# Review of Basic Security Mechanisms

There are numerous ways to classify something as complex as security. Chapter 4 focuses on the goals of the attacker, that is, what the attacker gains if he is successful. This section introduces another method of classifying attacks based on the security mechanism targeted by the attacker.

Every effective security architecture uses one or more security mechanisms to implement the goals of the architecture. These basic security mechanisms are confidentiality, integrity, and availability.

#### Confidentiality

Confidentiality protects against the inadvertent or malicious disclosure of sensitive information, that is, it conceals information. Usually, confidentiality is provided by cryptographic or access control mechanisms. Let's review the definitions of these mechanisms.

##### Cryptography

Encryption is the process of making information indiscernible to an adversary, and cryptography is the study of making and breaking encryption algorithms. There are two widely used forms of encryption: symmetric and asymmetric. With symmetric encryption, the communicating parties share a secret?a key?that is used for both encryption and decryption. With asymmetric encryption, the communicating parties usually have two keys, a private key for decryption and a public key for encryption. The inverse is also true. The private key can be used to encrypt some data. In this case, the result is essentially a signature that can be verified by anyone having knowledge of the corresponding public key, if he knew or could compute the value of the encrypted data. Now, let's discuss symmetric and asymmetric encryption in more detail.

##### Asymmetric Encryption

Asymmetric encryption, also known as public key cryptography, uses a different key for decryption than the key used for encryption, as follows:

M = D(private_key, E(public_key, M)),

where M is the message, D is the decryption function, and E is the encryption function.

Usually, the two keys used in the process are referred to as a key pair, with one key called the private key and the other key called the public key. The public key is shared with anyone for communications purposes, and the private key remains known only to the holder, or principal, of the key pair. The public key is usually shared in the form of a certificate that includes information that uniquely identifies the holder of the key pair as well as the signature of the issuer?a trusted entity that vouches that the identity bound to the public key in the certificate is correct. The process that issues and revokes public-key certificates is called a public key infrastructure, or PKI.

An example of an asymmetric encryption algorithm is the widely used RSA public key algorithm designed by Rivest, Shamir, and Adleman (Rivest et al., 1979).

##### Symmetric Encryption

Symmetric encryption uses the same secret key, k, for both encryption and decryption, in other words:

M = D(k, E(k, M).

Examples of popular symmetric encryption algorithms include the RC4 (Ron's Cipher 4) by Ron Rivest and AES (Advanced Encryption Standard) ciphers, both of which have already been covered in some detail (RC4 in Chapter 6, and AES in Chapter 12). Symmetric ciphers operate in one of two fashions?stream or block. In a stream cipher, such as RC4, each byte of the plaintext or ciphertext is processed individually?that is, a byte is the basic unit. In a block cipher such as AES, the plaintext or ciphertext is grouped together into blocks of a predetermined and fixed size and then processed as a single unit.

When two parties wish to communicate securely using a symmetric cipher, they first must agree upon the shared secret, k, in a secure fashion. This is usually accomplished via key distribution or key agreement, both of which are forms of key management, which we discuss next.

##### Key Management

Key management systems provide the means for implementing cryptographic periods via the secure distribution of new keys on a regular basis. An important point is that disclosure of the secret key during distribution would cause any cryptographic system to fail, and failing to regularly change keys would weaken most cryptographic systems. Therefore, every security architecture should use a robust key management system.

Of the two approaches to key management, manual and automatic (electronic) systems, manual systems are more prone to risk because they significantly depend on human assistance, which has historically been the weakest link in any security architecture. Automatic systems, while more difficult to design, are significantly more robust when correctly designed, implemented, and operated.

##### Access Control

Access control is another mechanism that supports confidentiality. We previously followed the analogy of the much-valued doorman who allows only those who live in an apartment building to enter it. Essentially, the purpose of access control is to allow only those who are authorized to use or view system resources. Typically, this is accomplished through an access control list (ACL), which in its simplest form is a look-up table based on some identity criteria. Access control mechanisms work very closely with authentication as they rely on a valid identity (proven by authentication) to make decisions concerning access. Remember we first introduced access control in Chapter 8 and authentication in Chapter 6.

