Adaptable security mechanism for dynamic ... - Semantic Scholar

computers & security 26 (2007) 246–255

available at www.sciencedirect.com

journal homepage: www.elsevier.com/locate/cose

Adaptable security mechanism for dynamic environments a, _ Bogdan Ksi˛ezopolski *, Zbigniew Kotulskib,c a

Institute of Computer Science, M. Curie-Skłodowska University, Pl. M. Curie-Skłodowskiej 1, 20-031 Lublin, Poland Institute of Fundamental Technological Research of PAS, S´wi˛etokrzyska 21, 00-049 Warsaw, Poland c Institute of Telecommunications of WUT Nowowiejska 15/19, 00-665 Warsaw, Poland b

article info

abstract

Article history:

Electronic services in dynamic environment (e.g. e-government, e-banking, e-commerce, etc.),

Received 12 December 2005

meet many different barriers reducing their efficient applicability. One of them is the

Revised 25 October 2006

requirement of information security when it is transmitted, transformed, and stored in an

Accepted 1 November 2006

electronic service. It is possible to provide the appropriate level of security by applying the present-day information technology. However, the level of protection of information is often much

Keywords:

higher than it is necessary to meet potential threats. Since the level of security strongly affects

Network security

the performance of the whole system, the excessive protection decreases its reliability and

Information security

availability and, as a result, its global security. In this paper we present a mechanism of adapt-

Cryptographic protocol

able security for, digital information transmission systems (being usually the crucial part of

Cryptography

e-service). It makes it possible to guarantee the adequate level of protection for actual level

Risk management

of threats dynamically changing in the environment. In our model the basic element of the

Scalable security

security is the Public Key Infrastructure (PKI) is enriched with specific cryptographic modules. ª 2006 Elsevier Ltd. All rights reserved.

1.

Introduction

Nowadays advanced teleinformatic technologies provide a wide range of possibilities of development for industry and institutions and public services. Emphasis, is put on the development of well-available, mobile information services called ‘‘e-anything’’, like e-government, e-money, and e-banking. These public services are realized in an electronic manner, which enables increasing their availability, while simultaneously cutting down on expenses (Barlow, 2003). Implementation of these services would be connected with the choice of a proper level of security of the information sent between parties of protocols (Groves, 2001; Merabti et al., 2000; Patton and Josang, 2004). Among teleinformatic technologies, cryptographic modules there are those, which assure various

information security services, e.g. confidentiality, integrity, non-repudiation and anonymity of data. The important problem is establishing an appropriate level of information security, represented by security services in a given protocol. Every use of any Internet service is connected with information exchange, which in the case of successful attack causes different threats to the whole process. This problem can be solved by estimation of the security level for each phase of the protocol (Lambrinoudakis et al., 2003). Such an approach is only a partial solution, because during a particular phase of the protocol, one can send information of different level of threats. Traditionally, the aim has been to provide the strongest possible security. However, the use of strong mechanisms may deteriorate the performance of a device with limited resources and pave the way for new threats such as

* Corresponding author. _ E-mail addresses: [email protected] (B. Ksie˛ zopolski), [email protected] (Z. Kotulski). 0167-4048/$ – see front matter ª 2006 Elsevier Ltd. All rights reserved. doi:10.1016/j.cose.2006.11.002


resource exhaustion. Finally, it decreases system efficiency, availability and introduces redundancy. Another effect of overestimation of security mechanisms is increasing the system complexity, which later influences implementation of a given project in practice, imposing restrictions that decrease their functionality. The adequate solution in such a case is the introduction of adaptable (or scalable) security model for the protocols, which can change the security level depending on particular conditions that take place at a certain moment, and in given external conditions. In this paper we present a mechanism, which can modify the level of security of information for each phase of the protocol. The parameters which influence the security level are: the risk of a successful attack, probability of a successful attack and the independence of the security elements. The applied security elements which take care of the protection of information are based mainly on PKI services and additional cryptographic modules.

2.

Security services

In practice, the realization of electronic processes is connected with the fulfilment of a number of legal and technical standards. While designing the systems, we can take care of different security services (Lambrinoudakis et al., 2003; NIST, 2004). Among them we can enumerate: confidentiality of data, integrity of data, anonymity of the parties of protocols, non-repudiation of a sender and/or a receiver, authorization, secure data storage, management of privileges, public trust, and network and protocol/service accountability. Every security service has its own characteristics. A systematic presentation of the security services is given in Table 1.

3.

247

Security elements

The system conditions, described by the security services, can be fulfilled with many different security elements. To achieve this goal, we can use different mechanisms (Patel et al., 1999; Kulesza and Kotulski, 2003; Groves, 2001). In the article, we will focus on two groups of solutions: the services based on PKI (Lambrinoudakis et al., 2003; Patel et al., 1999) and additional cryptographic modules (Kulesza and Kotulski, 2003).

3.1.

