Basics of System Security and Network Security

Hello! In this lecture we will discuss about system and network security, covering authentication,

access controls, and authorization of system resources followed by some basics of web security

and security aspects of wireless security.

Authentication is a process of confirming the legitimacy of an entity, source of a document, or

both.

Once can find a vast range of applications that demand authentication security property, staring

from telecommunication, ecommerce up to border security.

Depending on application, the level of checking the legitimacy varies, that is, from single factor

authentication to multi-factor.

- For example, Desktop login uses single factor (e.g. password),

- ATM cash withdrawal uses two factors (e.g. Debit Card + PIN).
Access control means the prevention of unauthorized use of a resource, including the prevention

of use of a resource in an unauthorized manner.

A function to control which (active) subject have access to which (passive) object with some

specific access operation.

Here,

Subject: An active entity that requests access to an object or the data in an object.

Object: A passive entity that contains information.

Controls: The security features that control how users and systems communicate and interact

with each other.

Access parameter: READ (r); WRITE (w); EXECUTE (x)

Once access control logic is satisfied, the subject is authorized to access objects of the system.

A structure, known as Access Control Matrix (ACM) is typically used for controlling access

between subjects and objects.

ACM contains all the relevant information on which the authorization decisions can be made.

Refer to the below ACM table.

Bob has read-execute access to System File, read access to Accounts Data and no access to

Insurance Data.

Riya has read-execute access to System File and read-write access to Insurance Data.
Two fundamental concepts used for checking the authorization are Access Control Lists (ACLs)

and Capabilities (C-lists).

Access Control List is a table that tells a computer system which access rights each Subject (e.g.

user) has to an Object (e.g. file).

Capability is a token, ticket, or key that gives the Subject permission to access an Object in a

computer system.

The ACL corresponding to the mentioned ACM pertaining to Insurance Data is:

(Bob,-),(Alice, rw), (John, rw), (Riya, rw)

Similarly, Alice’s C-list is:

(OS, rx), (Prog., rx), (Acc. Data, r), (Ins. Data, rw)
If we look at the use of ‘ACL vs. C-lists’, the concepts look similar but they provide different

ways of storing same information.

For example,

 ACL can attempt to name any object in the system.

 ACL is based on users.

Whereas,

 Capabilities can only name those objects for which a capability is held.

 Capabilities are based on process, procedure.

Let us take an example:

Alice wishes to keep all of her valuables in a safe locker in a bank. She has got consent of the

bank that she may delegate a few of her friends to access the locker.

Bank can follow the following two ways to control access to the Alice’s locker:

ACL approach

- The bank maintains a list of people, friends of Alice, authorized to access the locker.

- The bank must store the list and verify users.

- A friend cannot extend his or her privilege to someone else.

- Alice can remove her friend from the list anytime.

Capabilities approach

- The bank issues Alice one key to operate the locker.

- A friend can extend his or her privilege to someone else.

- Alice can ask for the key back from her friend.

The most widely used Access Control notion surrounds with Mandatory Access Control (MAC),

Discretionary Access Control (DAC), Role-Based Access Control (RBAC), or a combination of

them.
Mandatory Access Control (MAC) refers to system mechanism that controls access to object

and individual user cannot alter that access.

For example, whether WRITE-UP is allowed, READ-DOWN is allowed will be decided by

MAC.

Importantly, if such strict access is relaxed then what adjustment can be done with respect to the

levels of both subject and object, that should be guided by MAC.

Discretionary Access Control (DAC) refers to individual’s access control mechanism that

allows or denies access to an object.

For example, initially the access to a file was having READ (r), later the owner of the file

changed the access to the file as READ, WRITE and EXECUTE (rwx) moreover, one can also

delegate his or her access rights to other, can apply discretionary power for controlling access to

system resources. All modern Operating systems are governed by both MAC and DAC.
Another practical access control model is Role based Access Control (RBAC), where a Role is

defined for individual(s) and resource sharing/controlling is done with the Role. Modern

enterprise systems are governed by RBAC.

For example, librarian is a role that can be assigned to the designate person who can have all

privileges of librarian to access system resources.

Let us now put focus on network security.

Generally speaking, when we think about network security, it brings many things into context,

namely, channel security, protocol security, attacker’s capability, perimeter security, and so on.
For instance, when we run application on a web server, the application may:

- take input from users.

- interact with the other server (e.g. authentication server, database server)

- use third party service

- provide services to users

Many applications can be found that follow the above working principles such as Online

shopping, Banking, Utility service to name a few.

However, some common vulnerabilities surface in such applications like:

Cross-Site Request Forgery (XSRF)

A type of malicious exploit having trust that a website in a user’s browser (whereby

unauthorized commands are transmitted).

Cross-Site Scripting (XSS)

A type of malicious exploits having trust that a user for a particular website.

SQL Injection, Broken session management

Can lead to session hijacking and data theft

Insecure storage

Sensitive data stored in the clear form.

Let us illustrate a scenario to show how such vulnerabilities can pose serious threats to

applications.
 - Suppose Alice is browsing a social networking page where another user, say Eve, has

posted a message.

- Suppose that Eve has crafted an HTML image that executes an action on Alice’s bank’s

site (rather than showing an image to Alice as intended)

For example, Eve: Hello Alice! Click here for an interesting Image:

<img src=https://www.mybank.com/intended-goal...>

- If Alice’s bank keeps her authentication information in a cookie, and if the cookie hasn’t

expired, then the attempt by Alice’s browser to load the image will submit the withdrawal

form with her cookie, thus authorizing a transaction without Alice’s approval.

