UN IVERSITY OF BUEA

COLLEGE OF TECHN OLOGY

COURSE TITLE: IN FORMATION SYSTEMS AN D N ETWORK SECURITY

ACCESS CON TROL MECHAN ISMS TUTORIAL QUESTION S

Exercise 1

The diagram below shows the access control matrix for several components of an IT system:

File-I File-2 Fde-3 File-4

User-1 r orw orw -
User-2 - - - -
User-3 - r r orwx
User-4 O[\\I r r a

a) Write the access control lists equivalent to this access control matrix.
b) Write the "per-subject" lists of access rights equivalent to the access control matrix.

Exercise 2

Alice can read and write to file x, can read file y, and can execute file z. Bob can read file x, can read
and write to file y, and cannot access file z.

a) Write a set of access control lists for this scenario. Which list is associated with which file?

b) Write the access control matrix for the system described above.

c) Write the list of subjects and the list of objects for this system.

Exercise 3

Does the standard Unix operating system use mandatory or discretionary access control? Explain
your answer.

Exercise 4

Consider a computer system whose access control mechanisms implement the Biba Integrity Model.
Explain what you tell about the integrity levels of two processes running on this system, and which
need to send, receive and process messages from each other? Justify your answer.

Exercise 5

The integrity levels for several subjects and objects of an information system are shown in the
following table:

lnte2rlty level Subiect Object

4 (h ighest) Alice Personnel files
3 Bob Svstem lo1t file s
2 Cethv Wiki fil es
I (lowest) Dnn Bio~ files

1
 UN IVERSITY OF BUEA

COLLEGE OF TECHN OLOGY

COURSE TITLE: IN FORMATION SYSTEMS AN D N ETWORK SECURITY
AUTHEN TICATION AN D ACCESS CON TROL TUTORIALS
User authentication: establishes the identity of IT system users
Access control: specifies the privileges of authenticated users of an IT system

Identification: Typically public or well known way of asserting who you are/something is
Authentication: Proving the identity is who/what it claims to be. Should be private.

Authentication mechanisms use:

What the user knows (password, pin, answer)
What the user has (identity badge, key, uniform)
What the user is (voice, fingerprints)
Where the user is (common/registered location)

An authentication system comprises of 3 parts:

Authentication information (users supply to prove identity)
Complementary Information (computer stored Information, e.g. encrypted passwords for all
users, checksum of password info)
Complementation function (generates the comp. information from authentication info, hash
functions used to generate the checksums from the passwords)

Hash functions revisit

With important data, we need a way to determine that the transmission is complete and intact. Error
detecting codes were developed (hash codes, message digests, integrity checks) to demonstrate that
a block of data has been modified.
A collision will occur if some information has been changed but still directly matches the original
message digest, as this is a many-to-one function. When no change is reported, it is only likely, not
certain, that no change occurred.
Digest functions are unpredictable, so finding a second input that produces the same output as the
original Is infeasible.
A hash or a checksum provides the code value or the data being sent and is transmitted with the
data.
A cryptographic checksum is a digest function using a cryptographic key that is known to the
originator and the proper recipient of the data. This prevents an attacker from changing the data
(plaintext) and also the changing the checksum value (ciphertext) to match and let modifications go
undetected.
 Authentication process
User provides Information . nd enerates complementary information
IT system applies complementary fu~ct1on a . g with complementary information stored.
IT system compares complementary information
If information matches, user is authenticated.

Complementary information stored in terms of passwords

If password storage file is compromised, all passwords will be revealed. hi h
1 1
·t
Encrypting passwords also means storage of encryption keys for passwords, w c aga n,
compromised, leaks all information. k f II h
I
Storing cryptographic hash (checksum) for the password means, if files are leaked, attac er s as
to guess the passwords.

Cryptographic hash function becomes the complementation function.

When hash function is applied, system then checks if the checksum of what was entered is the same
as the checksum they have stored.
What happens if the hash function is compromised?
Unable to reverse engineer to find the password because knowing the hash function will allow you to
find the value of the checksum but will be computationally infeasible to find values that can be
created to match this checksum number.
Because the digest is of a fixed length it is extremely difficult to reverse engineer to find the original
text. There is no pattern between changes in text to changes in digest.

