Vol.
KEY ISSUES IN NETWORK SECURITY
9, No.
10, Page
2
A former director of a network service company resigned in a state of acrimony and decided to exact revenge, As the passwords and network addresses had not been changed since his departure, he was able to dial in from a remote location to the service network with his privileged access code. Soon a major banking customer found to its horror that the bank's clients worldwide were receiving racist messages on their terminals purporting to have been issued by the bank. A second banking customer discovered its funds transfer messages in the network were either seriously delayed or the details altered, failing the message authentication checks. The culprit managed to discredit his former employer's network service as a result. company provided a In another instance, a multinational freephone facility to the maintenance engineer to perform remote diagnostics on faulty equipment. The information and knowledge of the access code fell into the hands of a hacker who accessed the corporate network and changed the contents of the password table to deny system access to all bona fide users. Where a workstation is linked to a host computer as a gateway to corporate systems, the workstation is often regarded as a 'dumb' terminal. The general safeguards on access control applied on the host computer will not take into account the local intelligence of the workstation. Once the data is downloaded, the host security system cannot impose restrictions on any subsequent local copying, interrogation, or modification. This has opened a serious loophole on current access control packages which are striving to restrict the access rights and privileges of remote workstations by enforcing access rules from the host mainframe. an intelligent workstation could expose the host to Furthermore, sophisticated attacks such as programming the workstation to systematically guess at user passwords with, for instance, a list of commonly-used passwords. For peer-to-peer communications, we know of one electronic mail system which allocates default passwords to new users, based Once the scheme is known, all new users are on their initials. and the risk remains with lazy users who potentially vulnerable, have chosen to adopt their default passwords for routine usage. it is generally assumed that the For local area networks, internal wiring is installed within a building, which may not be the case for a LAN network which connects two nearby buildings together. Traffic is assumed localized to particular areas, transmission paths are short, and security is thought to suffice In practice, a with a password system for workstation access. LAN supporting a range of offices is more difficult to secure because the network extends widely within the building, or between and is often fitted with spare cable access points two buildings, A rogue terminal can be connected to the for future expansion. network via any one of the access points to get into the range of A wire-tap can be carried out without office services supported. breaching the cable and without being observed, either inside, or Such a network often uses outside a building. occasionally, broadcast techniques to send messages along the entire network cable and would be vulnerble to someone listening in at a hidden access point.
0 1987 Elsevier Science Publishers B.V.. Amsterdam./87/$0.00 + 2.20 No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any means, electronic, mechanical. photocopying. recording or otherwise. without the prior permlssion of the publishers (Readers in the U.S.A. ~ please see special regulations listed on back cover.)
Vol. 9, No. 10, Page 3
Workstation
security
Sometimes sensitive information could appear on terminals not designated to receive such output, either from faults developed in the message switching equipment or through software errors in the system, resulting in misrouting of information to the wrong For EFT networks using leased lines, security can be destination. improved by using terminals which can be uniquely identified through built-in hardware codes, and by restricting the use of each terminal to a selected list of transactions. The hardware identity of the terminal will be transmitted as part of the The user will message to authenticate the source of transmission. also be logged off automatically after two or three unsuccessful attempts at guessing the correct password, or after the terminal has been inactive for some time. The May 1987 issue of Computer Fraud & Security Bulletin described Racal-Guardata's Watchword one-time password system, which comprises a Watchword Controller, a hand-held Watchword generator, and security software. Other products in this area include Computer Access Security System (CASS) from Distributed Management Systems in Blackburn, and the SAFE S20 smart card from Computer Security Ltd, both in the UK. On networks using dial-up lines for data transmission, individual terminals may be difficult to authenticate regarding their exact identities and physical locations, particularly if these are distributed internationally. In this case, a call-back facility could be implemented to verify the source of a transaction. Instead of dialling directly to the computer, a terminal user is required to telephone the service personnel: the latter check the user against the telephone number of the caller and phone back before establishing the communications link on the network. This method would not guard against a perpetrator also intercepting the return call on the line, or diverting the call from an authorized number to his own. Also the host centre will be paying for the line charges instead of the terminal user. For dial-up connection to the host mainframe from users working at home, the use of security modems or port protection devices should be considered as a means of deterring potential hackers. A security modem is installed at the remote user terminal and typically stores the complete connection and log-on information for all remote users to all hosts. Once the user has entered the correct password, an auto-dial facility will dial out to the respective host automatically. The unit also has a secret serial number which is sent out with the connection to the host to act as a unique identifier for the terminal. A port protection device is an external device fitted to the host computer's communication port. The box holds a list of valid user passwords together with the telephone numbers of individual It acts as a front-end barrier to users in hardware memory. authenticate the dial-up terminals before terminating the call and dialling back to the caller to connect him to the host computer. In the UK, products in this area include DATA LOCK AND KEY from Sygnus Data Communications Ltd in Amersham and HORATIUS from Dowty Information Systems.
o 1987 Elsevier No
Science Publishers
B.V., Amsterdam.1871SO.00
+ 2.20
part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any means. electronic, mechanical. photocopying. recording or otherwise. without the prior permission of the publishers. (Readers in the U.S.A. - please see special regulations listed on hack cover.)