Context where XSRF work?

● Eve must target either a site that doesn’t check the referrer header.

(a link or script in a page that accesses a site to which the user is known and have been

authenticated)

● Eve must find a form submission at the target site, or a URL that has side effects, that

does something (e.g., transfer of money or password change option).

● Eve must determine the correct values for all the forms or URL inputs.

● Eve must lure the victim to a Web page with malicious code while the victim is logged

into the target site.

While analyzing vulnerabilities on networks, transmissions, applications, it is very important to

assume attacker’s capabilities. Attacker capability is a matter of concern.

Attacker could be Insider: There have been many incidents came into light with powerful

security breaches because of insider attacker.

However, it is very challenging to detect and prevent insider attacker.

- Employees have access to inside and have inside knowledge.

Attacker could be Outsider: Outsider attacker can attempt to attack the system, application

through the hotspot, open ports of networks.

Outside attacker typically gathers information about the network asset before launching any

attack.

Moreover, attacker could be passive (who can perform only READ operation), that is, listen,

observe the communication, but cannot manipulate the information in it.

Similarly, attacker could be active (who can perform READ, WRITE, EXECUTE operation),

that is, listen, observe, manipulate, delay the information in communication.

Now, coming to the point of different types of network, say wired or wireless; topology of

network; capacity of network etc. One should be familiar with many attributes with respect to

channel security, as there may not be any defined doors while using Internet for safeguarding

application from malicious traffic.

However, we can put a bit more emphasis on wireless networks, which found enormous usage in

applications, ranging from household to military applications.

Some interesting features that are supported by wireless networks are:

No inherent physical protection

- physical connections between devices are replaced by logical associations.

- sending and receiving messages do not need physical access to the network infrastructure

Broadcast communications

- wireless usually means radio, a broadcast.

- transmissions can be overheard by anyone within range.

Concerns

- eavesdropping.

- injecting bogus messages into the network.

- replaying previously recorded messages.

- denial of service.

IEEE 802.11i is the standard/specification widely used for security mechanism of wireless

networks.
Wireless Fidelity (WiFi) consists of three main components as defined below:

Station (Client): client device (e.g. laptop) that wants to associate to the WLAN. The term

‘Supplicant’ is also used interchangeably to refer to the software running on the client that

provides credentials to the authenticator.

Access Point: A network device (e.g. access point) which authenticates client. Access point is

also known as authenticator.

Authentication Server: Maintains information about users, credentials and facilitates

authentication for authenticator.

The access point keeps broadcasting beacon based on its range by which system equipped with

wireless network card can identify the network. A connection request-response can decide

whether the system is allowed to access the network.

The security part comes while gaining access to the network, which may be checked through one

of the following two widely used protocols:

WEP (Wired Equivalent Privacy)

◦Authentication: Open system and Shared Key

◦Authorization: MAC address filtering

◦Confidentiality: RC4

◦Integrity: CRC32
WPA (Wi-Fi Protected Access)

◦Authentication: 802.1x

◦Confidentiality: TKIP, RSN

◦Integrity: MIC

One can classify WEP access control (refer to the slide) with two broad classes:

- Authentication (Open/Protected)

- Authorization (MAC address filtering)

The protected access control follows a 4-way challenge-response protocol with shared key based
authentication and integrity check.

1. Client sends Authentication Request to Access Point

2. Access Point sends back clear text challenge.

3. Client Encrypts challenge using shared key

4. Access point Decrypts and compare response with the challenge it sent
We should note that WEP suffers from security weakness and should not be advisable for

security sensitive applications including ecommerce.

One may refer to “N. Borisov, I. Goldberg, and D. Wagner. Intercepting Mobile

Communications: The Insecurity of 802.11. In Proc. of Mobicom, 2001” for knowing more on

security weaknesses in WEP.

In case of WiFi protected access (WPA), which is more secure than WEP, there are two options

- WPA and WPA2.

WPA: TKIP, cryptographic checksum of message

WPA2: RSN/AES-CCMP
Indeed, WPA2 performs better than WPA.

However, it is important to note that the selection (whether Open, WEP, WPA, or WPA2) lies on

the user who uses the wireless networks.

One can get the default setting, but that may not be adequate to handle the application with

respect to its intended security goals. So, it is advisable to check the network setting of wireless

networks once someone starts using the network, and can always re-configure as per need.

With WPA/WPA2, the authentication is strong, as it supports port-based authentication.

The authenticator becomes the intermediary for relaying EAP (Extensible Authentication

Protocol) received in 802.1x packets to an authentication server by using RADIUS (Remote

Access Dial-In User Service) to carry the EAP information.

Here, RADIUS works with a challenge-response protocol between Authenticator and

Authentication Server.

Finally, perimeter security is an important defense for securing enterprise network. The tasks of

perimeter security are to:

(i) filter network traffic as normal and abnormal by firewall; and

(ii) detect intrusions by intrusion detection system.

The intrusion detection system (IDS) can be:

1) Host-based IDS: monitor single host activity.

- Specific system based protection.

2) Network-based IDS: monitor network traffic.

- Monitor traffic at selected points on a network

The logical components associated with IDS by which it detects incidents are:

- Sensors: collect data.

- Analyzers: determine if intrusion has occurred.

User interface: manage/direct/view IDS.

Summary:

It is important to note that having some sort of familiarity in network security, helps in handling

malicious intent while using various applications with a communication channel. The network

security domain involves a lot of security & privacy challenges that one has to handle with care.

There are many active research problems pertaining to this domain which one may take as an

exercise for further study in this domain. For e.g. social networking, cloud security & internet of

things.