How to set up smartphones and PCs. Informational portal
  • home
  • Iron
  • Protection of information from access. Protection of information from unauthorized access

Protection of information from access. Protection of information from unauthorized access

16.05.2019 Iron

Unauthorized access to information is an unplanned familiarization, processing, copying, use of various viruses, including those destroying software products, as well as modification or destruction of information in violation of the established rules of access control.

Therefore, in turn, the protection of information from unauthorized access is designed to prevent an attacker from accessing the information carrier. There are three main directions in the protection of information of computers and networks from NSD:

- focuses on preventing an intruder from accessing the computing environment and is based on special technical means ah user authentication;

- is related to the protection of the computing environment and is based on the creation of a special software;

- associated with the use special means protection of computer information from unauthorized access.

It should be borne in mind that both different technologies and different means are used to solve each of the problems. Requirements for protective equipment, their characteristics, functions performed by them and their classification, as well as terms and definitions for protection against unauthorized access are given in the guidance documents of the State Technical Commission:

- “Automated systems. Protection against unauthorized access to information. Classification of the AU and requirements for information protection ";

- "Facilities computing technology... Protection against unauthorized access to information. Indicators of security against unauthorized access to information ";

- "Protection against unauthorized access to information. Terms and Definitions". Technical means implementing protection functions can be divided into:

o built-in;

o external.

The built-in means of protecting a personal computer and software (Fig. 3.12) include password protection means for BIOS, operating system, and DBMS. These tools can be frankly weak - BIOS with supervisor password, Win95 / 98 password protection, but they can be much more strong - BIOS without supervisor passwords, Windows NT password protection, ORACLE DBMS. Usage strengths These tools can significantly strengthen the system for protecting information from unauthorized access.

External tools are designed to replace the built-in tools in order to strengthen protection, or to supplement them with missing functions.

These include:

- trusted boot hardware;

- hardware and software systems for the separation of user access rights;

- means of strong authentication of network connections.

Trusted boot hardware is a product, sometimes referred to as an "electronic lock," whose function is to securely identify the user and also to verify the integrity of the computer's software. Usually this is a PC expansion card with the necessary software written either to the flash memory of the card or to the hard disk of the computer.

Their principle of operation is simple. During the boot process, the BIOS and anti-tamper protection boards start. It asks for a user ID and compares it to the one stored in the flash memory of the card. The identifier can be additionally protected with a password. Then the embedded operating system of the board or computer starts (most often it is a variant of MS-DOS), after which the program for checking the integrity of the software starts. As a rule, the system areas of the boot disk, boot files and files set by the user for verification are checked. The check is carried out either on the basis of imitating the GOST 28147-89 algorithm, or on the basis of the hashing function of the GOST R 34.11-34 algorithm or another algorithm. The test result is compared with the one stored in the flash memory of the card. If, as a result of comparison, when checking the identifier or the integrity of the system, a difference with the standard is revealed, then the board will block further work, and will display a corresponding message on the screen. If the checks are positive, the board transfers control to the personal computer for further loading of the operating system.

All identification and integrity checks are logged. Advantages of devices of this class- their high reliability, simplicity and low price. In the absence of multi-user work on the computer, the protection functions of this tool are usually sufficient.

Hardware and software systems for the separation of access rights are used in the case of several users working on one computer, if the task is to separate their powers to access each other's data. The solution to this problem is based on: 01 prohibiting users from launching certain applications and processes; Q Allowing users and the applications they run to only a certain type of action with data.

Implementation of prohibitions and permissions is achieved different ways... As a rule, during the start of the operating system, the anti-unauthorized access program is also launched. It is present in the computer's memory as a resident module and controls the actions of users to launch applications and access data. All user actions are recorded in the log, which is accessible only to the security administrator. The means of this class are usually understood as means of protection against unauthorized access. They are hardware and software complexes consisting of hardware - a trusted computer boot board, which now additionally checks the integrity of the software of the anti-tamper protection system itself on the hard disk, and the software part - the administrator's program, the resident module. These programs are located in a special directory and are available only to the administrator. These systems can be used in a single-user system to restrict the user to install and run programs that he does not need in his work.

Means of enhanced authentication of network connections are used when the operation of workstations as part of a network imposes requirements for protecting the resources of a workstation from the threat of unauthorized entry into a workstation from the network side and changing either information or software, as well as starting an unauthorized process. Protection against tampering from the network is achieved by means of enhanced authentication network connections... This technology is called virtual private network technology.

One of the main tasks of protection against unauthorized access is to ensure reliable user identification (Fig. 3.13) and the ability to authenticate any network user who can be uniquely identified by the fact that he:

- represents itself.

What does the user know? Your name and password. Password identification schemes are based on this knowledge. The disadvantage of these schemes is that he needs to remember complex passwords, which very often does not happen: either the password is chosen weak, or it is simply written in a notebook, on a piece of paper, etc. In the case of using only password protection, appropriate measures are taken to ensure control of creation passwords, their storage, to track the expiration of their use and timely delete. Cryptographic password closure can largely address this issue and make it more difficult for an attacker to bypass the authentication mechanism.

What can a user have? Of course, a special key is a unique identifier, such as a tablet touch memory (I-button), e-token, smart card, or a cryptographic key that encrypts its entry in the user database. Such a system is the most secure, however, it requires that the user always has an identifier with him, which is most often attached to a keychain with keys and is often forgotten at home or lost. It will be correct if the administrator issues identifiers in the morning and writes about it in the log and accepts them back for storage in the evening, again making an entry in the log.

What is a user? These are the features that are inherent only to this user, only to him, providing biometric identification. An identifier can be a fingerprint, a drawing of the iris of the eyes, a palm print, etc. At present, this is the most promising direction in the development of identification means. They are reliable and at the same time do not require additional knowledge of something or permanent possession of something from the user. With the development of technology and the cost of these funds becomes available to every organization.