Vol. 9, No. 10, Page 4
One useful technique to detect the trail of hackers is to get the sytem to print details of the last session after the user has successfully logged-on to the system. Such details could include the time, date, and duration of the last log-on session, plus the list of datasets accessed. Any suspicious findings would lead the user to report such details to the central control function for further investigation. As a further precaution against hacking, the telephone number for accessing the network should be changed from time to time. It should preferably be from a separate three digit telephone exchange from the company's voice lines and in any case should not be part of a contiguous block of numbers from the company's published telephone numbers. Communications
security
For domestic networks involving remote terminals for data entry and retrieval and host computers for overnight batch update of customer account movements, a safety margin is built into the time delay between input and update. This enables computer staff to spot potential abuse and to take steps to verify the authenticity of suspicious messages before any further update on transactions from that terminal can continue. The general safeguard in this case is to have a message sequence number incorporated into every message before transmission. Suppose a message from terminal A is intercepted on the communication line, say by wiretapping and diverting it to an unauthorized terminal, modifying its content, and then forwarding the doctored message down the line. The delay incurred in a busy network would result in subsequent messages from terminal A being received prior to the 'modified' message arriving at the host computer, detected as 'message out of sequence', and promptly investigated. Unfortunately, this safeguard will not work for networks with sparse message traffic from isolated terminals, nor for applications requiring on-line update of customer accounts, in which case the slow response inherent in the safeguard would cause serious message traffic congestion and user aggravation. The increasing use of fibre optics for wide-band high-speed data transmission would eliminate the risk of wire-tapping because optical signals do not radiate from fibre cables. The optical circuit does not generate inductive cross-talk and system reliability is enhanced. On the other hand, the signals need to be boosted every lo-12 km or so and the locations housing the For ordinary signal boosters protected against wire-tapping. cables, the cabling laid should be visible to ease routine inspection for bugging devices, or contained in sealed ducts for the entire length, to deter bugging equipment being fitted later. Microwave transmission and communication satellites for transcontinental communication are susceptible to messages being picked up by unauthorized users with proper reception equipment. At present, encryption is still regarded as the most effective safeguard against wire-tapping, misrouting, or cross-talking. Traditionally, the procedure used for message authentication in banking is the Standard Test Key system as agreed among banks using the same message switching network. The Standard Test Key is calculated either by hand or automatically, based on code numbers derived from the message contents to authenticate the 0 1987 Elsevier Science Publishers B.V., Amsterdm./87/$0.00 + 2.20 No part of this publication may be reproduced stored in a retrieval system, or transmitted by any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publishers. (Readers in the U.S.A. - please see special regulations listed on back cover.)
Vol. 9, No. 10, Page 5
source of transactions in bank-to-bank transmissions, and to ensure a message has not been tampered with after being sent. To initiate a funds transfer normally requires two people to enter their own passwords separately to effect the message activation, one for inititiation of the funds transfer and the second for authentication of the message content before transmitting the message to the network. By and large, current encryption techniques fall into two areas in the financial sector - those using simple algorithms to effect straightforward transposition and substitution of characters or bit patterns to produce encrypted text from clear text via software, and those using the US Federal Data Encryption Standard (DES) or similar complex algorithms to transform clear text to encrypted text via special hardware encryption microchips or software. With the exception of financial institutions, European companies in other business sectors have experienced difficulties in obtaining export licences to ship DES chips from the US. The first approach offers little protection once the algorithm is known and is effectively employed to discourage a casual browser fishing for sensitive information. The DES approach is more secure provided careful attention has been given to the generation and distribution of encryption keys. Once the keys are known, the data can easily be deciphered. At present, several large UK clearing banks are using DES in some of their EFT applications and ATM systems. Guidelines have been prepared in some cases for encryption consideration in banking systems. Key management From time to time, it is necessary to change the keys for encryption in case they fall into the hands of a potential intruder. The term 'key management' refers to the secure generation, distribution, and storage of encryption keys. The keys should be generated in a random fashion to make it extremely unlikely that anyone will guess the individual keys or discover the method of generation. Good key management will also ensure that keys are not lost through hardware malfunction, software fault, or human failings. If the key is lost, it should be possible to recover the data. One method is to change keys electronically across the communication channel, encrypted under a master key reserved for this purpose, called the key encryption key. The master key could reside permanently in the memory so that the interlock will destroy the resident key when the terminal is opened up for maintenance purposes etc. Another approach is to physically distribute a new The new master key whenever the terminal requires maintenance. key may be inserted via a keyboard or by magnetic card. Message authentication For a symmetric system such as the DES algorithm where the encryption key is the same as the decryption key, this provides the dishonest receiver with the opportunity to forge a message and claim that it came from the sender. Equally, the sender could o 1987 Elsevier Science Publishers B.V., Amsterdam./87/$0.00 + 2.20 No part of this publication may be reproduced. stored in a retrieval system, or transmitted by any form or by any means. electronic, mechanical, photocopying, recording or otherwse, without the prmr permission of the publishers (Readers in the U.S.A.-please see special regulations listed on back cover.)
vol. 9, No.