Security elements connected with PKI

Registration: in order to be a member of the PKI domain, a user must register and go through a certification procedure in TTP. The main function of this service is to establish the reliable and unique binding between a user and his digital identity (e.g. his public key/secret key). Digital signatures: thanks to digital signature, the message authentication, message integrity, and non-repudiation can be obtained. Encryption: encryption is a basic service providing the cryptographic functions for protection of the confidentiality of messages in open networks. Time-stamping: time-stamping is described as the process of solid attaching dates and times to a document in order to prove that it existed at a particular moment of time. Non-repudiation: this mechanism involves the generation, accumulation, retrieval and interpretation of evidence that a particular party processed a particular information process. Key management: the service deals primarily with handling the cryptographic keys in a proper, efficient, scaleable, and secure way (ISO/IEC 11770-3, 1999).

Table 1 – Characteristics of the security services Group of services Integrity Non-repudiation

Name of a service Integrity of data Non-repudiation of an action Non-repudiation of a sender Non-repudiation of a receiver

Confidentiality Authorization Privileges

Confidentiality of data Authorization of parties of the protocol Management of privileges

Anonymity

Network anonymity

Availability Public trust

Secure storage Accountability

Anonymity of a sender Anonymity of a receiver Availability of services Trust between parties of the protocol TTP trust Secure storage of data Network accountability Protocol/service accountability

Characteristics Prevention against improper information modification Non-repudiation of sending a message (the fact of communication) Non-repudiation of the sender’s identity and the fact of sending a message by the sender Non-repudiation of the receiver’s identity and the fact of receiving a message by the receiver Guarantee of only authorized information access and disclosure Correct authorization of parties of the protocol is required to realize a step of the protocol A specific function of the party in the protocol depends on his certain defined permission level Hiding the fact that there was a data exchange (hiding the information flow, hiding the network traffic) Hiding the identity of a sender of the message (without network anonymity) Hiding the identity of a receiver of the message (without network anonymity) Ensuring timely and reliable access to services and data and use of information Possibility of public verification of an action in the protocol be cooperation of parties of the protocol Possibility of public verification of an action in the protocol by TTP Confidential and permanent storage of information, available only for legal users Events in network are registered to restore past threats Steps of protocols (access to services) are registered to restore past threats

248


Certificate management: a digital certificate is an electronic token ensuring the binding between an entity and its digital identity. Functions supporting this service include generation, distribution, storage, retrieval, and revocation of digital certificates. Information repository: this service maintains the collection of data critical for operation of the TTP system (ETSI TS 102 042, 2002). Directory services: in order to interact, a user of a PKI must have access to information about other PKI users (e.g. the validity of their certificates). Camouflaging communication: camouflaging communication not only provides data confidentiality, but also hides every fact of communication. Authorization: a user of PKI who possesses a resource may grant another user PKI privileges to access this resource. TTPs should ensure granting privileges, including the ability to access specific information or resources. Audit: in order to ensure that certain operational, procedural, legal, qualitative, and technological requirements are complied within the system (as it is assumed), an auditing service is required. TTP to TTP interoperability: interoperability services are concerned with the issues necessary for establishing a network of TTPs, verification of parties of the protocol can be done simultaneously by different TTPs, which ensure the authenticity of TTP usage. Notary: public verification of the party of the protocol or of a certain message can be done by TTP.

3.2.

Additional cryptographic modules

SSS: Secure Secret Sharing Scheme, can be used in the case when an encrypted message (e.g. with a certain public key) can be decrypted only with the cooperation of the assumed number of participants of the protocol (Kulesza and Kotulski, 2003; Saez, 2003). PKG: the module generates strong cryptographic keys, e.g. PKG based on a biometric method (Teoh et al., 2004). This technique generates personalized cryptographic keys from biometric data (data connected with a person), which offers an inextricably link to its owner. Anonymizer: the mechanism which protects anonymity of parties of the protocol. An example of this could be Crowds. This is a scalable system, based on world-wide-web services. This assures anonymity of message sender inside network communication (Reiter and Rubin, 1998). AA: the user identification scheme, that can also simultaneously achieve key exchange requirement while preserving the users anonymity (Tzong-Sun and Chien-Lung, 2004). Individual numbers: individual numbers generated by parties of the protocol can improve of users anonymity _ (Ksie˛ zopolski and Kotulski, 2004).

4.

The concept of adaptable security

The realization of an electronic process strongly depends on a proper level of security. During the design of such a process,

the security mechanisms are established. These are usually overestimated according to real risk. It can be noticed that there are certain differences between various kinds of information, sent in the same electronic process. These concern different threats, which in the case of successful attack, will affect parties of a protocol. In case of a small threat, there is a grave possibility of decreasing redundant tools of information security, which in fact could improve efficiency of the protocol, system availability, and, as a consequence, should increase the global security level.

4.1.