It is the task of various identification and authentication mechanisms to ensure that the identity of a user is verified.

Each user (group of users) on the network is assigned a certain distinctive feature - an identifier and it is compared with the approved list. However, only the declared identifier on the network cannot provide protection against unauthorized connections without verifying the user's identity.

The process of verifying the identity of a user is called authentication. It occurs with the help of a special distinguishing feature presented by the user - an authenticator inherent in him. The effectiveness of authentication is determined primarily by the distinctive characteristics of each user.

Specific mechanisms of identification and authentication in the network can be implemented based on the following means and procedures for protecting information:

- passwords;

- technical means;

- means of biometrics;

- cryptography with unique keys for each user.

The question of the applicability of a particular tool is decided depending on the identified threats, technical characteristics of the protected object. It cannot be said unequivocally that the use of hardware that uses cryptography will give the system more reliability than the use of software.

Analyzing the security of an information object and identifying threats to its security is an extremely complex procedure. An equally complicated procedure is the selection of technologies and means of protection to eliminate the identified threats. It is better to entrust the solution of these problems to specialists with rich experience.

Protection against unauthorized access (protection against tampering) is the prevention or significant complication of unauthorized access.

A means of protecting information from unauthorized access (SZI from unauthorized access) is a software, hardware or software and hardware tool designed to prevent or significantly hinder unauthorized access.

Appointment and general classification SZI.

The information security system from NSD can be divided into universal and specialized (according to the field of application), into private and complex solutions (according to the set of tasks to be solved), into built-in system tools and additional (according to the method of implementation).

Classification is extremely important, since when building an information security system of each type, developers formulate and decide completely different tasks(sometimes contradicting each other). So, the basis of the concept of protection of universal system tools the principles of “ full confidence to the user ", their protection is largely useless in corporate systems, for example, when solving problems of countering internal IT threats. In the overwhelming majority of today, information security systems are created to strengthen the protection mechanisms built into universal operating systems, as applied to use in corporate environment... If we are talking about a set of tasks to be solved, then here we should talk about the integration of mechanisms as in part effective solution specific task protection, and in terms of solving a complex of problems.

The consumer properties (purpose) of the additional information security system from the NSD are determined by the extent to which the additional means eliminates the architectural shortcomings of the security mechanisms built into the OS, as applied to solving the required tasks in corporate applications, and how comprehensively (effectively) it solves this set of information security problems.

Issues of assessing the effectiveness of information security information from NSD

The effectiveness of the information security system from NSD can be assessed by examining the issues of the correctness of the implementation of protection mechanisms and the sufficiency of a set of protection mechanisms in relation to the practical conditions of use.

Assessment of the correctness of the implementation of protection mechanisms

At first glance, such an assessment is not difficult to carry out, but in practice this is not always the case. One example: in NTFS file an object can be identified in various ways: to file objects specified by long names, you can contact short name(for example, the “Program files” directory can be accessed by the short name “Progra ~ 1”), and some programs access file objects not by name, but by ID. If the information security system installed in the information system does not intercept and analyze only one similar way accessing a file object, then, by by and large, it becomes completely useless (sooner or later the attacker will reveal this disadvantage means of protection and will use it). Let us also mention that file objects that are not shared between system users and applications can serve as a “channel” for downgrading the document category, which negates the protection of confidential information. There are many such examples.

Requirements for the correctness of the implementation of protection mechanisms are defined in the normative document “State Technical Commission of Russia. Guiding document. Computer facilities. Protection against unauthorized access to information. Indicators of security from NSD to information "; it is used for the certification of the information security system from the NSD.

These requirements are present in the document in the required volume, they are correct, but they are formulated in a general way (otherwise, otherwise it would be necessary to create your own regulatory document for each OS family, and possibly for each OS implementation of the same family), and for fulfilling one requirement may require the implementation of several protection mechanisms. The consequence of this is the ambiguity of the interpretation of these requirements (in terms of approaches to their implementation) and the possibility of fundamentally different approaches to the implementation of protection mechanisms in the information security system from NSD by developers. The result is a different efficiency of information security information from NSD among manufacturers who implement the same formalized requirements. But failure to comply with any of these requirements can negate all efforts to ensure information security.

Assessment of the sufficiency (completeness) of a set of protection mechanisms

The requirements for the sufficiency (completeness, in relation to the conditions of use) of a set of protection mechanisms are determined by the document “State Technical Commission of Russia. Guiding document. Automated systems. Protection against unauthorized access to information. Indicators of security from unauthorized access to information ", which is used when certifying objects of informatization, including when using information security information system from unauthorized access in the AS. However, here, too, the situation is largely similar to that described above.

So, the formulation of the requirement for the sufficiency of mechanisms in the information security system from the NSD to protect confidential data in regulatory documents, in which there is an ambiguity in determining what is to be attributed to the protected resources, it would be advisable to expand, for example, as follows: particular devices, in accordance with the conditions practical use protected computing facility, and control of access of subjects to protected resources, in particular to devices allowed for connection ”.

Note that the mechanisms for controlling access to resources that are always present in the system are file objects, OS registry objects, etc. - a priori protected, and they must be present in the information security system from the NSD in any case, and as for external resources, then taking into account the purpose of the information security system. If the purpose of the information security system is to protect computers in the network, then it must have mechanisms for controlling access to network resources; if it serves to protect autonomous computers, then it should provide control (prohibition) of connecting network resources to the computer. This rule, in our opinion, fits without exception to all resources and can be used as a basic requirement for a set of protection mechanisms when attesting objects of informatization.

The issues of the sufficiency of protection mechanisms should be considered not only in relation to a set of resources, but also in relation to the problems of information protection being solved. There are only two such tasks in ensuring computer security - countering internal and external IT threats.

