Posts Tagged ‘security

Nano strengthens barriers to counterfeiting

By providing non‐reproducible technological features, nanotechnology based developments are expected to offer a significant move forward in preventing illicit copying intellectual properties and products. Ultimately, the implementation of the novel techniques will considerably reduce tax revenue losses through counterfeiting and improve citizens’ safety and quality of life.

Holograms, tamper‐evident closures, tags and markings and RFID labels are the most widely known anti‐counterfeiting technologies. The key limitation of these methods is that they can be copied. Innovations exploiting the intrinsic nature of nano materials to give items complex and unique ‘fingerprints’ results both in the development of new approaches and improvement of existing techniques.

Holography ‐ easily identifiable holograms, for example, showing the manufacturer’s logo are primarily used as first level identification devices. Two dimensional nano scale gratings, photopolymers and luminescent nano particles can be utilized to provide an additional level of security for the holograms.

Laser surface authentication ‐ a laser is used to examine the surface roughness of an object. Complexity and uniqueness of the surface roughness code is similar to iris scans and fingerprints. The advantages of the technique is that surface roughness at nanoscale cannot be replicated. Therefore,a much higher level of security is offered to products as compared to holograms and watermarks.

Radio frequency identification (RFID) ‐ is a form of automatic identification and data capture technology where data stored on a tag is transferred via a radio frequency link. An RFID reader is used to extract this data from tags. New developments exploit nanoscale variations, naturally produced during the manufacturing process of RFIDs that are unique to individual integrated circuits , which can be verified during data transfer. This is known as the Physically Uncloneable Function (PUF).

Nano barcodes ‐ three dimensional polymer patterns on the order of tens of nanometres can be made on silicon substrates to provide 3D nanoscale data encryption key, similar to barcodes. The advantages over conventional barcode/marking are difficulty of detecting presence (covert marking)and duplication. These can be applied to banknotes,security papers, art, jewellery and gemstones.

SERS and quantum dots tags – metal nano particles produce unique electromagnetic spectra (known as surface enhanced raman scattering) while certain semiconductor nano particles (known as quantum dots) have different fluorescence based on size and chemical composition. Both can be exploited as identification tools. They offer difficulty in reproducing due to infinite combinations, covert security feature, non‐toxicity and multi functionality. These nano scaled tags can be applied in inks, adhesives, laminates, paper, packaging, textiles, glass, and others.

Nano composite tags – consist of a materials‐based pattern (with magnetic and/or optical features) that forms part of a label, tag or embedded portion of an item. The nanometre sized magnetic and optical features are generated randomly during manufacturing, constituting a unique ‘fingerprint’ that is read and stored in a central database . The result is a secure identity for an individual item that is prohibitively expensive and difficult to copy. This technology can be applied in the pharmaceutical, spare parts, fashion and food and beverage industries. Incorporating encapsulated and functionalized (e.g. thermochromic) nano particles in labels is another promising solution based on the use of nano composites.

Tags : , , , , , , , , , , , , , , , , , , , , , , , , ,

Security a New Dimension in Embedded System Design

Embedded systems, which will be ubiquitously used to capture, store, manipulate, and access data of a sensitive nature, pose several unique and interesting security challenges. Security has been the subject of intensive research in the areas of cryptography, computing, and networking. However, security is often mis-construed by embedded system designers as the addition of features, such as specific cryptographic algorithms and security protocols, to the system. In reality, it is an entirely new metric that designers should consider throughout the design process, along with other metrics such as cost, performance, and power.security in one form or another is a requirement for an increasing number of embedded systems, ranging from low-end systems such as PDAs, wireless handsets, networked sensors, and smart cards, to high-end systems such as routers, gateways, firewalls, storage servers, and web servers. Technological advances that have spurred the development of these electronic systems have also ushered in seemingly parallel trends in the sophistication of security attacks. It has been observed that the cost of insecurity in electronic systems can be very high. For example, it was estimated that the “I Love You” virus caused nearly one billion dollars in lost revenues worldwide.
With an increasing proliferation of such attacks, it is not surprising that a large number of users in the mobile commerce world (nearly 52% of cell phone users and 47% of PDA users, according to a survey by Forrester Research) feel that security is the single largest concern preventing the successful deployment of next-generation mobile services. With the evolution of the Internet, information and communications security has gained significant attention. For example, various security protocols and standards such as IPSec, SSL, WEP, and WTLS, are used for secure communications. While security protocols and the cryptographic algorithms they contain address security considerations from a functional perspective, many embedded systems are constrained by the environments they operate in, and by the resources they possess. For such systems, there are several factors that are moving security considerations from a functioncentric perspective into a system architecture (hardware/software) design issue.

