Tuesday, May 6, 2008

WIFI Security

802.11a 5GHz 52Mbps OFDM (ortogonal multiplexing) low distance (hight frequency, lower distance)
802.11b 2,4GHz 5MHz*14channels DSSS (spreaded spectrum) (ch14 only used in Japan)
802.11g 2.4GHz

*Open System Authentication
The only "security" check is the ESSID

*Shared Key authentication

WEP -> CRC32 + RC4 (the same all the communication) -> weak security
WPA -> TKIP + RC4 (different every time)
WPA2-> AES + EAP -> strong security

*Bluetooth attacks
- bluejack send spam anonymously to victyms.
- bluebof exploit overflows in services remotelly.
- bluebug use AT commands on victims cell phone.

Sunday, May 4, 2008

Trusted Computer Base and Reference Monitor

Te Orange Book (Department of Defense Trusted Computer System Evaluation Criteria)
defines the trusted computer base (TCB) as the combination of all hardware, firmware and software responsible for enforcing the security policy.

The Reference Monitor also defined at Orange Book, and refers to an abstract machine that mediates all accesses to objects by subjects.

Saturday, May 3, 2008

Security Models

The main security models are: lattice, state machine, research, Bell-Lapadula (BLP), Biba, Clark-Wilson, access control matrix, information flow models, Graham-Denning, Harrison-Ruzzo-Ullman and Brewer-Nash (chinese wall).

* Latice
- one way information flow
- confidentiality and integrity
- security labels to all objects
- this model is used by (Bell-lapadula, biba, chinese wall)

* State machine
- The policy define the points the secure state can change.
- Check if current state is secure state.
- check the state of the automated information system (AIS)
- Go the one secure state to other secure state.

* Non interference models
- is a research model
- the inputs (high-level actions) don't determine what outputs (low-level actions) can see.
- Restricted flows between inputs and outputs.
- Activities are separated in security levels to reduce leaks.
- Higher security level can not interfere in lowerlevel
- Lower level cannot get any information from higher level.

* Information flow models
- research model
- labeled with security classes
- it could flow upward or at the same level if allowed.
- similar than BLP

* Bell-LaPadula model (BLP)
- Confidentiality model
- Described in the orange book and TCSEC
- Is a state machine
- Mandatory access control
- The MAC is based on labeling both objects and (with classifications) and subjects (with their clearances)
- The system (Reference Monitor) only allows access if the clearance is equal to or higher than the classification.
- Uses latice and matrix.
- simple security -> read down -> subject of lower clearance cannot read an object of higher classification.
- *(star) property -> write/append up -> hight level subject cannot send missages to lower-level object.

* Biba
- Integrity model
- complement to BLP
- simple integrity -> subject read access to object only if subject level <= object level
(absurd but true)
- the integrity * property ->subject have write access to object only if subject level => object level
- no information from a subject can be passed on to an object in higher security level.

* Clark-Wilson
- Integrity by controlling changes
- Suitable for transaction systems
- CORBA is based on Clark-Wilson, it creates relations between objects.
- no changes by unauthorized subjects, no unauthorized changes by unauthorized subjects.
- subject-program-object binding.
- subject authentication and identification
- only a set of programs can access objects
- users can run only a set of programs
- External consistency -> The system is doing what is expected to do.
- Internal consistency -> The data being consistent and similar to real world.
- CDI -> Constrained data item -> integrity protected.
- UCDI -> Unconstrained data item -> data not controlled by Clark-Wilson.
- IVP -> Integrity verification procedure -> Procedure scanning, data and confirming its integrity.
- Transformation procedures -> Procedures allowed only to change a cconstrained data item.

* Access control matrix
- Users, groups and roles down the left hand side.
- All the resources a functions across the top.
- Subjects are listed in rows.
- Objects are listed in columns.

* Graham-Denning
- set of objects, set of subjects, set of rights.
- subjects have process and a domain
- Eight primitive protection:
1. Create object
2. Create subject
3. Delete object
4. Delete subject
5. Read access right
6. Grant access right
7. Delete access right
8. Transfer access right

* Brewer-Nash (chinese wall)
- Prevent conflict of interest.
- Access control rules change user behavior.

Security Frameworks

* ISO/IEC 17799:2005
Is a security best practices. It has a great scope: Business continuiti management, access control, system development security controls, physical and environmental security, civil laws compliance, RRHH security, Information security, comunications and operations management, assent management, security policy and incident management.

* ISO 27001
Information security management specification. Is a complement for the ISO 17799.
Defines an information security management system and creates a framework for the design implementation, management and maintenance of IS processes throughout an organization. Will replace the BS 7799.
Is not a code of practice as 17799, defines the information management system itself.

* BS 7799
Will be replaced by ISO 27001.


SEI-CMMI means: Software Engineering Institute's Capability Maturity Model Integration
SEI is an I+D center contracted to advance software engineering practices.
CMMI ratings help customers determine trustworthy and low-risk vendors of software products and services.
A CMMI level 5 means than organization can prove successful application of government and industry vest practices.

Common Criteria

Common criteria is an ISO standard product evaluation which includes ITSEC and TCSEC.
CC evaluates the protection profiles (PPs) and security targets.

Assurance levels:

EAL 1 Functionally tested, all the threats to security are not seen as serious.
EAL 2 Structurally tested, low to moderate level of independently guaranteed security..
EAL 3 Methodically tested and checked, moderate level of independently ensured security.
EAL 4 Methodically designed, tested and reviewed. Developers or users require a moderate to high level of independntly ensured security.
EAL 5 Semiformally designed and tested, the requirement is hight level of independently ensured security.
EAL 6 Semiformally verified, designed and tested, for hight risk situations.
EAL 7 Formally verified, designed and tested, for extremelly high risk situations.

Trusted Computer Security Evaluation Criteria

TCSEC only adress with confidenciality, and is published at the Orange Book.


A Verified protection
A1 Verified design

B Mandatory protection
B3 Labeled security
B2 Structured protection
B1 Labeled security

C Discretionary protection
C2 Discretionary protection
C1 Controlled access

D Minimal Security

Common criteria has replaced TCSEC and ITSEC.

Information TEchnology Security Evaluation Criteria

ITSEC is product or system evaluation criteria, is primarily used in Europe and addresses the CIA triad.
The target to be evaluated is the TOE (target of evaluation)
There are two ratings, functionality rating (F1 to F10) and assurance rating (E0 to E6)

Common criteria has replaced ITSEC and TCSEC.