The general task of countering internal IT threats is to ensure the delimitation of access to resources in accordance with the requirements for processing data of various categories of confidentiality. Possible different approaches to the task of differentiation: by accounts, by processes, based on the category of the read document. Each of them sets its own requirements for sufficiency. So, in the first case, you need to isolate the clipboard between users; in the second - between processes; for the third case, it is generally necessary to radically revise the entire delimiting policy of access to all resources, since the same user can process data of different categories of confidentiality with the same application.

There are dozens of methods of interprocess communication (named channels, memory sectors, etc.), so it is necessary to ensure the closedness of the software environment - to prevent the possibility of starting a program that implements such an exchange channel. There are also issues of resources inseparable by the system and applications, control of the correct identification of the access subject, protection of the information security system itself from unauthorized access (the list of necessary protection mechanisms for effectively solving this problem is very impressive). Most of them are not explicitly spelled out in regulatory documents.

The task of effectively countering external IT threats, in our opinion, can be solved only if a delimitation policy is set for the “process” subject (that is, the “process” should be considered as an independent subject of access to resources). This is due to the fact that it is he who carries the threat external attack... There is no such requirement explicitly in the regulatory documents, but in this case, the solution to the problem of protecting information requires a radical revision. basic principles implementation of a delimiting policy of access to resources.

If the issues of the sufficiency of protection mechanisms in relation to the set of protected resources are still somehow amenable to formalization, then in relation to the tasks of information protection it is not possible to formalize such requirements.

In this case, the information security system from the NSD different manufacturers that fulfill the formalized requirements of regulatory documents can also have cardinal differences both in the implemented approaches and technical solutions, and in the effectiveness of these funds in general.

In conclusion, we note that one should not underestimate the importance of the task of choosing an information security system from an NSD, since this is a special class of technical means, the effectiveness of which cannot be high or low. Taking into account the complexity of assessing the real efficiency of the information security system from the NSD, we recommend that the consumer involve specialists (preferably from among the developers who practically face these problems) at the stage of choosing the information security system from the NSD.

Protection against unauthorized access to data

Unauthorized access (NSD) of an attacker to a computer is dangerous not only by the possibility of reading and / or modifying the processed electronic documents, but also by the possibility of introducing a controlled software bookmark by the attacker, which will allow him to take the following actions:

2. Intercept various key information used to protect electronic documents.

3. Use the hijacked computer as a springboard to hijack other computers on the local network.

4. Destroy information stored on the computer or disable the computer by running malicious software.

Protecting computers from tampering is one of the main problems of protecting information, therefore, in most operating systems and popular software packages have built-in various anti-tamper protection subsystems. For example, performing user authentication when logging into operating systems of the Windows family. However, there is no doubt that the built-in tools of operating systems are not enough for serious protection against tampering. Unfortunately, the implementation of protection subsystems for most operating systems often gives rise to criticism due to regularly discovered vulnerabilities that allow access to protected objects bypassing access control rules. The service packs and fixes released by software manufacturers objectively lag behind the information on detected vulnerabilities. Therefore, in addition to standard means of protection, it is necessary to use special means of limiting or restricting access.
These funds can be divided into two categories:

1. Means of limiting physical access.

2. Means of protection against unauthorized access over the network.

Means of limiting physical access

Most reliable solution problems of limiting physical access to a computer - the use of hardware to protect information from tampering, running before the operating system is loaded. Protections in this category are called "electronic locks". An example of an electronic lock is shown in Fig. 5.3.

Figure 5.3 - Electronic lock for PCI bus

In theory, any access control software can be attacked by an attacker in order to distort the algorithm of such a tool and then gain access to the system. To apply In a similar way with hardware protection it is practically impossible: all actions to control user access are performed by the electronic lock in its own trusted software environment, which is not subject to external influences.
On the preparatory stage using an electronic lock, it is installed and configured. The configuration includes the following actions, usually performed by the responsible person - the security administrator:

1. Creating a list of users who are allowed access to the protected computer. For each user, a key medium is formed (depending on the interfaces supported by a particular lock - a floppy disk, an electronic tablet iButton or a smart card), which will be used to authenticate the user at the entrance. The list of users is stored in the non-volatile memory of the lock.

2. Formation of a list of files, the integrity of which is controlled by the lock before loading the computer's operating system. Are subject to control important files operating system, for example, the following:

System Libraries Windows;

Executable modules of the applications used;

Document templates Microsoft Word etc.

File integrity control is the calculation of their reference checksum, for example, hashing according to the GOST R 34.11-94 algorithm, storing the calculated values ​​in the nonvolatile memory of the lock and then calculating the real checksums of the files and comparing them with the reference ones. V normal operation In operation, the electronic lock receives control from the BIOS of the protected computer after the latter is turned on. At this stage, all actions to control access to the computer are performed (see the simplified diagram of the algorithm in Fig.5.4), namely:

Figure 5.4 - Simplified diagram of the algorithm of the electronic lock

1. The lock asks the user for a medium with key information necessary for his authentication. If the key information of the required format is not provided, or if the user identified by the provided information is not included in the list of users of the protected computer, the lock will block the computer from booting.

2. If user authentication is successful, the lock calculates checksums files contained in the controlled list and compares the received checksums with the reference ones. If the integrity of at least one file from the list is violated, the computer is blocked from loading. For further work on this computer, the problem must be resolved by the Administrator, who must find out the reason for changing the controlled file and, depending on the situation, take one of the following actions to enable further work with the protected computer:

Restore original file;

Remove a file from the controlled list.

3. If all checks are successful, the lock returns control to the computer to load the standard operating system.

Since the above steps are performed before the computer's operating system is loaded, the lock usually loads its own operating system (located in its non-volatile memory - usually this MS-DOS or similar OS, which does not impose large resource requirements), in which user authentication and file integrity checks are performed. This also makes sense from a security point of view - the lock's own operating system is not subject to any external influences, which prevents an attacker from influencing the control processes described above. Information about user logins on the computer, as well as about unauthorized access attempts, is stored in the log, which is located in the non-volatile memory of the lock. The log can be viewed by the Administrator. There are a number of problems when using electronic locks, in particular:



1. BIOS Some modern computers can be configured in such a way that control is not transferred to the BIOS of the lock during boot. To counteract such settings, the lock must be able to block the computer from booting (for example, by closing contacts Reset) if the lock has not received control within a certain time interval after turning on the power supply.