General requirements

Secure electronic processes are based on cryptographic protocols. Applications of properly designed cryptographic protocols introduce many security services which enable reliable realization of the electronic process. The protocols realize security services by means of various security elements, mainly PKI-based services and some additional cryptographic modules. The usage of these security elements is strictly defined in steps of cryptographic protocols. After the protocol is properly designed, any modification of its content is prohibited without detailed security analysis; otherwise changes could ruin the whole concept of the protocol. This, in turn, negates the idea of adaptable security. Creating different protocols which realize the same service, applied on different level of security,1 is a solution to that contradiction. To design a given electronic service, a protocol is constructed according to well-defined security requirements. Some security elements are unchangeable because their modification would affect the given processes. Other can be added in a dynamic process of system tuning.

4.2.

Parameters of the adaptable security concept

The security level of an electronic process, depends on several factors. This level can be modified by the choice of security elements applied in a protection system. In the presented model of the scalable security, we suggest an analytical expression to calculate the security level; its numerical value is a function of three primary parameters: 1. The protection level: Lxij ; 2. The risk of an attack on a given service: ½ð1 uxij Þð1 Pxij Þ; 3. The parameter of a scalability of the security mechanisms: Z. The proposed expression has the following form: FS ¼

cij bi a i 1X 1X 1 X x Z h Lij 1 uxij 1 Pxij ; a i¼1 bi j¼1 cij x¼1

(1)

where: Fs is the security level realized by a given version of cryptographic protocol, Fs e (0, 1); i is the number of subprotocols in a given protocol; j is the number of steps in a given subprotocol; 1 To simplify, when we change the element not important for the protocol’s functionality but important for its security, we call it a new protocol.


x is the number of specific security services; uxij is the weight describing an average cost of loses after a successful attack on a given service, u e (0, 1); Lxij is the value of a protection level for a given service, L e (0, 1); Pxij is the probability of an attack on a given service, P e (0, 1); Z is the scalability parameter for security elements, Z e (1, 10). Each of the above defined primary parameters in Eq. (1) is calculated for all cryptographic protocols, all subprotocols within these protocols, and all steps within these subprotocols. The first parameter defines the protection level for a given cryptographic service in a given step of a subprotocol. It is the sum of the effects of chosen security elements which guarantee security of a given service. The second parameter represents a risk of an attack on a given security service. It is a product of average losses made by a successful attack on the service, and the probability of an attack on the security service. The third parameter offers the additional possibility of scaling the security mechanisms. It could describe, for instance, the independence of security elements used to rich a proper protection level. The security elements are mutually connected. Missing protection of information mechanisms in one subprotocol (e.g. at the beginning of the protocol) strongly influences the security of other subprotocols. A degree of convergence can also be changeable; it depends on, among others, the number of subprotocols and the expected security level.

4.2.1.

The level of protection

The security level of an electronic process depends mainly on specific elements of information protection used as required by the security services. In this paper, the security elements are based on PKI services and cryptographic modules. In Table 2 main security services and possible security mechanisms that realize them are presented. Every security service can be realized by different security mechanisms. The security level of a given protocol depends amongst other things on an appropriate selection of the elements. For every security element, its level of protection is defined as Lxij . The contribution of the protection of a particular service to the global protection level is defined in percents. Dependencies of the security elements presented in Table 2 are only an example. They can be created in an arbitrary way by using different security mechanisms. The value of the parameter L is a constant value for particular security requirements. While creating the cryptographic protocol on a different level of protection, this parameter should not be modified.

4.2.2.

249

For each service an individual graph is created. In Fig. 1 an example of such a graph with the security elements required to protect the security service ‘‘integrity of data’’ is depicted. The choice of a particular graph node corresponds to a choice of a specific security element. By choosing rigid security elements, a number of graph nodes is connected by edges and the path is build. That path corresponds to the complete security service. Below the description of the graph for the service ‘‘integrity of data’’ is defined (Fig. 1), along with the values of parameters describing security services (they are to be defined later). To simplify, only main security elements are taken into consideration. The whole graph should be based on the security mechanisms which are described in international security standards (e.g. ISO, IEC, IEEE, ETSI). 1 Integrity of data 1.1 Digital signature (LZ, LK, LP ¼ heritage) 1.1.1 Cryptographic key management Cryptographic modules (min. level 2) (ISO/IEC 19790) (LZ ¼ 80%, LK ¼ 70%, LP ¼ 80%, C ¼ 0.05, M ¼ 0.01) 1.1.1.1 Generating keys by using biometric method, PKG (Teoh et al., 2004) (LZ ¼ 80%, LK ¼ 100%, LP ¼ 100%, M ¼ 1.02) (LK þ 5%, LP ¼ þ5%) 1.1.1.2 Audit (LZ ¼ 10%, LK ¼ 60%, LP ¼ 40%) (LK ¼ þ5%, LP ¼ þ5%, C ¼ 0.01, M ¼ 0.03) 1.1.1.3 Ports and interfaces of cryptographic module (LZ, LK, LP ¼ heritage) 1.1.1.3.1 Cryptographic modules (min. level 2) (ISO/IEC 19790) (LZ ¼ 70%, LK ¼ 50%, LP ¼ 80%) 1.1.1.3.2 Cryptographic modules (min. level 3) (ISO/IEC 19790) (LZ ¼ 70%, LK ¼ 70%, LP ¼ 80%) 1.1.2 Cryptographic key management Cryptographic modules (min. level 3) (ISO/IEC 19790) (LZ ¼ 80%, LK ¼ 80%, LP ¼ 90%, C ¼ 0.05, M ¼ 0.02) 1.1.2.1 Generating keys by using biometric method, PKG (ISO/IEC 15408) (LZ ¼ 80%, LK ¼ 100%, LP ¼ 100%, M ¼ 0.02) (LK þ 5%, LP ¼ þ5%) 1.1.2.2 Audit (LZ ¼ 10%, LK ¼ 60%, LP ¼ 40%) (LK ¼ þ5%, LP þ 5%, C ¼ 0.01, M ¼ 0.03) 1.1.2.3 Ports and interfaces of cryptographic module (LZ, LK, LP ¼ heritage) 1.1.2.3.1 Cryptographic modules (min. level 2) (ISO/IEC 19790) (LZ ¼ 70%, LK ¼ 50%, LP ¼ 80%) 1.1.2.3.2 Cryptographic modules (min. level 3) (ISO/IEC 19790) (LZ ¼ 70%, LK ¼ 70%, LP ¼ 80%)

