
• Must be instigated on client from a server
  request.
• SSL is above TCP/IP so can offer security on FTP,
  NNTP, TELNET etc.
• End to End encryption

26
S-HTTP

• Secure HyperText Transfer Protocol
• Extension to HTTP
• Runs at the application layer
• Interoperable with HTTP
• So we can access both S-HTTP and HTTP from same
  client

27
Protocol Stack

Payment protocols
S-HTTP HTTP S/MIME ETC
SSL
TCP
IP
28
Stored ACCOUNT Payment

• Using the Secured methods discussed
• Electronic payment in now commonplace
• 1995.
• Approx. 3 Billion Transactions in US
• 13 trillion in total.

29
First Virtual

• One of the first systems
• FV uses cryptography over an SSL
• FV is the broker in a Consumer - Merchant
  transaction on credit card.
• Consumer establishes an account on FV
• Virtual PIN assigned FV do not divulge Credit
  card number.
• PIN used to complete purchase with a merchant who
  is affiliated to FV.

30
CyberCash

• Specialist protocol used to establish link client
  to server during a credit card transaction.
  (Secure payment protocol)
• Very similar to the POS. system used by Credit
  card authorisation terminals when shopping in a
  store.
• Full details at
• http//www.cybercash.com

31
Secure Electronic Transaction (SET)

• SET can work in Real Time or be a store and
  forward transfer.
• Stores can therefore opt for POS. Real Time
  billing or batch billing periodically.
• SET is industry backed by the major credit card
  companys and banks.
• SET transaction can be accomplished over the WEB
  or via Email

32
SET

• Confidentiality
• order info not secure
• payment info secure
• Data Integrity
• Uses mathematical techniques to minimise
  corruption or detect malicious tamper.

33
SET

• Client Authentication
• Digital certification used to identify customer
• Digital certificate checked via the issuer of the
  card
• Merchant Authentication
• Digital Certification is again used as a back
  check that the merchant is valid.
• The check is generally against a dB held by the
  issuer of the card.

34
Summary

• The changing paradigm of business via the
  internet is continually giving security designers
  a headache
• No sooner do we feel that any one aspect has been
  resolved than another takes its place

35
Summary

• Using Encryption may not be panacea it is made
  out to be.
• Using specific payment techniques may be only
  real way forward.

36
What NEXT

• Security issues will never go away..
• Hackers will always want there kick.
• Virus writters love to make life difficult.