2. An attacker can simply pull the lock out of the computer. However, there are a number of countermeasures:

Various organizational and technical measures: sealing the computer case, ensuring that users do not have physical access to the computer's system unit, etc.

There are electronic locks that can lock the computer's case from the inside with a special lock at the command of the administrator - in this case, the lock cannot be removed without significant damage to the computer.

Quite often, electronic locks are structurally combined with a hardware encoder. In this case, the recommended protection measure is to use a lock in conjunction with a software tool for transparent (automatic) encryption of logical drives on the computer. In this case, encryption keys can be derived from the keys with which users are authenticated in electronic lock, or by separate keys, but stored on the same medium as the user's keys to log on to the computer. Such a comprehensive protection tool will not require the user to perform any additional actions, but it will also prevent an attacker from gaining access to information even with the electronic lock hardware removed.

Means of protection against tampering over the network

Most effective methods protection against unauthorized access over computer networks are virtual private networks ( VPN - Virtual Private Network) and firewalling. Let's consider them in detail.

Virtual private networks

VPNs provide automatic protection integrity and confidentiality of messages transmitted through various networks common use primarily via the Internet. Actually, VPN Is a set of networks, on the outer perimeter of which there are installed VPN-agents (fig.5.5). VPN-agent is a program (or software and hardware complex) that actually provides protection of transmitted information by performing the operations described below.

Rice. 5.5 - Scheme VPN building

Before sending any IP-package VPN-agent does the following:

1. From the title IP-package information about its addressee is highlighted. According to this information based on the security policy of this VPN-agent, protection algorithms are selected (if VPN-agent supports several algorithms) and cryptographic keys with which this package will be protected. In the event that the security policy VPN-agent is not provided for sending IP-package to the given addressee, or IP-package with these characteristics, sending IP-package is blocked.

2.Using the selected integrity protection algorithm, it is generated and added to IP-electronic package digital signature(EDS), prefix or similar checksum.

3.Using the selected encryption algorithm, encryption is performed IP-package.

4.Using established algorithm packet encapsulation encrypted IP- the packet is placed in an IP-packet ready for transmission, the header of which, instead of the original information about the addressee and the sender, contains information about VPN-agent of the addressee and VPN-agent of the sender. Those. network address translation is in progress.

5. The package is sent VPN- to the addressee's agent. If necessary, it is split and the resulting packets are sent one by one.

When receiving IP-package VPN-agent does the following:

1. From the title IP-package information about its sender is highlighted. In the event that the sender is not among the allowed (according to the security policy) or unknown (for example, when receiving a packet with a deliberately or accidentally damaged header), the packet is not processed and is discarded.

2.According to the security policy, protection algorithms are selected this package and keys that will be used to decrypt the packet and check its integrity.

3. The informational (encapsulated) part of the packet is separated and decrypted.

4. The integrity of the package is monitored based on the selected algorithm. If an integrity violation is detected, the packet is dropped.

5. The package is sent to the addressee (by internal network) according to the information in its original title.

VPN-agent can be located directly on the protected computer (for example, computers of "remote users" in Fig. 5.5). In this case, it protects the information exchange of only the computer on which it is installed, however, the principles of its operation described above remain unchanged.
Basic rule of construction VPN- communication between the secured LAN and the open network should only be carried out via VPN-agents. There should be categorically no communication methods that bypass the protective barrier in the form VPN-agent. Those. a protected perimeter must be defined, communication with which can be carried out only through an appropriate protection means. A security policy is a set of rules according to which secure communication channels are established between subscribers. VPN... Such channels are commonly referred to as tunnels, the analogy with which can be seen in the following:

1. All information transmitted within one tunnel is protected from both unauthorized viewing and modification.

2. Encapsulation IP- packets allows you to achieve hiding the topology of the internal LAN: from the Internet, the exchange of information between two protected LANs is seen as an exchange of information only between their VPN-agents, since all internal IP-addresses transmitted over the Internet IP-packages do not appear in this case.

Tunnel creation rules are formed depending on various characteristics IP-packages, for example, the main one when building the majority VPN protocol IPSec (Security Architecture for IP) sets the next set of input data, by which the tunneling parameters are selected and a decision is made when filtering a specific IP-package:

1. IP-address of the source. It can be not only a single IP address, but also a subnet address or a range of addresses.

2. IP-address of destination. It can also be an explicit address range using a subnet mask or pattern.

3. User identifier (sender or recipient).

4. Transport layer protocol ( TCP / UDP).

5. Port number from which or to which the packet was sent.

A firewall is a software or firmware tool that provides protection local area networks and separate computers from unauthorized access by external networks by filtering the two-way flow of messages when exchanging information. In fact, the firewall is "stripped down" VPN-agent that does not encrypt packets and control their integrity, but in some cases has a number of additional functions, the most common of which are the following:

Anti-virus scanning;

Packet correctness control;

Monitoring the correctness of connections (for example, establishment, use and disconnection TCP-sessions);

Content control.

Firewalls that do not have the functions described above and perform only packet filtering are called packet filters... By analogy with VPN-agents, there are also personal firewalls that protect only the computer on which they are installed. Firewalls are also located at the perimeter of protected networks and filter network traffic according to the configured security policy.