#### Integrity

There are two aspects to integrity. With source integrity?also known as authentication?the information's originator is known and credible. With data integrity, we seek to prevent inadvertent or malicious modification of the data.

##### Source Integrity

Source integrity (authentication) is the process of proving either a principal's identity or a trusted source of data/system resources. Strong authentication requires two elements. The first is a common trust element?something or someone whom the object doing the authentication trusts and who can vouch for the subject or person being authenticated. The second element is a unique identity for the subject being authenticated. For example, when you use a check to pay for goods, the cashier usually asks to see your driver's license to ensure that it matches the name on the check. In other words, the clerk is authenticating your identity by trusting the Department of Motor Vehicles to have verified your identity before issuing you a driver's license. Although not foolproof, the difficulty of forging drivers' licenses encourages merchants to use them as verification when accepting checks.

Authentication works closely with access control mechanisms, which require a verified identity to make access decisions.

##### Data Integrity

Ensuring data integrity requires the detection and, ideally, the prevention of unauthorized modifications. Whereas cryptography detects integrity violations, access control prevents integrity violations.

Access control for data integrity is similar to using access control for confidentiality; the mechanism prevents attackers from accessing and thus modifying the data. The cryptographic approach is somewhat different in that it uses a cryptographic hash function to create a unique hash value or fingerprint of the data. To be considered a cryptographic hash function, an algorithm must meet four requirements:

• The hash value must be easy to compute.

• Creating data that results in a specific hash value must be computationally difficult so that it is difficult for adversaries to replicate that hash value and make undetected alterations to data.

• The hash function must be one way, making it difficult to recreate the data based solely on the hash value.

• Collisions?that is, identical hash values for two random data sets?must be difficult to find.

Given a cryptographic hash function, detecting integrity violations is straightforward. First, we compute the hash value for a given data set. Then, we compute a new hash value over the same data at a later time and compare it to the previous value. If the two values are not equal, the data was modified. We do this using message authentication codes and digital signatures.

##### Message Authentication Codes

Message authentication codes (MAC[1]) use a keyed one-way function to provide message authenticity proving that the contents have not been altered in route.

[1] The cryptographic and security community use the acronym MAC while the IEEE uses MIC (message integrity check). The reason the IEEE uses MIC is that the acronym MAC was already in use. In this chapter, we use MAC.

A keyed cryptographic hash is the most common way to build a MAC, requiring a shared secret, k, between the communicating parties and an agreed-upon cryptographic hash function, H. To send a message, M, along with another MAC, the sender computes the MAC using MAC = H(k M, k), and sends <M, MAC> to the recipient.

Upon receipt, the receiver computes a MAC value over M and compares the computed value to the received MAC. If the two values are the same, the message authenticity is valid.

While the simple MAC shown previously provides message authenticity, it should not be used in practice because a much stronger MAC exists. The HMAC MAC has a formal basis for its security properties (Krawczyk, 2003).

##### Digital Signatures

Digital signatures use a cryptographic hash function such as MD5 or SHA1 along with public key cryptography to ensure message authenticity and data integrity. To compute a digital signature, the sender first computes a hash value h of the message M and then encrypts this hash value using an asymmetric algorithm, typically RSA, with the sender's private key. This process of computing a digital signature is shown below:

h = H(M)

S = ERSA(private_key, h)

The sender now sends the message M and the signature S to the recipient. To verify the authenticity of the message, the receiver calculates the hash value of the message, , and decrypts the signature S using the sender's public key to obtain the original hash value h. The receiver now compares the two hash values: If they are equal, the message is authentic; if they are not, the message was either tampered (data integrity attack) or not tampered while in route from the expected sender (source integrity). The process of generating the two hash values is shown below:

h' = H(M)

h = DRSA(public_key, S)

Some people wrongly believe that cryptography provides a complete security solution. It does not. Cryptography is an extremely important tool in providing security, but it is not the complete solution to our security problems.

 Praise for 'Real 802.11 Security: Wi-Fi Protected Access and 802.11i'
 Preface
 Acknowledgments
 Part I: What Everyone Should Know
 Part II: The Design of Wi-Fi Security
 Appendixes
 Acronyms
 References