IDENTIFICATION AND AUTHENTICATION
Identification and authentication are measures to prevent unauthorized people from entering the system. Identification is the means by which a user provides a claimed identity to the system. The most common form of identification is the user ID. Authentication is the means of establishing the validity of a user's claimed identity. The two tasks are generally combined in the login process. There are three ways of authenticating a user's identity.
(1) Proof by knowledge; for example, password (2) Proof by possession; for example, pin card
(3) Proof by property (biometrics); for example, fingerprint. Proof by Knowledge
A password is associated with each user or entity. Passwords are shared secrets between the user and the system. To gain access to the system, the user enters a user ID and password. The system authenticates the user if the password matches with that stored in the system corresponding to the user ID. There are different ways to store passwords in the system.
Clear passwords: The system stores passwords in clear text in password file, which is "read" and "write" protected form users. It provides no protection from system administrator or super-user. Storage of password files on backup media also poses security risk.
Encrypted passwords: A one-way functions of passwords are stored instead of clear passwords. When a user enters the password, the system computes the one-way function of the password and compares it with that stored in the system.
Threats to passwords
The following means are used to threat passwords.
Replay: An adversary records the password when it is transmitted in clear text over the communication line. The recorded password is subsequently used to impersonate.
Brute-force attack: An adversary tries all possible passwords, one at a time in the hope to uncover the correct password. The feasibility of the attack depends on the number of trials required (password space) and the time taken for each trial.
Password guessing: The adversary guesses the passwords by trying names of user's family members or proper names.Dictionary attacks: The adversary tries to match the password with dictionary words. Apart from standard dictionary, on-line dictionaries of words from foreign languages, specialized words from music and films are also available. Dictionary attack is generally not successful on a single user's password, but it may uncover a weak password to gain access to system.
Safeguards
The following measures are employed to safeguard passwords:
Password rules are imposed to prevent use of weak passwords. These could be: - Minimum length of passwords and allowable set of characters, uppercase, numeric, non-alphanumeric are specified.
- The password ageing time frames are specified to enforce change in passwords.
- Generations of expired passwords being disallowed for use are specified. A site may use reactive password checking strategy in which password cracker programmer is run periodically to find weak passwords.
A site may use proactive password checking scheme in which the system checks for all allowable password at the time of registration. If the password is weak, it is rejected.
Proof by Possession
A user presents physical token that the system can recognize as belonging to him such as a banking card, smart card or ATM card. Personal Identification Numbers (PINs) are often used along with physical token to identify the user. To prevent brute force attack on PIN, the machine confiscates the card by locking it and deactivates it if three unsuccessful attempts are made to enter the PIN.
PINs are second level of security; in case the card is lost or stolen. However, since users often do not keep the two things separate, theft is a regular occurrence in this case.
Proof by Property
Biometric techniques rely on measuring readily accessible and reliable unique characteristics of users such as fingerprints, written signatures, voice patterns, retinal scans, face geometry and hand geometry. When the system needs to authenticate the user, the system obtains a biometric measure of the user and then compares it against that stored in the database.
Strong Authentication
The following are strong authentication strategies:
Passkeys: User password is mapped to a one-way has-function to generate a cryptographic key. Such password-derived keys are known as passkeys. The passkey is used to secure communication link between the user and the system.One time passwords: A special equipment generates a pseudo random number which is used as password. The password is changed every minute and is time synchronized to the database stored in the computer. This method is expensive because of the additional hardware.
Challenge-response protocol: In proof of knowledge method using passwords, the user discloses the passwords to prove the knowledge of the shared secret. Whereas in the challenge-response method, a user provides his/her identity by responding correctly to the challenge (question) asked by the verifier. For example, the user and the system agree on function f = x2 + 5. When the user logs in, the system randomly selects a number say 10 and sends it to the user; the user has to reply with number 105 for valid authentication.
ACCESS CONTROL
Once a user or process has been authenticated, the next step in security is to prohibit the user from accessing resources not authorized to it. Access control is a means of enforcing authorization. Access controls are defined by protection rules, which define the possible ways in which subjects and objects are allowed to interact. The subjects, objects, operation and protection rules are described below:
Subject: A subject is an entity, wishing to access and perform operations on objects and to which access authorizations are to be granted. The subjects may be processes or users.
Object: An object is an entity to which access must be controlled. An object may be a file, a database, a semaphore, a tree data structure, CPU, memory segment, printer or a site of a network.
Operation: Each object is associated with a set of operations that may be performed on it. For example, for data files, operations could be open, close, create, delete, read and write. Similarly, for program files, the operations could be read, write and execute.
Protection rules: Protection rules govern rules for the subject's access to the object. Associated with each (subject, object) pair, is an access right that defines the set of possible operations.
Identity Based Policies
These are further categorized into individual based policy, group based policy and role based policy. An individual based policy is expressed in terms of list for each subject stating which subjects may perform which actions on the objects. In group based policy, several subjects are granted the same permission for one object. In role based policy, rights are granted. to groups of people based on their role in the organization. For example, Teller, Customer and Auditor are granted appropriate rights depending on their roles.
Rule Based Policy
Rule based policies are categorized into two categories: multi-level policy and compartment based policy.
Multi-level policy operates by assigning to each object a security level from the hierarchy of levels as given below. In compartment based policy, a set of objects is associated with a named security compartment or category, which isolates them from other sets of objects. Users need to be given a distinct clearance for a compartment to be able to access targets in the compartment.
Security Requirements
The military security evaluation has specified functional requirements for the flow of information as described below:.
There are different security levels: the hierarchical levels are defined as top secret, confidential and unclassified. Each subject and objects are assigned security level from the same hierarchy. For example, a person having a top secret clearance is allowed to read documents labeled top secret. A person with top secret classification can read unclassified documents.
Mandatory Access Control
The security level is assigned to each subject reflecting the degree to which it is trusted not to disclose sensitive information to other objects in accordance with the sensitivity of the information that it contains. Dominance relations has been defined for granting read-only access and write-only access as discussed below:
Read-only access stipulates that a subject S has read access to object X if security level of S is greater than or equal to security level of X.
Write-only access stipulates that a subject S has write access to object X if security level of X is greater than that of S.
Discretionary Access Control
In discretionary access control, once a subject has obtained information from the object, it can pass on that information to anyone else without the knowledge of the object's owner.
Labelling
The labelling requirements ensure that all human readable outputs produced by the system are labeled with the security levels of the information attached to the visible output.
Auditing
The auditing requirements ensure that all activities that change the state of the security of the system and actions that might indicate a threat to the integrity of the system are recorded. The records can be analyzed in case the security of the system is compromised.
Convert Channel Analysis
A convert channel is a path not intended for information transfer but subverts security policy of the system. Convert channels are usually based on the ability of one process to indirectly leak information to another process that is carefully monitoring it. Convert channel analysis requirements enforce that the amount of information that can flow through convert channel is limited to an acceptable bandwidth.
BACK | 