Tags : , , , , , , , , , , , , , , , , , , , ,

Replica Creation and Replica Selection in Data Grid Service

Replica selection is interesting because it does not build on top of the core services, but rather relies on the functions provided by the replica management component described in the preceding section. Replica selection is the process of choosing a replica that will provide an application with data access characteristics that optimize a desired performance criterion, such as absolute performance (i.e. speed), cost, or security. The selected le instance may be local or accessed remotely. Alternatively the selection process may initiate the creation of a new replica whose performance will be superior to the existing ones.

Where replicas are to be selected based on access time, Grid information services can provide information about network  performance, and perhaps the ability to reserve network bandwidth, while the metadata repository can provide information about the size of the file. Based on this, the selector can rank all of the existing replicas to determine which one will yield the fastest data access time.  Alternatively, the selector can consult the same information sources to determine whether there is a storage system that would result in better performance if a replica was created on it.

A more general selection service may consider access to subsets of a fi le instance. Scientific experiments often produce large les containing data for many variables, time steps, or events, and some application processing may require only a subset of this data. In this case, the selection function may provide an application with a fi le instance that contains only the needed subset of the data found in the original file instance. This can obviously reduce the amount of data that must be accessed or moved.

This type of replica management has been implemented in other data-management systems. For example, STACS is often capable of satisfying requests from High Energy Physics applications by extracting a subset of data from a file instance. It does this using a complex indexing scheme that represents application metadata for the events contained within the file . Other mechanisms for providing similar function may be built on application metadata obtainable from self-describing file formats such as NetCDF or HDF.

Providing this capability requires the ability to invoke ltering or extraction programs that understand the structure of the fi le and produce the required subset of data. This subset becomes a fi le instance with its own metadata and physical characteristics, which are provided to the replica manager. Replication policies determine whether this subset is recognized as a new logical file (with an entry in the metadata repository and a fi le instance recorded in the replica catalog), or whether the fi le should be known only locally, to the selection manager.

Data selection with subsetting may exploit Grid-enabled servers, whose capabilities involve common operations such as reformatting data, extracting a subset, converting data for storage in a different  type of system, or transferring data directly to another storage system in the Grid. The utility of this approach has been demonstrated as part of the Active Data Repository. The subsetting function could also exploit the more general capabilities of a computational Grid such as that provided by Globus. This o ers the ability to support arbitrary extraction and processing operations on fi les as part of a data management activity.

Tags : , , , , , , , , , , , , , , , ,

Which Database Is the Most Secure ?

All of the databases we cover in this volume have had serious security flaws at some point. Oracle has published 69 security alerts on its “critical patch updates and security alerts” page — though some of these alerts relate to alarge number of vulnerabilities, with patch 68 alone accounting for somewhere between 50 and 100 individual bugs. Depending on which repository you search, Microsoft SQL Server and its associated components have been subject to something like 36 serious security issues — though again, some of these patches relate to multiple bugs. According to the ICAT metabase, DB2 has had around 20 published security issues — although the authors of this book have recently worked with IBM to fix a further 13 issues. MySQL has had around 25 issues; Sybase ASE is something of a dark horse with a mere 2 published vulnerabilities. PostgreSQL has had about a dozen. Informix has had about half a dozen, depending on whose count you use.

The problem is that comparing these figures is almost entirely pointless. Different databases receive different levels of scrutiny from security researchers. To date, Microsoft SQL Server and Oracle have probably received the most, which accounts for the large number of issues documented for each of those databases. Some databases have been around for many years, and others are relatively recent. Different databases have different kinds of flaws; some databasesare not vulnerable to whole classes of problems that might plague others. Even defining “database” is problematic. Oracle bundles an entire application environment with its database server, with many samples and prebuilt applications. Should these applications be considered a part of the database? Is Microsoft’s MSDE a different database than SQL Server ? They are certainly used in different ways and have a number of differing components, but they were both subject to the UDP Resolution Service bug that was the basis for the “Slammer” worm.