Probability of an incident occurrence

One of the parameters in the Eq. (1) for scalable security, is the risk of an attack on a given service. This parameter involves two factors: the probability of incident occurrence ðPxij Þ and the impact of a successful attack ðuxij Þ. In this section we suggest a method to calculate the first parameter from this pair. At the beginning, the combination of possible and accessible security elements is created, and present by means of a graph. In graphs detailed security parameters are defined, the choice of which affects the level of information security.

1.2 Key management (LZ, LK, LP ¼ heritage) 1.2.1 Key generation (LZ, LK, LP ¼ heritage) 1.2.1.1 Cryptographic modules (min. level 2) (FIBS PUB 140-2), Security techniques (min. EAL 3) (ISO/ IEC 15408) (LZ ¼ 80%, LK ¼ 70%, LP ¼ 80%) 1.2.1.2 Cryptographic modules (min. level 3) (FIBS PUB 140-2), Security techniques (min. EAL 4) (ISO/ IEC 15408) (LZ ¼ 80%, LK ¼ 80%, LP ¼ 90%, M ¼ 0.01)

250

Table 2 – Security services and security elements that realize them 1 Integrity of data (I) Non-repudiation of action (NRM) Non-repudiation of sender (NRS)

Confidentiality of data (C) Authorization of parties of protocol (Au) Management of privileges (MP)

Registration, L_Au1 ¼ 20%

Network anonymity (AN) Anonymity of sender (AM)

Crowds, L_AA1 ¼ 100% Individual numbers, L_AM1 ¼ 100% Broadcasting, L_AR1 ¼ 100% Time-stamping, L_PTA1 ¼ 30%

Anonymity of receiver (AR) Trust between parties of protocol (PTA) TTP trust (PTT)

Registration, L_MP1 ¼ 50%

3

4

5

Key management, L_I2 ¼ 10% Time-stamping, L_NRM2 ¼ 15%

Certificate management, L_I3 ¼ 10% Key management, L_NRM3 ¼ 10% Key management, L_NRS3 ¼ 10% Key management, L_NRR3 ¼ 10% Certificate management, L_C3 ¼ 10% Key management, L_Au3 ¼ 10% –

Directory services, L_I4 ¼ 5% Certificate management, L_NRM4 ¼ 10% Certificate management, L_NRS4 ¼ 10% Certificate management, L_NRR4 ¼ 10% SSS, L_C4 ¼ 15%

TTP to TTP interoperability, L_I5 ¼ 15% Audit, L_NRM5 ¼ 5%

Certificate management, L_Au4 ¼ 10% –

Directory services, L_C5 ¼ 5% TTP to TTP interoperability, L_Au5 ¼ 10% –

–

–

–

–

–

Time-stamping, L_NRS2 ¼ 15% Time-stamping, L_NRR2 ¼ 15% Key management, L_C2 ¼ 10% Digital signatures, L_Au2 ¼ 20% Authorization PKI, L_MP2 ¼ 50% –

7

8

9

PKG, L_I6 ¼ 10%

–

–

–

Non-repudiation PKI, L_NRM6 ¼ 10% Non-repudiation PKI, L_NRS6 ¼ 10% Non-repudiation PKI, L_NRR6 ¼ 10% PKG, L_C6 ¼ 10%

Directory services, L_NRM7 ¼ 5% Directory services, L_NRS7 ¼ 5% Directory services, L_NRR7 ¼ 5% –

Information repository, L_NRM8 ¼ 5% Information repository, L_NRS8 ¼ 5% Information repository, L_NRR8 ¼ 5% –