An electronic lock can be developed on the basis of a hardware encoder. In this case, one device is obtained that performs the functions of encryption, generation of random numbers and protection against tampering. Such an encryptor is capable of being the security center of the entire computer; on its basis, it is possible to build a fully functional system of cryptographic data protection, providing, for example, following possibilities:

1. Protecting your computer from physical access.

2. Protecting your computer from tampering over the network and organizing VPN.

3. Encryption of files on demand.

4. Automatic encryption of computer logical drives.

5. Calculation / verification of EDS.

6. Protection of e-mail messages.

Unauthorized access (OD) is a deliberate unlawful seizure of confidential information by a person who does not have the right to access protected information. The most common ND pathways to information are:

  • the use of eavesdropping devices;
  • remote photography;
  • theft of media and documentary waste;
  • reading residual information in the system memory after executing authorized requests;
  • illegal connection to equipment and communication lines of specially designed hardware that provides access to information;
  • malicious disabling of protection mechanisms;
  • copying of information carriers with overcoming protection measures;
  • disguise as a registered user;
  • decryption of encrypted information;
  • information infections, etc.

Some of the above methods ND require a sufficiently large technical knowledge and corresponding hardware or software developments, others are rather primitive. Regardless of the pathway, information leakage can cause significant damage to the organization and users.

Most of the listed ND technical ways lend themselves to reliable blocking with a properly designed and implemented safety system. However, the damage is often caused not because of "malicious intent", but because of elementary user errors that accidentally spoil or delete vital data.

Despite the significant difference in the amount of material damage caused, it should be noted that the problem of information protection is relevant not only for legal entities. Any user can encounter it both at work and at home. In this regard, all users need to be aware of the measure of responsibility and comply with elementary rules processing, transmission and use of information.

Defense mechanisms aimed at solving the ND problem with respect to information include:

  • access control - methods of protecting information by regulating the use of all resources of the information system;
  • registration and accounting - keeping logs and statistics of calls to protected resources;
  • the use of various encryption mechanisms (cryptographic information closure) - these protection methods are widely used in the processing and storage of information on magnetic media, as well as its transmission over long-distance communication channels;
  • legislative measures - determined by the legislative acts of the country, which regulate the rules for the use, processing and transmission of information limited access and measures of responsibility for violation of these rules are established;
  • physical measures - includes various engineering devices and structures that impede physical

penetration of intruders into objects of protection and protecting personnel, material resources, information from illegal actions.

Access control

There are three generalized data access control mechanisms: user identification, direct (physical) data protection, and support for user access rights to data with the ability to transfer them.

User identification determines the scale of access to various bases data or parts of databases (relations or attributes). It is essentially a ranking information sheet. Physical protection data is more related to organizational arrangements, although some questions may relate directly to the data, for example, their coding. And, finally, the means of maintaining and transferring access rights must strictly define the nature of differentiated communication with data.

Method of protection using software passwords. According to this method implemented by software, the procedure for communicating the user with the PC is structured so that access to the operating system is prohibited or certain files until a password is entered. The password is kept confidential by the user and is changed periodically to prevent unauthorized use.

The password method is the simplest and cheapest, but it does not provide reliable protection. It is no secret that the password can be spied on or picked using trial and error or special programs, and you can get access to the data. Moreover, the main vulnerability of the password method is that users often choose very simple and easy to remember (and thus to guess) passwords that do not change. long time, and often remain the same when you change the user. Despite the indicated disadvantages, the use of the password method in many cases should be considered rational even in the presence of other hardware and software protection methods. Usually the soft password method is combined with other programmatic methods that define restrictions on the types and objects of access.

The problem of protecting information from unauthorized access has become especially acute with the widespread use of local and, especially, global computer networks. In this regard, in addition to access control, essential element information protection in computer networks is the delineation of user authority.

In computer networks, when organizing access control and delimiting user powers, the built-in means of network operating systems (OS) are most often used. The use of protected operating systems is one of the essential conditions building modern information systems... For example, UNIX allows the owner of a file to grant read-only or write-only rights to other users for each of its files. The most widespread in our country is the Windows NT operating system, in which everything appears. more possibilities to build a network that is truly protected from ND to information. NetWare OS, in addition to standard means of restricting access, such as a system of passwords and differentiation of powers, has a number of new features that provide the first class of data protection, provides the ability to encrypt data according to the principle of "public key" ( RSA algorithm) with the formation electronic signature for packets transmitted over the network.

At the same time, in such a system of organizing protection, it still remains weakness: The access level and the ability to log in are determined by a password. To exclude the possibility of unauthorized entry into a computer network in Lately a combined approach is used - password + user identification by a personal "key". A plastic card (magnetic or with a built-in microcircuit - smart-card) or various devices to identify a person using biometric information - by the iris of the eye or fingerprints, the size of the hand, etc.

Magnetic stripe plastic cards can be easily counterfeited. A higher degree of reliability is provided by smart cards - the so-called microprocessor cards (MP-card-points). Their reliability is primarily due to the impossibility of copying or counterfeiting in an artisanal way. In addition, during the production of cards, each microcircuit is entered unique code that cannot be duplicated. When the card is issued to the user, one or more passwords are applied to it, known only to its owner. For some types of MP-cards, an attempt at unauthorized use ends with its automatic "closing". To restore the functionality of such a card, it must be presented to the appropriate authority. In addition, the technology of MP-cards provides encryption of the data recorded on it in accordance with DES standard... Installation of a special reading device MP - cards is possible not only at the entrance to the premises where computers are located, but also directly at workstations and network servers.

This approach is much more reliable than using passwords, because if the password is snooped, the user may not know about it, but if the card is missing, action can be taken immediately.

Access control smart cards allow you to realize, in particular, such functions as control of the entrance, access to devices of a personal computer, access to programs, files and commands. In addition, it is also possible to carry out control functions, in particular, registration of attempts to violate access to resources, use of prohibited utilities, programs, DOS commands.

As enterprises expand, the number of staff grows and new branches appear, it becomes necessary for remote users (or groups of users) to access computing and information resources the main office of the company. Most often for an organization remote access cable lines (regular telephone or dedicated) and radio channels are used. In this regard, the protection of information transmitted via remote access channels requires a special approach.