Even if we were able to determine some weighted metric that accounted forage, stability, scrutiny, scope, and severity of published vulnerabilities, we would still be considering only “patchable” issues, rather than the inherent security features provided by the database. Is it fair to directly compare the comprehensive audit capabilities of Oracle with the rather more limited capabilities of MySQL, for instance? Should a database that supports securable views be considered “more secure” than a database that doesn’t implement that abstraction? By default, PostgreSQL is possibly the most security-aware database available — but you can’t connect to it over the network unless you explicitly enable that functionality. Should we take default configurations into account? The list of criteria is almost endless, and drawing any firm conclusions from it is extremely dangerous.

Ultimately, the more you know about a system, the better you will be able to secure it — up to a limit imposed by the features of that system. It isn’t true tosay, however, that the system with the most features is the most secure because the more functionality a system has, the more target surface there is for an attacker to abuse. The point of this book is to demonstrate the strengths and weaknesses of the various database systems we’re discussing, not — most emphatically not — to determine which is the “most secure”.

Tags : , , , , , , , , , , , , , , , , , , , , , ,

Desirable Quantum Key Distribution Attributes

Broadly stated, QKD(Quantum Key Distribution) offers a technique for coming to agreement upon a shared random sequence of bits within two distinct devices, with a very low probability that other devices(eavesdroppers) will be able to make successful inferences as to those bits’ values. In specific practice, such sequences are then used as secret keys for encoding and decoding messages between the two devices. Viewed in this light, QKD is quite clearly a key distribution technique, and one can rate QKD’s strengths against a number of important goals for key distribution, as summarized in the following paragraphs.

Confidentiality of Keys : Confidentiality is the main reason for interest in QKD. Public key systems suffer from an ongoing uncertainty that decryption is mathematically intractable. Thus key agreement primitives widely used in today’s Internet security architecture, e.g., Diffie-Hellman, may perhaps be broken at some point in the future. This would not only hinder future ability to communicate but could reveal past traffic.Classic secret key systems have suffered from different problems, namely, insider threats and the logistical burden of distributing keying material. Assuming that QKD techniques are properly embedded into an overall secure system, they can provide automatic distribution of keys that may offer security superior to that of its competitors.

Authentication : QKD does not in itself provide authentication.Current strategies for authentication in QKD systems include prepositioning of secret keys at pairs of devices, to be used in hash-based authentication schemes, or hybrid QKD-public key techniques. Neither approach is entirely appealing. Prepositioned secret keys require some means of distributing these keys before QKD itself begins, e.g., by human courier,which may be costly and logistically challenging. Furthermore, this approach appears open to denial of service attacks in which an adversary forces a QKD system to exhaust its stockpile of key material, at which point it can no longer perform authentication. On the other hand, hybrid QKD-public key schemes inherit the possible vulnerabilities of public key systems to cracking via quantum computers or unexpectedadvances in mathematics.

Sufficiently Rapid Key Delivery : Key distribution systems must deliver keys fast enough so that encryption devices do not exhaust their supply of key bits. This is a race between the rate at which keying material is put into place and the rate at which it is consumed for encryption or decryption activities. Today’s QKD systems achieve on the order of 1,000 bits/second throughput for keying material, in realistic settings, and often run at much lower rates. This is unacceptably low if one uses these keys in certain ways, e.g., as one-time pads for high speed traffic flows. However it may well be acceptable if the keying material is used as input for less secure (but often secure enough) algorithms such as the Advanced Encryption Standard. Nonetheless, it is both desirable and possible togreatly improve upon the rates provided by today’s QKD technology.

Robustness : This has not traditionally been taken into account by the QKD community. However, since keying material is essential for secure communications, it is extremely important that the flow of keying material not be disrupted, whether by accident or by the deliberate acts of an adversary (i.e. by denial of service). Here QKD has provided a highly fragile service to date since QKD techniques have implicitly been employed along a single point-to-point link. If that link were disrupted,whether by active eavesdropping or indeed by fiber cut, all flow of keying material would cease. In our view a meshed QKD network is inherently far more robust than any single point-to-point link since it offers multiple paths for key distribution.