PKG, L_NRM9 ¼ 10%

Directory services, L_Au6 ¼ 5% –

Authorization PKI, L_Au7 ¼ 10% –

AA, L_Au8 ¼ 10%

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

–

Audit, L_PTA3 ¼ 20%

TTP to TTP interoperability, L_PTA4 ¼ 20% TTP to TTP interoperability, L_PTT4 ¼ 10% Certificate management, L_SS4 ¼ 10% Digital signatures, L_NA4 ¼ 10% Digital signatures, L_PA4 ¼ 50%

–

–

–

–

–

Notary, L_PTT5 ¼ 30%

–

–

–

–

Non-repudiation PKI, L_SS5 ¼ 10% Information repository, L_NA5 ¼ 10% Information repository, L_PA5 ¼ 10%

Information repository, L_SS6 ¼ 15% –

Directory services, L_SS7 ¼ 5% –

Audit, L_SS8 ¼ 5%

PKG, L_SS9 ¼ 5%

–

–

–

–

–

–

Secure storage of data (SS)

Encryption, L_SS1 ¼ 30%

Information repository, L_PTA2 ¼ 30% Information repository, L_PTT2 ¼ 20% Time-stamping, L_SS2 ¼ 10%

Network accountability (NA) Protocol/service accountability (PA)

Logging, L_NA1 ¼ 50%

Audit, L_NA2 ¼ 20%

Key management, L_SS3 ¼ 10% Encryption, L_NA3 ¼ 10%

Logging, L_PA1 ¼ 50%

Audit, L_PA2 ¼ 20%

Encryption, L_PA3 ¼ 10%

Time-stamping, L_PTT1 ¼ 30%

6

Audit, L_PTT3 ¼ 10%

Audit, L_NRS5 ¼ 5% Audit, L_NRR5 ¼ 5%

PKG, L_NRS9 ¼ 10% PKG, L_NRR9 ¼ 10% –


Non-repudiation of receiver (NRR)

Digital signatures, L_I1 ¼ 50% Digital signatures, L_NRM1 ¼ 30% Digital signatures, L_NRS1 ¼ 30% Digital signatures, L_NRR1 ¼ 30% Encryption, L_C1 ¼ 50%

2


251

Fig. 1 – The graph for security service: data integrity.

1.2.2

Key distribution (LZ ¼ 80%, LK ¼ 50%, LP ¼ 80%, C ¼ 0.02) 1.2.3 Key usage (LZ ¼ 80%, LK ¼ 80%, LP ¼ 50%) 1.2.4 The end of key life cycle (LZ ¼ 30%, LK ¼ 80%, LP ¼ 50%, C ¼ 0.01) 1.3 Certificate management (LZ, LK, LP ¼ heritage) 1.3.1 Subject registration (LZ, LK, LP ¼ heritage) 1.3.1.1 Detailed verification of subject (LZ ¼ 70%, LK ¼ 30%, LP ¼ 90%, C ¼ 0.02) 1.3.1.2 Standard verification of subject (LZ ¼ 70%, LK ¼ 20%, LP ¼ 70%, C ¼ 0.02, M ¼ 0.01) 1.3.2 Certification renewal (LZ ¼ 70%, LK ¼ 50%, LP ¼ 30%, C ¼ 0.02) 1.3.3 Certificate generation (LZ ¼ 70%, LK ¼ 80%, LP ¼ 80%, M ¼ 0.01) 1.3.4 Certificate dissemination (LZ, LK, LP ¼ heritage) 1.3.4.1 The certificate verification is available as specified in the CA Certification Practice Statement (LZ ¼ 30%, LK ¼ 60%, LP ¼ 30%, C ¼ 0.03, M ¼ 0.01) 1.3.4.2 The certificate verification is available 24 h per day, 7 days per week (LZ ¼ 30%, LK ¼ 80%, LP ¼ 30%, C ¼ 0.03, M ¼ 0.02) 1.3.4.3 The certificate verification is additionally checked by another TTP (LZ ¼ 30%, LK ¼ 80%, LP ¼ 70%, C ¼ 0.02, M ¼ 0.01) (LK þ 5%, LP þ 5%) 1.3.4.4 The certificate information is available depending on the permission level (LZ ¼ 15%, LK ¼ 50%, LP ¼ 30%) (LK þ 5%, LP þ 5%) 1.3.5 Certificate revocation and suspension (LZ, LK, LP ¼ heritage) 1.3.5.1 The maximum 72 h delay between receipt of a revocation request or report and the change to revocation status information being available to all relying parties (LZ ¼ 30%, LK ¼ 60%, LP ¼ 40%, C ¼ 0.01) 1.3.5.2 The maximum 24 h delay between receipt of a revocation request or report and the change to revocation status information being available to all relying parties (LZ ¼ 30%, LK ¼ 80%, LP ¼ 40%, C ¼ 0.01, M ¼ 0.01)

To verify, if the applied combination of security mechanisms is complete, we assign adequate Boolean operations to pairs of the graph edges. In this way, we obtain the Boolean function for the complete graph, with the arguments being services at the nodes leaves of the tree. The condition of proper choice of the security mechanisms is connected with the value of the obtained function. That value must be equal to 1. Introducing additional security elements to the system might cause extra threats for the system’s assets. Therefore, any change of a mechanism of the system protection influences the calculated probability. Some security elements might modify parameters of the higher edges (e.g. 1.1.2.2 – LK ¼ þ5%, LP ¼ þ5%, C ¼ 0.01, M ¼ 0.03). All steps of the protocol which realize a given security service are demonstrated in a graph.