Password attacks
Off-line dictionary attacks
When the complementary information and complementation function are known
Complementation function is applied to list of obvious potential passwords until the list is
done or the passwords are guessed.
Can be done on users' server
On-line dictionary attacks
Slow, must establish connection to attacked server and check a password at a time.

To prevent offline dictionary attacks, strong access control should be enabled (strictly limiting who
has access to complementary information file.
Salting-

Lookup tables
Given a known complementary function, precomputed checksums for large sets of possible
passw~ rd s can be stored in a lookup table. A lookup table becomes more costly as password
length increases.

Salting
Before th e password is hashed, is it concatenated with a randomly generated string
The checksum and the salt is stored. ·
A users 'f
- peer re component added to an encrypted password to distinguish Identical passwords.
; Preventing attacks
Keep authentication info secret
Hide additional components of authentication system (comp. info & function)
Salt passwords
Do not reveal to attackers if they are part succeeding.
Constrain incoming connections to trusted remote machines

Anderson's Formula for pro~ability of guessing a password

P >/TG/N
P = probability of guessing password in specified period of time
G = number of guesses tested in 1 time unit
T = number of time units
N = number of possible passwords

Password length = (number of possible chars to use)"(password length)

Slowing on-line dictionary attacks

Disabling after failed attempts

Exponential backout
- Jailing (limiting use after given failed attempts)

User Authentications:
Challenge-response system - System issues challenge to use to provide correct response.
(Identifying images)
One-time passwords - Using different channels (phone etc) to provide one-time password
Two factor authentication - Two pieces of authentication required
Biometrics can be fooled - transmitted data can be intercepted and replayed layer. Also
intrusive.
Location - compared to usual location

Access Control

Terminology:
Subject- entity that can perform operations within an IT system (user/process)
Object - entity on which operations are being performed
 Access control . . . h' h b" ct can perform what
Access control matrix: simple abstraction mechanism for specifying w IC su 1e
operation on which data

Typical access rights: read, write, execute, append, own

Slide 60; double check with revision

Counter= object
Inc & dee & manage = object and subject

Access control list as an alternative to using an access control matrix

Matrices waste memory if sparse, list is more efficient by trading access time against space
Subjects that have no rights are not listed

User classes for access control much more efficient

Variant= role-based access control; the ability to access information based on subjects functions,
often hierarchical.

Mandatory access control

Imposed by policy. Owner's cannot change access rights (military security etc)
Central authority determines who accesses what
Discretionary access control
Object owner decides who should access what
Hybrid:

Policies to cover access control

Statement of what the system should do with regards to security.

Govern the decisions of access control.

Partition state systems into authorized and unauthorized access.
A secure system begins in an authorized state and never goes into an authorized state.

Security mechanism is an entity or procedure that enforces some part of a security policy.
An operating system will enforce file access rights that are specified in an access control list.

Types of security policies

Military - focus on confidentiality. Sometimes integrity and availability.
Commercial - focus integrity. Sometimes confidentiality & availability.
Confidentiality
Integrity
Security models

Confidentiality models
Preventing unauthorised disclosure of information (dealing with information flow)
Bell-LaPadula model - controlling the flow of information.
Assumes each object has a security class and each subject is clear to se.e information up to one of
these classes.
Simple security property- subject at given security level may not read above that level.
*-Property- subject at given security level must not write below security level.

. Security classes (examples): top secret, secret, confidential, unclassified)

Integrity models
Preventing unauthorized modification of data (information changes, commercial orgs)
Biba Model
Given integrity levels.
Simple integrity property- no reading down. Must always read upwards. E.g you must use
knowledge acquired from your lecturer/module content in an exam as the lecturer is the
authority in the module, and not from a reddit forum. Lower untrusted.
Integrity *-Property- no writing upwards.
 CON FIDEN TIALITY TUTORIAL QUESTION S

Exercise 1
a) Explain briefly why RSA public-key encryp_tio~ h~s not replaced symmetric encryption
completely despite its ability to solve the key d1stnbutI~~ problem.. .
b) DES uses a combination of substitution and transposIt1on to achieve its strength. What does
this mean?

