There are four basic principles that apply for most security systems: authentication, authorization, confidentiality, and integrity.
Authentication (proving identity with credentials) –
Authentication is the process of proving the identity of a user of a system by means of a set of credentials. Credentials are the required proof needed by the system to validate the identity of the user. The user can be the actual customer, a process, or even another system. A person is validated through a credential. The identity is who the person is. If a person has been validated through a credential, such as attaching a name to a face, the name becomes a principal.
In this case the principal is associated with the username. The principal represents the identity of the user for a given service. Since a user may access many different services that have different usernames, we need to introduce the concept of a subject. A subject represents a collection of principals.
The credential set is highly dependent on the requirements of the organization's system for proving the identity, but is most likely a set of user attributes such as passwords, certificates, or smart cards. People in everyday life apply authentication at different levels. One level could be locking the front door to the house. Another could be verbally asking an employer to verify information that is circulating as a rumor.
Every day we meet people and introduce ourselves. This is a form of authentication. The person we meet may give a form of credential by describing his role or his work. Other forms of credentials are required when writing checks or using credit cards. If a cashier requires further validation from a person, he or she may ask for a driver's license. The driver's license also represents a form of credential to the cashier. The cashier is authenticating the person to allow a transaction, the purchase of an item, to take place in a store. E-commerce systems require a similar, digital form of authentication and credentials to access an online store.
Credentials allow one party to recognize another. Recognition can occur through various means. For example, people might use physical appearance or some other characteristic in order to identify someone. Using physical characteristics for authentication is known as biometrics. Biometric controls use the following characteristics to identify individuals:
• Fingerprints
• Voice
• Handwritten signature dynamics
• Retina and iris scans
• Palm scans and hand geometry
Biometric access control devices are considered physical access security control devices. In this article, I do not address physical security specifically. There are many ways you can physically secure your systems, such as using employee badges, multiple doors, and video surveillance.
Authorization (providing access to system resources) –
Once a user's identity has been validated, the user can be checked for access to a system resource. The process by which a user is given access to a system resource is known as authorization. For example, after a user logs in to a commerce system, which validates his or her identity, the user needs access to his or her account history; that is, the user needs authorization to retrieve the user's records. The user's records are the system resources needed by the user. The authorization process is the check by the organization's system to see whether the user should be granted access to the user's record. The user has logged in to the system, but he still may not have the permission necessary from the system to access the records.
You probably practice authorization every day by giving others access to your resources. Examples of authorization include inviting someone into your home, giving an administrator access to your computer, storing your money in a bank, or giving someone your credit card number so that the person can access your funds. In all these cases, it is important to be aware of the person's identity (by applying authentication) to make sure the person can be trusted with your resources.
When you give out your credit card number, you are authorizing the charge to your account, and your funds are the resource you are authorizing access to. Cognitively speaking, people may apply more authentication rules when giving a credit card number than a system can apply when giving access to a resource such as a database. An organization giving access to a system resource usually does a lookup, and based on the proven identity of a user match to the permission of the resource, it gives the user access to the resource. The authorization checks the permission and simply allows or denies access to the resource.
When deploying a system, access to system resources should also be mapped out. Security documents that detail the rights of individuals to specific resources must be developed. These documents must distinguish between the owners and the users of resources as well as read, write, delete, and execute privileges.
There might be property files that are used to configure servers. Sometimes these property files contain usernames and passwords so anyone who has read access to these files can potentially break into the server. Files such as these should be given a high level of security.
A common approach when deploying a system is giving a level of 1 to 5 to each file, 5 being the highest, and mapping out the permissions allowed to access the files based on the level of security. Allow only system administrative people to access level 5 files. This notion of categorizing files is a first step toward implementing an access control model. An access control model allows the operating system and other applications (such as SiteMinder) to enforce a company's security policy.
For example, the military uses a classification scheme that has unclassified, confidential, secret, and top secret. Mapping the level of security allowed for each file in a deployment of the system is an example of establishing an authorization rules set. An organization needs to have a plan for the rules for authorization. Who is allowed to access what? When developing such a plan, a question set is important. The question set addresses issues such as how important the file is, whether it contains sensitive material, and how this resource should be accessed and by whom. Examples of sensitive material include passwords and files that have settings that change the system, such as configuration files.
Confidentiality (protecting information from unauthorized readers) -
To protect data from being accessed by unauthorized readers, the data is changed to keep it confidential. This process is known as obfuscation (which literally means to "darken" - that is, to make obscure or to confuse). Confidentiality is the means of keeping information secret, not by blocking the access, but by making the information unreadable by the public. Only people allowed to read the information can unlock the secret file for the original message (usually with a key). Such techniques have been dated to 1900 B.C. in Egypt. Throughout history, there has always been a process, or an organization, that is responsible for encrypting and decrypting messages. Before keys were used, anyone who understood the algorithm could decrypt the message. So the knowledge of how the algorithms worked was kept secret, and there was a person educated in the algorithm who needed to understand both the encryption and how to reverse the process (for decryption).
Today, besides having the technique done in a digital form, the algorithms have also been modified to protect the algorithm itself by providing an extra variable called a key.
An organization should be concerned about confidentiality techniques whenever it wants to protect information that is being transmitted to another system. When the information is in its original form, it is called plaintext. When the information is in a protected form, it is called ciphertext. Ciphertext uses a cipher, which changes the plaintext into ciphertext. The cipher requires keys to change the information from one form to the other.
Two types of cryptographic systems are in use today for commercial applications. They are either symmetric or asymmetric systems. The symmetric systems use a shared secret key, whereas asymmetric systems use a key pair.
Many techniques for security have evolved over time, but are based on algorithms that are decades old. A modern variation of passing a public key and checking the key's integrity is the X.509 certificate. The X.509 is a called a public certificate. The X.509 is guaranteed to be unforgeable by having an issuing authority encrypt a digital signature and using a public key for validating the digital signature. The X.509 comprises several older algorithms that make up the X.509 certificate. The RSA algorithm created decades ago makes up the cipher algorithm for using the key pair. The X.509 uses a private key from an issuing authority (those agencies that create the certificate) and a public key accessed by the user to verify that public certificate has not been modified. X.509 is a more recent technique, but makes use of signatures in a digital form that has been around for a long time.
Integrity (validating your data) –
During the transmission or storage of data, information can be corrupted or changed, maliciously or otherwise, by a user. Validation is the process of ensuring data integrity. When data has integrity, it means that the data has not been modified or corrupted. One technique for ensuring data integrity is called data hashing. Under this process, the computer system hashes information and stores the hash result at a later time. A hash is an algorithm that is applied to information and produces a unique result. If the hash is applied to different information, changed by even one character, it produces a different result.
When the integrity of the information needs to be checked, the process will hash the information to be checked and compare it with the stored hash. If both hash results match, the data hasn't changed. The integrity process may also be used during the transmission of data to ensure that the data did not get corrupted from one system to the next, and that the original information is still valid.
As with other basic security principles, it is easy to find processes for ensuring data in the non-digital world. For example, when you balance your checkbook, you are checking data integrity. If the balance is incorrect, especially in favor of the bank, you may call the bank to correct the error. By calling the bank, you are correcting the data that failed the bank's validation process.