4.2.2.1. Parameters characterizing threat. As mentioned above, any threat for a given process is characterized by means of a combination of two parameters: the probability of threat occurrence and its level. The particular security elements presented in the graph description are defined by means of these parameters. The parameters presented in the graph belong to the main group, which is the basic part of the model. There is also an extra group of parameters which introduce corrections to the model but choosing of parameters from this group is not obligatory. These parameters are treated as a checklist. Below the complete list of parameters that could be used in this mode is presented. The main probability parameters (considered in the graph) are: LZ – assets gained during successful attack on a given security element (100% ¼ compromising the whole protocol); LK – the knowledge needed for an attack (100% ¼ expert); LP – costs needed for an attack (100% ¼ the highest cost); C – communication steps as an additional possibility of attack, C e [0/0.1] (0.1 ¼ the highest threat);

252


M – a practical implementation. The difficulty in implementing increases the probability of incorrect configuration. Error reports are an additional source of information, etc. M e [0/ 0.1] (0.1 ¼ the highest threat). Additional security parameters (checklist): PP – global assets possible to gain in a given process PP e [0/ 0.1] (0.1 ¼ the highest threat); I – a kind of institution realizing the information process. Some of the institutions are of high threat. I e [0/0.1] (0.1 ¼ the highest threat); H – potential risk for an attacker in case of an identification. The legal system and punishment of countries where the process is realized. H e [0/0.1] (0.1 ¼ a country with the lowest legal restrictions). An additional mark used in the description of a graph is ‘‘heritage’’. The nodes with parameters marked in that way take the values of parameters of lower graph edges.

4.2.2.2. Mechanisms. The mathematical tool used to calculate the probability of partial threats and, later, the probability of an incident, is a certain function of parameters defined above. The indicators which measure a chance that some assets are successful are: LK, as a required level of knowledge; and LP, as required costs. To estimate the values of these parameters in the model, a detailed analysis of all vulnerabilities of the information system should be performed. The two parameters are modified by appropriately assumed weights uPLK and uPLP ðuPLK þ uPLP ¼ 1Þ, which define potential lack of attacker’s preparation in the domains of both knowledge and costs. Apart from requirements needed for a successful attack, potential attackers’ profits should be established. These are defined by means of the parameter LZ describing the influence of a potential harm which compromises the whole process. An additional parameter which increases vulnerabilities of a given threat and, at the same time the whole process, is the parameter C as an extra communication step used in a given element. The next suggested parameter is M, describing the practical implementation of the security mechanisms. Adding complex security elements increases the possibility of making mistakes in the implementation. That fact usually influences the results in error reports which provide attacker with additional information. If the additional parameters C and M are not checked on a given graph edge, their values are standard and the parameters do not influence the resultant probability. In the process of setting up the probability of an attack, additional parameters can be used which, in a more detailed way, characterize the considered information process. In further considerations we denote these parameters by d. Combining all the above mentioned parameters, the expression of the probability of a particular threat occurrence is established: LZKijz þ 1 LZKijz CKijz þ MKijz ; PKijz ¼ 1 LKKijz uPLK þ LPKijz uPLP d K Pijz

i h ¼ PKijz þ d 1 PKijz ;

d ¼ PPP þ IP þ HP ; where the symbols denote: i, the number of the security service; j, the number of the security elements; z, the number of parts of the security element; K, the number of steps of the protocol; d, the index of additional security parameters; P, the index of concrete processes; PKijz , the probability of a threat occurrence without considering additional d parameters. This is the value of part ‘‘z’’ in the element ‘‘j’’ for the service ‘‘i’’ in step ‘‘K’’ for a given protocol; d K Pijz , the probability after taking into account additional parameters ‘‘d’’; uPLK , the weight defining potential attackers’ lack of preparation in the domain of knowledge; uPLK , the weight defining potential attackers’ lack of preparation in the domain of costs; uPLK þ uPLK ¼ 1: Every partial probability for each chosen graph edge is calculated. The next step in the model is calculating the probability of an incident occurrence in a given step. Firstly, we find the highest probability among the calculated partial probabilities in a given step. This value is the main factor of the probability of incident occurrence in this step. It is caused by the fact that the security of information system is like a chain; the weakest link affects its strength. K K M Pi ¼ max Pijz : The probability of an incident occurrence in a given step depends not only on the highest threat but also on all other threats possible in it. Therefore, a correction to the total probability as a contribution of all partial probabilities is calculated. The number of partial probabilities is defined by the parameter ‘‘n’’. Thus, a series of partial probabilities is created. We define: aB0 ¼ M PKi , the base element of the series; a0 ¼ ð1 aB0 Þ, zero element of the series; a1 ¼ a0 x1 , the first element of the series; an, nth element of the series; " # k¼n1 X ak xn where n 2; an ¼ a0 k¼1

x, the partial probability of all security elements ðPKijz Þ. The total correction to the probability of an incident occurrence is: K P Pin