Answer ·
a) RSA public-key encryption has not replaced symmetric encryption because it is slg~ificantly
slower than symmetric-key encryption with ciphers such as DES and AES. Also, using RSA
encryption only to establish a session key for communicating sensitive data reduces its
exposure since an attacker has access to a small amount of ciphertext.
b) Substitution means that each symbol or block in the plaintext is substituted for a different
symbol or block in the ciphertext. Transposition means that the symbols or blocks in the
plaintext are rearranged in the ciphertext - they are all still there but in a different order. In
DES, there are 16 rounds in which each block is split in two and swapped with the other half
block (the transposition part), and then a substitution cypher is applied to one half of the
block.

Exercise 2

Alice and Bob communicate using RSA. Alice wants to send a short secure message to Bob.
a. Alice encrypts the message to Bob using Bob's public key.
i. Which goal of a secure system does this achieve and what action is taken by Bob
in order to be able to read the message?
Why does Alice not encrypt the message using
ii. Bob's private key?
iii. Her own public key? or
iv. Her own private key?
b. Alice applies a cryptographic hash function to the message. She sends the resulting
checksum to Bob along with the encrypted message and tells him which cryptographic
hash function she used.
i. What goal of a secure system does this help achieve and what action is taken by
Bob in order to verify that this goal has been achieved?
ii. Alice doesn't encrypt the checksum. Why not?
c. Bob's public key is contained within an X.509 digital certificate issued by a Certification
~uthorit~ (C~) that Al~~e tru~ts. Give an example of a check she will carry out using
information m the certIfIcate m order to assure herself that that it is safe to trust Bob's
public key.

d. The pla_intext of Bob'~ X.509 certi!icate has a cryptographic checksum generated (c.f. part
b) and 1t and the certificate are signed by the issuing CA. What does this mean and why
do these two actions increase Alice's confidence in Bob?
e. One month after the successful transmission of Alice's message to Bob, Alice and Bob
h~ve a~ argument and Alice denies ever having sent Bob the message. The next time
Allee tnes to send_ B?b a message, Bob insists that Alice carries out an additional step to
prevent her repudiating the message. What is this extra step and what is it called?
 f. One year before his digital certificate is dHue bto expi~~ ~~;,~~layvr:sp~rise~i~r;~~hc:~:i~~~~
his private key on the number 23 Bu~ to ar orne.
issued his digital certificate. What actions does the CA take? . ?
g. What would be the consequence of the CA having its private key(s) compromised.

Answer

a.
i. Confidentiality. Bob needs to apply RSA using his private key to decrypt the
message. .
ii. Using Bob's private key is impossible for Alice because only Bob has a_ccess to rt.
iii. Using her own public key would make it unreadable to Bob because rt could only
be decrypted using Alice's private key, and only Alice has access to that.
iv. Her own private key would provide no confidentiality, because anyone could get
Alice's public key and decrypt the message.
b.
V. It provides Integrity. To verify the integrity of the message, Bob needs to apply the
same cryptographic hash function to the decrypted message and compare the
resulting checksum with the one Alice sent him. If they are the same, he can be
reasonably confident that the message has not been tampered with.
vi. Because it is infeasible for an attacker to reconstruct the message from the
checksum and knowledge of the cryptographic hash function used only.

c. She will check it hasn't expired. She should also check the Certificate Revocation List
to make sure it hasn't been revoked before its expiry date.
d. As in 2. the cryptographic checksum generated allows Alice to verify the integrity of
the certificate and the fact that it is signed by the CA, and thus has to be decrypted by
the CA's public key, assures Alice that the certificate has been issued by the trusted
CA and not anyone else. _
e. NB - this wasn't covered in lectures. He could get Alice to sign the message. This
would prove that Alice had sent it as only Alice has access to her private key (unless
her key had been compromised). This Non-Repudiation property is important for trust
in e-business where (e.g.) an electronic receipt for services provided should not be
able to be disavowed.
f. The CA revokes Bob's certificate and publishes it on a public Certificate Revocation
List so that anyone else communicating with Bob knows not to use the public key
corresponding to the compromised private key.
g. BIG problems for the CA - loss of reputation and all chains of trust in which the CA
was a link would break. No-one would trust any digital certificate issued by the CA so
none of its clients could be authenticated.