UoL CS Notes
Menu

Security

COMP315 Lectures

CIA Triad (Our Goals)

  • Confidentiality - Including company secrets and customer data.
  • Integrity - Keep stored data correct.
  • Availability - We should be able to provide the service.

Attacks

There are two general classifications of attacks:

Passive attacks require only observation from attackers:

  • Message Interception
  • Traffic Analysis

Active attacks require an attacker to do something:

  • Masquerade
  • Denial of Service
  • Message Modification (or Deletion)

Types of Attackers

Different types of attacker have different goals, methods and resources:

Attacker Goal CIA Target Methods Resources Attack Types
Bored Teenager lulz C, I & A Unintended use of public facing components. None Message interception, DOS.
Malicious Customer Steal/Fraud - Misuse of procedures. None -
Corporate Espionage Stealing secrets C Quiet gaining of login details or recruiting an insider. Considerable financial & technological. Interception
Criminals Make money from you. C & A Social engineering or known bugs to gain data or threaten with downtime. Varies Message modification, DOS.
Intelligence Service Learn about your customers or the products you are selling. C & I Supply chain attacks, side channel attacks, physical surveillance. All of them. Interception, modification and masquerade.
Insider May be a combination of other types. - - Internal resources. -
Mistakes Accidental impacts that should be mitigated. - - - -

Threat Modelling

Severity

The severity of an attack is based on three factors:

  • $f$ - How often the attack will happen?
  • $p$ - How likely is the attack to succeed?
  • $d$ - How damaging would the attack be?

Therefore we can calculate total severity by:

\[(f\times p)\times d\]

Damage

When determining damage, consider the following:

  • Direct Damage:
    • Loss of revenue when you shop is done.
    • Compensation to affected customers.
    • Loss of products to fraud.
  • Reputational Damage
  • Legal Issues:
    • Fines
    • Loss of License.
  • Loss of Competitive Advantage:
    • Leaking of trade secrets.
    • Loss of customer information.

Solution

After identifying an attack and determining its severity, choose a response:

  • Prevent by taking measures that make the attack impossible.
  • Mitigate by reducing the harm of the attack.
  • Accept. Often after taking other actions.

Cost

Security measures come at a price:

  • Financial cost.
  • Slowing down work.
  • Making things harder for your customers.
  • Making work less pleasant for your employees.

If security measures are perceived as excessive, it greatly increases the risk of noncompliance.

Security Measures

We can take the following measures to enhance our security:

  1. Technology is necessary, but not sufficient:
    • Rules and procedures are the best form of security.
  2. Follow relevant standards:
    • NIST Cybersecurity Framework (US)
    • Cyber Essentials (UK)
    • PCI DSS (Card Payments)
    • Insurance Standards
  3. Don’t have it:
    • You can be less of a target if you don’t have the data (or access to it) to begin with.
  4. Need to know only:
    • Anyone should only ever have access to what is essential.
    • Access can be split into read, write and physical.
  5. The mind is weak:
    • Rules should be written with humans in mind.
    • Rules should be easy to follow and tolerant of failure.
  6. Trust no input:
    • Always make sure that input is in the correct form before completing any sort of processing.
  7. Check and recover:
    • Have procedures to detect data corruption.
    • Always recover once corruption is detected.
  8. Get tested:
    • Employ a pentester to check your work.
    • Post bug bounties and react positively to found bugs to reduce the chance of people holding on to zero-days.

There are also some more rules for high security systems. They are often too onerous for typical systems:

  1. Air-gaps:
    • You can only really be secure when you are not connected to the internet.
    • A one-way network may be a reasonable solution for data monitoring.
    • Procedures should be implemented for getting information across the gap safely.
  2. No device is secure:
    • No device is acceptable in a high security environment, unless highly vetted.

Authentication

We can use the following factors to authenticate a user by:

  • Something the user knows (also Something the user can do):
    • By writing down a password you have it in multiple factors.
    • Can be changed easily.
    • Limits on what can be memorised.
    • Hard to determine whether an attacker has it.
  • Something the user has:
    • Equivalent to a physical key.
    • Generally an object that encodes a secret.
    • Often combined with knowledge such as a pin or inherent like an image.
    • Easy to change
    • Easy to detect theft.
      • Easy to steal.
    • Need to distribute the object.
  • Something the user is - Inherent (also includes standard behaviour):
    • Usually can’t be lost or forgotten.
    • Hard to steal.
    • Can’t be easily changed.
      • Could change unexpectedly.
    • Can be invasive.
  • Somewhere the user is (Location):
    • Can imply other authentication methods:
      • If you are in the office, you must have already authenticated by another means.
    • Low effort for the user.
    • Off-site location can be faked.
    • Not secure unless part of other factors.

Multi-Factor

In low security settings, one factor is often considered enough. However for:

  • Accounts involving payments.
  • Accounts for employees, where more information is available.

multiple factors should be mandatory.