¼

k¼n X

ak ;

k¼1

n, the number of elements in the series. Calculating the above mentioned parameters, a total probability of incident occurrence for a given service in a given step is obtained: PALL ¼ M PKi þ P PKi :

253


The direct parameters: LZxij , assets gained during a successful attack on given security elements (100% is the compromise of the whole protocol); Fxij , financial losses during a successful attack on given security elements (100% is the total financial loss). The indirect parameters: axij , necessary financial costs for repairing the damages gained during a successful attack (100% is the maximal cost); bxij , losses of the value of the company shares or the company reputation (100% is the maximal market loss). To calculate the impact of a successful attack ðuxij Þ a combination of the parameters described above is used. Thus, the parameter LZxij describes the influence of a potential harm of a given threat to compromise the whole process. The parameter Fxij describes direct financial losses during an attack on the particular step of the protocol. The next parameters are connected to an indirect impact of the successful attack. The first group of parameters ðaxij Þ is connected to the indirect financial losses which must be accounted for after a successful attack on the system. Those financial losses are caused by damage and repairs to the information systems. The second group of parameters ðbxij Þ describes the loss of the value of the company security or the company reputation. Combining the above mentioned parameters brings about the impact of an attack in a particular process: uxij ¼

1

Impact of a successful attack

The parameters which are set up during the risk calculation are the weights for particular services, uxij . These weights indicate the average loses caused by a successful attack. In the risk modelling, the impact is the result of an information security incident caused by a threat affecting assets. In the presented model of scalable security the resultant impact is obtained by the combination of two kinds of impact caused by direct and indirect reasons. Below the parameters used during the impact calculation are depicted.

LZxij x Fij þ bxij þ axij : 3

The impact parameter is a changeable part of Eq. (1) for a particular process, because losses connected with a successful attack can differ for concrete information processes.

Z =3 Z=10

0,8

protection level with correction of security mechanisms scalability (LZ)

4.2.3.

Z=1

0,6 0,4 0,2 0

0

0,5

1

-0,2

protection level (L) Fig. 2 – The characteristics of a scalability parameter of security mechanisms.

depends on the potential risk of a given process (ISO/IEC 13335-2, 2003). Among these are: the assets involved in the process, the threats of assets, the vulnerabilities of assets, the impact of a successful attack, safeguards and, what is suggested in this paper, the adaptable security item. The cycle of risk management process with adaptable (or scalable) security is shown in Fig. 3.

5.1.

Assets

The basic step in setting up the security process is analyzing the organization assets. The level of vulnerabilities of assets and, on the basis of this, proper security elements are to be established.

5.2.

Threats

Potential threats can cause harm to gathered assets by a given organization. These harms can be caused by an attack on information involved in the process or on the whole system. The threats make use of vulnerabilities in assets and then cause harm. The threats can be classified as human and environmental, and also as deliberate and accidental. For setting up the threats, their level should be defined and the probability of occurrence of an incident of this kind calculated.

4.2.4. The parameter of scalability of the security mechanisms

5.3.

The scalability parameter Z gives an additional possibility to scale the used security mechanisms. Its characteristics are shown in Fig. 2.

A weakness of an asset that can be exploited by one or more threats is called a vulnerability. Vulnerabilities associated with assets include weaknesses in the physical layout, organization, procedures, management, hardware, software, information, etc. A vulnerability itself does not cause harm; it causes harm only in case of an attack.

5.

Adaptable security and risk management

As mentioned above, the first step in the process of creating a security system is establishing a security requirement, which guarantees the individual service. Next, security elements, i.e. mechanisms that ensure defined security requirements, are set up. The choice of security mechanisms

5.4.

Vulnerabilities

Impact

The impact is the result of an information security incident caused by a threat affecting assets. The impact could be a destruction of certain assets, damage to the security system and

254


Fig. 3 – The cycle and relationship between security elements for the risk management.

a compromise of confidentiality, integrity, availability, nonrepudiation, authenticity, reliability, etc. The possible indirect impact includes financial losses, losses to company image, etc.

5.5.

Safeguards

Safeguards are practices, procedures or mechanisms that protect against a threat, reduce vulnerability, and reduce the impact of an information security incident.

5.6.

Risk

The risk is characterized by a combination of two factors: the probability of an incident occurrence and the impact of an incident on the system. Any change to assets, threats, vulnerabilities, and safeguards may have significant effects on the risk itself.

5.7.