In particular, in bridges and routers for remote access, packet segmentation is used - their separation and transmission in parallel over two lines - which makes it impossible to "intercept" data when a "hacker" illegally connects to one of the lines. In addition, the procedure for compressing transmitted packets used during data transmission guarantees the impossibility of decrypting the "intercepted" data. In addition, remote access bridges and routers can be programmed to remote users will be limited in access to certain network resources of the main terminal.

The automatic callback method can provide more reliable protection systems from unauthorized access than simple software passwords... In this case, the user does not need to remember passwords and monitor their secrecy. The idea behind a callback system is pretty simple. Users removed from the central database cannot directly access it. First, they get access to a special program, which is given the appropriate identification codes. After that, the connection is broken and the identification codes are checked. If the code sent via the communication channel is correct, then a callback is made to the user with the simultaneous fixation of the date, time and phone number. The disadvantage of this method is low speed exchange - the average delay time can be tens of seconds.

Data encryption method

Translated from Greek, the word cryptography means cryptography. This is one of the most effective methods protection. It can be especially useful for making it harder for unauthorized access, even if conventional defenses have been bypassed. Unlike the methods discussed above, cryptography does not hide transmitted messages, but converts them into a form inaccessible for understanding by persons who do not have access rights to them, ensures the integrity and authenticity of information in the process of information interaction.

Information ready for transmission is encrypted using some encryption algorithm and encryption key. As a result of these actions, it is converted into a cipher, that is, a closed text or graphic image, and in this form is transmitted over the communication channel. The resulting encrypted output cannot be understood by anyone other than the owner of the key.

A cipher is usually understood as a family of reversible transformations, each of which is determined by some parameter, called a key, as well as the order of application this transformation called encryption mode. Typically, a key is some alphabetic or numeric sequence.

Each transformation is uniquely identified by a key and described by some encryption algorithm. For example, the encryption algorithm can provide for the replacement of each letter of the alphabet with a number, and the key can be the order of the numbers of the letters of this alphabet. For the exchange of encrypted data to be successful, the sender and receiver need to know the correct key and keep it secret.

The same algorithm can be used for encryption in different modes... Each encryption mode has both advantages and disadvantages. Therefore, the choice of mode depends on the specific situation. When decrypting, a cryptographic algorithm is used, which in general case may differ from the algorithm used for encryption, therefore, the corresponding keys may differ. A pair of encryption and decryption algorithms is called a cryptosystem (cipher system), and the devices that implement them are called cipher technology.

Distinguish between symmetric and asymmetric cryptosystems. In symmetric cryptosystems for encryption and decryption, the same private key... In asymmetric cryptosystems, the keys for encryption and decryption are different, one of them being private and the other open (public).

There are quite a few different algorithms for cryptographic protection of information, for example, DES, RSA, GOST 28147-89, etc. The choice of encryption method depends on the characteristics of the transmitted information, its volume and required transmission speed, as well as the capabilities of the owners (the cost of the used technical devices, operational reliability, etc.).

Data encryption has traditionally been used by government and defense departments, but as needs change, some of the more established companies are starting to use the power of encryption to keep information confidential. The financial services of companies (primarily in the United States) represent an important and large user base, and often specific requirements are imposed on the algorithm used in the encryption process.

rationing. Data Encryption Standard (DES) was developed by IBM in the early 1970s. and is currently the government standard for encryption digital information... It is recommended by the American Bankers Association. The sophisticated DES algorithm uses a 56-bit key and 8-bit parity and requires an attacker to brute force 72 quadrillion possible key combinations, providing a high degree of protection at low cost. With frequent key changes, the algorithm satisfactorily solves the problem of making confidential information inaccessible. At the same time, the market commercial systems does not always require as strong protection as government or defense departments, so other types of products, such as PGP (Pretty Good Privacy), can be used. Data encryption can be carried out in the On-line (at the rate of information receipt) and Off-line (autonomous) modes.

The RSA algorithm was invented by R.L. Ravest, A. Shamir and L. Aldeman in 1978 and represents a significant step in cryptography. This algorithm has also been adopted as a standard by the National Bureau of Standards.

DES is technically symmetric algorithm, and RSA - asymmetric - is a shared system in which each user has two keys, and only one secret. The public key is used to encrypt the message by the user, but only a specific recipient can decrypt it with his private key; the public key is useless for this. This makes secret key transfer agreements between correspondents unnecessary. DES defines the length of the data and key in bits, and RSA can be implemented with any key length. The longer the key, the higher the level of security (but the process of encryption and decryption also becomes longer). If DES keys can be generated in microseconds, then the approximate time to generate an RSA key is tens of seconds. So public keys RSA is preferred by software developers, and DES private keys are preferred by hardware developers.

When exchanging electronic documents, a situation may arise when one of the parties rejects its obligations (refusal of authorship), as well as falsification of messages received from the sender (attribution of authorship). The main mechanism for solving this problem is the creation of an analogue of a handwritten signature - an electronic digital signature (CPU). There are two main requirements for a CPU: high complexity of tampering and ease of verification.

Both symmetric and asymmetric cipher systems can be used to create a CPU. In the first case, the message itself encrypted on the secret key can serve as a signature. But after each check, the secret key becomes known. To get out of this situation, it is necessary to introduce a third party - an intermediary who is trusted by any parties, who re-encrypts messages from the key of one of the subscribers to the key of the other.

Asymmetric cipher systems have all the properties required by a CPU. There are two possible approaches to building the CPU.

  • 1. Converting the message into a form that can be used to restore the message itself and, thereby, check the correctness of the signature itself.
  • 2. The signature is calculated and sent along with the original message.

Thus, for different ciphers, the problem of decryption - decryption of a message if the key is unknown - has different complexity. The level of complexity of this task determines the main property of the cipher - the ability to resist attempts by the enemy to take possession of the protected information. In this regard, they talk about the cryptographic strength of the cipher, distinguishing between stronger and less strong ciphers. The characteristics of the most popular encryption methods are shown in table. 10.1.