Distance- and Location-Independence : In the ideal world,any entity can agree upon keying material with any other(authorized) entity in the world. Rather remarkably, the Internet’s security architecture does offer this feature – any computer on the Internet can form a security association with any other, agreeing upon keys through the Internet IPsec protocols. This feature is notably lacking in QKD, which requires the two entities to have a direct and unencumbered path for photons between them, and which can only operate fora few tens of kilometers through fiber.

Resistance to Traffic Analysis : Adversaries may be able to perform useful traffic analysis on a key distribution system,e.g., a heavy flow of keying material between two points might reveal that a large volume of confidential information flows, or will flow, between them. It may thus be desirable to impede such analysis. Here QKD in general has had a rather weak approach since most setups have assumed dedicated, point-to-point QKD links between communicating entities which thus clearly lays out the underlying key distribution relationships.

 

Tags : , , , , , , , , , , , , , , , , , , , , , , , ,

RFID Security and Privacy Risks

RFID tags may pose security and privacy risks to both organizations and individuals. Unprotected tags may have vulnerabilities to eavesdropping, traffic analysis, spoofing or denial of service. Unauthorized readers may compromise privacy by accessing tags without adequate access control. Even if tag contents are protected, individuals may be tracked through predictable tag responses; essentially a traffic analysis attack violating “location privacy”. Spoofing of tags may aid thieves or spies. Saboteurs could threaten the security of systems dependent on RFID technology through denial of service.

Any parties with their own readers may interrogate tags lacking read access control, although only within a relatively short tag read range of a few meters. While anyone could also scan nearby optical barcodes, they cannot do so wirelessly at a rate of hundreds of reads per second. The very properties making RFID technology attractive interms of efficiency make it vulnerable to eavesdropping. Aggregate logistics and inventory data hold significant financial value for commercial organizations and their competitors. A store’s inventory labeled with unprotected tags may be monitored by competitors conducting surreptitious scans. Sales data maybe gleaned by correlating changes over time. Individuals carrying items with unsecured tags are vulnerable to privacy violations. A nearby eavesdropper could scan the contents of your pockets or bag; valuable data to nosy neighbors, market researchers or thieves in search of ripe victims.

Another important privacy concern is the tracking of individuals by RFID tags. A tag reader at a fixed location could track RFID-labeled clothes or bank notes carriedby people passing by. Correlating data from multiple tag reader locations could track movement, social interactions, and financial transactions. Concerns over location privacy were recently raised when a major tire manufacturer began embedding RFID tagsinto all their products . Even if the tags only contain product codes rather than unique serial numbers, individuals could still be tracked by the “constellation” of  products they carry. Someone’s unique taste in brands could betray their identity.

In addition to threats of passive eavesdropping and tracking, an infrastructure dependent on RFID tags may be susceptible to denial of service attacks or tag spoofing. By spoofing valid tags, a thief could fool automated checkout or security systems into thinking a product was still on a shelf. Alternatively, a thief could rewrite or replace tags on expensive items with spoofed data from cheaper items. Saboteurs could disruptsupply chains by disabling or corrupting a large batch of tags.

Tags : , , , , , , , , , , , , ,

Axis2 Web Services Framework

In recent years many Web Services frameworks emerged. One of the most popular open source Web Services Framework is Apache Axis2. The Rampart module of Axis2 contains an implementation of the WS-Security standard, which allows to apply XML Encryption and XML Signature in SOAP messages.

To use a module in the Axis2 framework, the module must be engaged to the Axis2’s message flow. A flow is a collection of modules, where each module takes the incoming SOAP message context, processes it, and passes it to the next module. When the SOAP message comes to the end of the flow, it is forwarded to a Message Receiver. The Message Receiver invokes the function implemented in the Service class and passes the result to the output flow.

The Axis2 flow consists typically of  three modules, namely Transport, Security, and Dispatch. The Security module processes the security elements. In particular, encrypted elements are first decrypted and then parsed by an XML parser in order to update the SOAP message context. The decrypted and validated content is then passed on to the Dispatch module. Each module in the flow and the Message Receiver can stop the SOAP message processing if an error occurs. In this case the processing is terminated and an appropriate SOAP fault is returned.

We distinguish between two types of server responses. We say that a security fault is returned, if the server replies with a WSDoAllReceiver: security processing failed message. If an application-specific error or no error message is returned, then we say that the server replies with an application response.