Adaptable (scalable) security

The additional item in the risk management process is the scalable security block which makes it possible to adapt the protection level to an actual level of threats. Almost every detailed security analysis of the protection system shows new vulnerable structures in the system which involves additional security elements. On the other hand, the applied protections are often overestimated, generally decreasing efficiency, availability of the system, and excess redundancy. Due to adaptation mechanisms of the scalable security its level can be altered depending on the actual security requirements of the electronic process.

6.

Conclusions

Adaptable security helps to choose the optimal security level for an information system with respect to costs, applied tools, functional redundancy, integration to many security services and obvious gaps at the interfaces. The usage of the presented model is especially important in the dynamic environment

where its efficiency is crucial for the secure functioning of the system. The example of such a system could be a distributed database where the secure and timely access to the data is its most important task. The sensor network (Hu and Sharma, 2005) is another information system where the scalable security systems are of utmost importance. Due to them, it is possible to obtain the reasonable compromise between an adequate level of security of the sensor network and the efficiency and total lifetime (due to energy costs) of the net. Electronic services in which the security is a crucial element are based on cryptographic protocols. Setting up different security levels for all subprotocols in a certain cryptographic protocol enables changing particular versions of subprotocol, creating freely scalable system with respect to the security level. Such a possibility can prove useful in case of modifying the security levels in the particular phases of the subprotocol (Moitr and Konda, 2004) which increases system performance and, as a result, its global security.

references

Barlow L. A discussion of cryptographic protocols for electronic voting; 2003. ETSI TS 102 042. Policy requirements for certification authorities issuing public key certificates; 2002. FIBS PUB 140-2. Security requirements for cryptographic modules. Groves J. Security for application service providers. Network Security January 1, 2001a;2001(1):6–9 [Elsevier]. Hu F, Sharma KN. Security considerations in ad hoc sensor networks. Ad Hoc Networks 2005;3:69–89 [Elsevier]. ISO/IEC 11770-3. Key management – Part 3: mechanisms using asymmetric techniques 1999-11-01. ISO/IEC 13335-2. Information technology – security techniques – management of information and communications technology (ICT) security – Part 2: Techniques for information and communications technology security risk management; 2003. ISO/IEC 15408. Information technology – security techniques – evaluation criteria for IT security. ISO/IEC 19790. Security techniques – security requirements for cryptographic modules.


_ Ksie˛ zopolski B, Kotulski Z. Cryptographic protocol for electronic auctions with extended requirements. Annales UMCS Informatica 2004;2:391–400. Kulesza K, Kotulski Z. On automatic secret generation and sharing for Karin–Greene–Hellman scheme. In: So1dek J, Drobiazgiewicz L, editors. Artificial intelligence and security in computing systems. Kluwer; 2003. p. 281–92. Lambrinoudakis C, Gritzalis S, Dridi F, Pernul G. Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy. Computer Communication 2003;26:1873–83 [Elsevier]. Merabti M, Shi Q, Oppliger R. Advanced security techniques for network protection. Computer Communications 2000;23:1581– 3 [Elsevier]. Moitr S, Konda S. An empirical investigation of network attacks on computer system. Computer and Security 2004;23:43–51 [Elsevier]. NIST. Volume I: guide for mapping types of information and information systems to security categories; March 2004. Patel A, Gladychev P, Katsikas S, Gritzalis S, Lekkas D. KEYSTONE project, Support for legal framework and anonymity in the KEYSTONE public key infrastructure architecture. In: Proceedings of UIPP’99 IFIP international joint working conference on user identification and privacy protection. Stockholm, Sweden: Kluwer Academic Publisher; June 1999. p. 243–54. Patton MA, Josang A. Technologies for trust in electronic commerce. Electronic Commerce Research 2004;4:9–21 [Kluwer Academic Publishers]. Reiter M, Rubin A. Crowds: anonymity for web transaction. ACM Transaction on Information and System Security November 1998;1(1):66–92. Saez G. Generation of key pre-distribution schemes using secret sharing schemes. Discrete Applied Mathematics 2003;128:239– 49 [Elsevier].

255

Teoh A, Ngo D, Goh A. Personalised cryptographic key generation based on Face Hashing. Computer and Security 2004;23:606–14 [Elsevier]. Tzong-Sun W, Chien-Lung H. Efficient user identification scheme with key distribution preserving anonymity for distributed computer networks. Computer and Security 2004;23:120–5 [Elsevier].

_ Bogdan Ksie˛ zopolski received his M.Sc. in Computer Physics from Maria CurieSklodowska University in Lublin, Poland. He is currently a research assistant in Institute of Computer Science at Maria CurieSklodowska University in Lublin, Poland. He is the author or co-author of 12 articles.

Zbigniew Kotulski received his M.Sc. in applied mathematics from Warsaw University of Technology and Ph.D. and D.Sc. Degrees from Institute of Fundamental Technological Research of the Polish Academy of Sciences. He is currently a professor at IFTR PAS and professor and head of Security Research Group at Department of Electronics and Information Technology of Warsaw University of Technology, Poland. He is the author or co-author of three books and more than 100 research papers.