Table 10.1. Characteristics of the most common encryption methods

There is a parable about himself reliable way information storage: Information must be in one copy on a computer, which is located in an armored safe, disconnected from all networks and de-energized.

It is clear that working with such information is, to put it mildly, inconvenient. At the same time, I want to protect programs and data from unauthorized access (NSD). And in order for access to be authorized, you need to decide who can and what is not allowed.

For this you need:

  1. break into classes the information stored and processed in the computer;
  2. split into classes of users of this information;
  3. to put the obtained classes of information and users in a certain correspondence to each other.

User access to various classes of information should be carried out in accordance with a password system, which can be:

  • regular passwords;
  • real locks and keys;
  • special tests of user identification;
  • special identification algorithms for personal computers, floppy disks, software.

Information security systems against tampering provide the following functions:

  1. identification, i.e. assignment of unique attributes - identifiers, by which the system subsequently performs authentication;
  2. authentication, i.e. authentication based on comparison with reference identifiers;
  3. differentiation of user access to personal computers;
  4. differentiation of user access by operations on resources (programs, data, etc.);
  5. administration:
    • determination of access rights to protected resources,
    • processing of logs,
    • installation of a protection system on a PC,
    • removal of the protection system from the PC;
  6. event registration:
    • user login,
    • logging out a user,
    • violation of access rights;
  7. reaction to attempts by an unauthorized person;
  8. control of the integrity and operability of protection systems;
  9. ensuring information security during maintenance and repair work;
  10. ensuring information security in emergency situations.

User rights for access to programs and data are described by tables, on the basis of which control and differentiation of access to resources is performed. Access should be controlled by software protection. If the requested access does not match the one in the access rights table, the security system registers the fact of tampering and initiates the appropriate response.

User identification and authentication

Before accessing resources, the user must go through the submission process computer system, which includes two stages:

  • identification- the user informs the system at its request of his name (identifier);
  • authentication- the user confirms the identification by entering into the system unique information about himself that is not known to other users (for example, a password).

To carry out the procedures for identifying and authenticating a user, it is necessary to have:

  • authentication programs;
  • unique information about the user.

There are two forms of storing information about the user: external (for example, a plastic card or the user's head) and internal (for example, a record in a database). Naturally, the information stored in the head and the information in the database should be semantically identical. The trouble with Ali Baba's greedy brother Qasim happened precisely because of the discrepancy between the external and internal forms: sim-sim is not identical to peas, rice, etc.

Consider data structures and protocols for user identification and authentication.

Almost any key information carrier used for identification corresponds to the following user data structure:

  • ID i - unchanging identifier of the i-th user, which is an analogue of the name and is used to identify the user;
  • K i - user authentication information, which can be changed and serves for authentication (for example, password P i = K i).

So for carriers like plastic cards the unchangeable information ID i and the object in the file structure of the map containing K i are allocated.

The aggregate information in the key carrier can be called the primary authentication information of the i-th user. Obviously, the internal authenticating object should not exist in the system for a long time (more time for a specific user). For example, you entered a password that the authentication program entered into a variable for comparison with those stored in the database. This variable must be cleared no later than you end your session. For long-term storage, data in a protected form should be used.

Consider two typical identification and authentication schemes.

Scheme 1.

Here E i = F (ID i, K i), where the "irrecoverability" K i is estimated by some threshold complexity T 0 of solving the problem of recovering K i from E i and ID i. In addition, for a pair of K i and K j, the corresponding values ​​of E may coincide. In this regard, the probability false authentication users should not be more than a certain threshold value P 0. In practice, set T 0 = 10 20 ... 10 30, P 0 = 10 -7 ... 10 -9.

Identification and authentication protocol (for scheme 1).

  1. The value E = F (ID, K) is calculated.

Scheme 2 (modified). The computer system stores:

Here E i = F (S i, K i), where S is a random vector specified when creating a user ID; F - a function that has the property of "irreducibility" of the value of K i by E i and S i.

Identification and authentication protocol (for scheme 2).

  1. The user submits his ID.
  2. If there is i = 1 ... n, for which ID = ID i, then the user identification was successful. Otherwise, the user is not allowed to work.
  3. The vector S is selected by the identifier ID.
  4. The authentication module asks the user for his authenticator K.
  5. The value E = F (S, K) is calculated.
  6. If E = E i, then authentication was successful. Otherwise, the user is not allowed to work.

The second authentication scheme is used in OC UNIX. The username (requested by Login) is used as an identifier, and the user's password (requested by Password) is used as an authenticator. Function F is the DES encryption algorithm. Standards for identification and authentication are contained in the Etc / passwd file.

It should be noted that necessary requirement the stability of identification and authentication schemes to recovery of information K i is a random equiprobable choice of K i from a set of possible values.

The simplest method of applying a password is based on comparing the provided password with the original value stored in memory. If the values ​​match, then the password is considered authentic and the user is legitimate. The password must be encrypted before being sent over an unsecured channel. If an attacker somehow finds out the password and identification number of the legitimate user, he will gain access to the system.

It is better to forward the display obtained using the one-way function f (P) instead of the open form of the password P. This transformation should ensure that the password cannot be deciphered by displaying it. So the enemy runs into an unsolvable numerical problem.

For example, a function f can be defined like this:

f (P) = E P (ID),
where P is a password, ID is an identifier, E P is an encryption procedure performed using a password as a key.

In practice, the password consists of several letters. But the short password is vulnerable to brute force attack. To prevent such an attack, the function f is defined differently:

f (P) = E P + K (ID),
where K is a key (Toch-memory tablet, USB-key, etc.)