Tags : , , , , , , , , , , ,

Enterprise Password Management

This  provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise. Effective password management reduces the risk of compromise of password-based authentication systems. Organizations need to protect the confidentiality, integrity, and availability of passwords so that all authorized users—and no unauthorized users—can use passwords successfully as needed. Integrity and availability should be ensured by typical data security controls, such as using access control lists to prevent attackers from overwriting passwords and having secured backups of password files. Ensuring the confidentiality of passwords is considerably more challenging and involves a number of security controls along with decisions involving the characteristics of the passwords themselves. For example, requiring that passwords be long and complex makes it less likely that attackers will guess or crack them, but it also makes the passwords harder for users to remember, and thus more likely to be stored insecurely. This increases the likelihood that users will store their passwords insecurely and expose them to attackers.

Organizations should be aware of the drawbacks of using password-based authentication. There are many types of threats against passwords, and most of these threats can only be partially mitigated. Also, users are burdened with memorizing and managing an ever-increasing number of passwords. However, although the existing mechanisms for enterprise password management can somewhat alleviate this burden, they each have significant usability disadvantages and can also cause more serious security incidents because they permit access to many systems through a single authenticator. Therefore, organizations should make long-term plans for replacing or supplementing password-based authentication with stronger forms of authentication for resources with higher security needs.

Organizations should implement the following recommendations to protect the confidentiality of their passwords.

Create a password policy that specifies all of the organization’s password management-related requirements.

Password management-related requirements include password storage and transmission, password composition, and password issuance and reset procedures. In addition to the recommendations provided in this publication, organizations should also take into account applicable mandates (e.g., FISMA), regulations, and other requirements and guidelines related to passwords. An organization’s password policy should be flexible enough to accommodate the differing password capabilities provided by various operating systems and applications. For example, the encryption algorithms and password character sets they support may differ. Organizations should review their password policies periodically, particularly as major technology changes occur (e.g., new operating system) that may affect password management.

Protect passwords from attacks that capture passwords.

Attackers may capture passwords in several ways, each necessitating different security controls. For example, attackers might attempt to access OS and application passwords stored on hosts, so such passwords should be stored using additional security controls, such as restricting access to files that contain passwords and storing one-way cryptographic hashes of passwords instead of the passwords themselves. Passwords transmitted over networks should be protected from sniffing threats by encrypting the passwords or the communications containing them, or by other suitable means. Users should be made aware of threats against their knowledge and behavior, such as phishing attacks, keystroke loggers, and shoulder surfing, and how they should respond when they suspect an attack may be occurring. Organizations also need to ensure that they verify the identity of users who are attempting to recover a forgotten password or reset a password, so that a password is not inadvertently provided to an attacker.

Configure password mechanisms to reduce the likelihood of successful password guessing and cracking.

Password guessing attacks can be mitigated rather easily by ensuring that passwords are sufficiently complex and by limiting the frequency of authentication attempts, such as having a brief delay after each failed authentication attempt or locking out an account after many consecutive failed attempts. Password cracking attacks can be mitigated by using strong passwords, choosing strong cryptographic algorithms and implementations for password hashing, and protecting the confidentiality of password hashes. Changing passwords periodically also slightly reduces the risk posed by cracking. Password strength is based on several factors, including password complexity, password length, and user knowledge of strong password characteristics. Organizations should consider which factors are enforceable when establishing policy requirements for password strength, and also whether or not users will need to memorize the passwords.

Determine requirements for password expiration based on balancing security needs and usability.

Many organizations implement password expiration mechanisms to reduce the potential impact of unauthorized use of a password. This is beneficial in some cases but ineffective in others, such as when the attacker can compromise the new password through the same keylogger that was used to capture the old password. Password expiration is also a source of frustration to users, who are often required to create and remember new passwords every few months for dozens of accounts, and thus tend to choose weak passwords and use the same few passwords for many accounts. Organizations should consider several factors when determining password expiration requirements, including the availability of secure storage for user passwords, the level of threats against the passwords, the frequency of authentication (daily versus annually), the strength of password storage, and the effectiveness or ineffectiveness of password expiration against cracking. Organizations should consider having different policies for password expiration for different types of systems, operating systems, and applications, to reflect their varying security needs and usability requirements.

Tags : , , , , , , , , , , , , ,