NOTES re: Issues on Infrastructure Security and Technical Means of Protecting It

Copyright Michael B. Scher This document may be freely distributed by electronic media solely for non-commercial purposes. Reproduction in any form must be of the entire work including this copyright notice. Print copies (except a personal use copy) with permission of the author only. All other rights reserved.

strange(at)cultural.com


Notes on Technical Means of Protecting Information 

Access control (to data and systems)
	Authentication
		User identification PLUS
			Passwords
			Digital certificates
			"One-time" password systems
				"Software" Tokens
				Hardware Tokens
			Biometrics
			Geographic locality


CHART
				Auth type
Provides			---------
--------	User/pass	Certs	Softtoken	hardtoken	biometrics	geographic locality	true smartcard
Authentication	Y		Y	Y		Y		Y		Y			Y
Non-repeatable	N		Y*	Y*		Y*		N		N			Y
Copy-protection	N		N	N		Y		N*		Y*			Y
Sniff-proof	N		Y	Y		Y		N*		N*			Y
IDs PERSON	N		N	N		N/Y		Y		N			N/Y
CryptoKey	N		Y	N		N		N*		N			N

* == Depends on implementation (may depend on combination with other means) 


Biometrics issues and misunderstandings (marketing)
	Goal is to just do what we do in person and be ASSURED it is 
		so-and-so.  Brings us back to the disguize game without
		the social eng. side.
	Transportation of ID is problem usually solved by something that 
		winds up treating the biometric as a password
	Local authentication stores are OK
		Ex: bio reader to get into your laptop
		BUT NOT: bio reader to log into network
	Geographically-fixed readers are OK
		Ex: bio door access
		BUT NOT: bio access to data stores from remote site
	When remote is good, biometrics just become a fixed password 
		inside a better auth system
	How to revoke if compromised?  How many fingerprints to use with 
		how many companies?  Irises?
	NB also recent fingerprint revelation

Digitial certificate issues and misunderstandings (legal AND marketing)
	Legal idea that it's a signature
		Better to consider it a rubber-stamp signature
		If certificate gets out of user's control, then it's just
			a BIG password protected by a small password
	Storage and central verification and REVOKATION are huge issues 
		that require a lot of planning



	Authorization
		Authentication PLUS
			Rights lists
				by user
				by group
				by target
			Data typing
				by value
				by secrecy
			System typing
				by criticality
				by purpose
	Accounting
		Authentication success and failure
			Repeated failures
			Source of authentication/attempt
		Resources accessed with rights
			Resource access attempted beyond rights
		Actions taken with resources
		Logoff	
	Encryption as access control
		Rights based on having the key
		Auditing not really possible

Data Integrity
	Checksums
		Depending on type, can be defeated
	Encryption as integrity check
		May both identify the user (to degree possible) and 
			validate the data is what the user signed

Data Destruction
	Backups
	RAID arrays
	Distribited data