User identification and authentication procedures can be based not only on secret information possessed by the user (password, secret key, personal identifier, etc.). Recently, biometric identification and authentication are becoming more widespread, which make it possible to confidently identify a potential user by measuring the physiological parameters and characteristics of a person, and the characteristics of his behavior.

Main advantages biometric methods identification and authentication:

  • high degree of reliability of biometric identification due to their uniqueness;
  • inseparability of biometric signs from a capable person;
  • the difficulty of falsifying biometric signs.

The following are used as biometric signs that can be used to identify a potential user:

  • iris and retina pattern;
  • fingerprints;
  • geometric shape of the hand;
  • the shape and size of the face;
  • thermogram of the face;
  • the shape of the ears;
  • features of the voice;
  • biomechanical characteristics of a handwritten signature;
  • biomechanical characteristics of "keyboard handwriting".

When registering, the user must demonstrate one or more times their characteristic biometric signs. These attributes (known as genuine) are recorded by the system as an audit trail of the legitimate user. This user image is stored in electronic form and is used to verify the identity of anyone impersonating the respective legitimate user.

Identification systems for iris and retina patterns can be divided into two classes:

  • using the pattern of the iris of the eye;
  • using the pattern of the blood vessels of the retina.

Since the probability of repeating these parameters is 10 -78, these systems are the most reliable among all biometric systems. Such means are used, for example, in the United States in the zones of military and defense facilities.

Fingerprint identification systems are the most common. One of the main reasons for the widespread adoption of such systems is the availability of large fingerprint databases. The main users of such systems around the world are the police, various government agencies and some banks.

Identification systems for the geometric shape of the hand use hand-shaped scanners, usually mounted on walls. It should be noted that the overwhelming majority of users prefer this type of system.

Face and voice identification systems are the most affordable because of their low cost, since most modern computers have video and audio tools. Systems of this class are widely used for remote identification in telecommunication networks.

Identification systems based on the dynamics of handwritten signature take into account the intensity of each effort of the signer, the frequency characteristics of the writing of each element of the signature and the style of the signature as a whole.

Identification systems based on biomechanical characteristics of "keyboard handwriting" are based on the fact that the moments of pressing and releasing keys when typing on the keyboard differ significantly for different users. This dynamic typing rhythm ("keyboard handwriting") allows the construction of sufficiently reliable means of identification.

It should be noted that the use of biometric parameters in the identification of subjects of access of automated systems has not yet received proper regulatory and legal support, in particular in the form of standards. Therefore, the use of systems biometric identification allowed only in systems that process and store personal data constituting commercial and official secrets.

User Mutual Authentication

Typically, parties entering a communication need mutual authentication. This process is performed at the beginning of a communication session.

The following methods are used for authentication:

  • request-response mechanism;
  • time stamp mechanism ("time stamp").

Request-response mechanism... If user A wants to be sure that the messages he receives from user B are not false, he includes an unpredictable element in the message sent to B - request X (for example, some random number). When answering, user B must perform some predetermined operation on this number (for example, calculate some function f (X)). This cannot be done in advance, since user B does not know what random number X will come in the request. By receiving a response with the result of B's ​​actions, user A can be confident that B is genuine. The disadvantage of this method is the ability to establish a pattern between a request and a response.

Time stamping mechanism involves recording the time for each message. In this case, each network user can determine how "outdated" the received message is and not accept it, since it may be false.

In both cases, encryption should be applied to secure the control mechanism to ensure that the response is not sent by an attacker.

Issue arises when using time stamps allowable time delay to confirm the authenticity of the session. After all, a message with a "time stamp", in principle, cannot be transmitted instantly. In addition, the computer clocks of the sender and the recipient cannot be perfectly synchronized.

For mutual authentication, usually use handshake procedure, which is based on the above mechanisms and consists in mutual verification of the keys used by the parties. In other words, the parties recognize each other as legal partners if they prove to each other that they have the correct keys. The "handshake" procedure is used in computer networks when organizing communication between users, a user and a host computer, between host computers, etc.

As an example, consider the "handshake" procedure for two users A and B. Let a symmetric cryptosystem be used. Users A and B share the same private key K AB.

  • User A initiates a handshake by sending user B his ID A in open form.
  • User B, having received the identifier ID A, finds the secret key K AB in the database and enters it into his cryptosystem.
  • In the meantime, user A generates a random sequence S with pseudo-random generator PG and sends it to user B in the form of a cryptogram E K AB (S).
  • User B decrypts this cryptogram and reveals the original form of S.
  • Both users then transform the sequence S using the one-way function f.
  • User B encrypts message f (S) and sends cryptogram E K AB (f (S)) to user A.
  • Finally, user A decrypts this cryptogram and compares the received message f "(S) with the original message f (S). If these messages are equal, then user A recognizes the identity of user B.

User A authenticates user B in the same way. Both of these procedures form a "handshake" procedure, which is usually performed at the very beginning of any communication session between any two parties in computer networks.

The advantage of the "handshake" model is that none of the participants in the communication receives any secret information during the authentication procedure.

Sometimes users want to have continuous sender authentication for the entire communication session. Let's take a look at one of the simplest continuous authentication methods.

To send message M, user A transmits a cryptogram E K (ID A, M). The recipient decrypts it and expands the pair (ID A, M). If the received ID A matches the stored one, the recipient takes into account this message.

Instead of identifiers, you can use secret passwords, which are prepared in advance and known to both parties. Continued: Zero Knowledge Transfer Identity Protocols

Literature

  1. Romanets Yu.V., Timofeev P.A., Shangin V.F. Information protection in computer systems and networks. Ed. V.F. Shangin. - 2nd ed., Rev. and add. - M.: Radio and communication, 2001 .-- 376 p .: ill.

Top related articles

The best programs for creating basic and electronic music
The best programs for creating basic and electronic music
General structure of theme files
General structure of theme files
Basic principles of using color in web design
Basic principles of using color in web design
Categories:
© 2021 bumotors.ru. How to set up smartphones and PCs. Informational portal.