10,
Page
6
deny having sent a message and claim that the message was probably forged by the receiver. This is one area where the public key system can offer some assistance, in the form of an electronic signature. Another application of the public key system is to use it for encrypting DES session keys by a master key for secure key transport. The concept of the public key system is based on the premise that the encryption key may not be the same as the decryption key, i.e. an asymmetric system. If the encryption key is made public, anyone wishing to encrypt messages and send them to a given destination may do so by using a standard encryption algorithm and the known public key for that destination. The receiver alone holds the secret decryption key to decipher the message sent. The electronic signature, on the other hand, is achieved by the sender transforming the message using the secret key, not the public key, and transmitting only the cipher text to the receiver. The public key for decrypting the message is sent openly to the receiver to transform the message back to clear text. Knowledge that the message can be transformed back to clear text proves that it must have come from the sender. But the receiver cannot transform the clear text back into the cipher text he received unless he has knowledge of the secret encryption key. This ties the message to the sender in the form of an electronic signature, i.e. the secret encryption key, and could be used legally in court to prove that the message could not possibly have been tampered with. Encryption products Many encryption products are now available on the market. IBM offers the 3845 and 3846 for connection between modem and computer or terminal respectively, and can support most of the common line protocols at signal speeds from 100 to 19 200 bits/second. In addition IBM also offers the Cryptographic Subsystem for encrypting mainframe data files to be stored on tapes or disks. Data Innovation offers a range of encryption devices for data Other products include a range of Datacryptors from transmission. Racal Milgo, the SAFE product range from Computer Security Ltd for message encryption and authentication, and a series of Gretacoders from Gretag in Switzerland for encryption on SWIFT and other networks. System Network Architecture The IBM System Network Architecture's (SNA) traditional approach, using a host-based, hierarchical structure to handle transaction processing, has taken on a new dimension with the introduction of Logical Unit (LU) 6.2 to deal with communication between two computers, catering for the local intelligence of PC-based workstations. LU 6.2 has a software interface called Advanced Program-to-Program Communication which provides peer-to-peer communications for devices connected on a Token Ring network to support local area network facilities. This has significant implications for the control of access to data as well as the implementation of controls in a distributed fashion, o 1987 Elsevier Science Publishers B.V., Amsterdm./87/$0.00 + 2.20 No part of this publication may be reproduced stored in a retrieval system. or transmitted by any form or by any means, electronic. mechanical, photocopying, recording or otherwise. without the prior permission of the publishers. (Readers in the U.S.A. - please see special regulations listed on back cover.)
Vol. 9, No. 10, Page 7
instead of relying on the central host to control access from any terminal or perform other security duties. Access to SNA system services is controlled by a program called System Services Control Point (SSCP) sitting on an IBM host The SSCP governs access by interpreting information on mainframe. Each the numbers and types of terminals and terminal controllers. of these devices is known as a Physical Unit (PU). Each class of PU has a number to indicate what facilities it has. The SSCP also interprets information on Logical Units (LU). An LU specifies the characteristics of the contact point by which an end user can connect with an SNA network and the type of LU determines the facilities that he can have from the network. The physical unit, on the other hand, actively monitors and controls the resources used by a logical unit. Hence a terminal has both PU and LU characteristics. The LU protects the PU from illegal requests that may be issued by a user. LU 6.2 allows two programs to communicate and requires certain facilities from the PU to ensure efficient and reliable communications. In security terms, this could mean that each program undertakes to enforce its own log-on procedure and checking of passwords by means of its local intelligence, before allowing communication on SNA. Also encryption and authentication of messages can be carried out locally, and LU 6.2 will communicate the encrypted data via SNA to another workstation. The latter will then use its local facilities to decrypt and authenticate the received messages, provided it has been supplied previously with the matching keys. Dr Ken Wong, BIS Applied Systems Ltd, UK
PLUG-IN SECURITY CARDS - HOW SECURE ARE THEY?
Much has been written about the advantages offered by plug-in security cards. They are inserted into one of the available slots within the computer, usually an IBM PC/XT/AT or close compatible. Various products offer a range of access control, encryption, and authentication features. Plug-in cards offer many advantages: direct access to the bus, availability of a slave processor, and special-purpose chips can all make security products operate quicker. A separate processor also has the advantage that its operating software usually cannot be accessed or modified by a program running on the host processor. Plug-in security cards are small (only one slot), unobtrusive, and operate at high speed. A publicity merchant's dream. However, a word of caution is in order. As I see it there is a major problem with using such a device as the primary security tool. How do you know the card is there? Even if you open up the computer to check (often a long, fiddly job with a screwdriver), how do you know the card is genuine? Be honest, how many people do you know who check the contents of their computer every day? Rather than explain all the myriad possibilities for fraud, take as one example the situation where your computer refuses to
@1987 Elsevier Science Publishers B.V., Amsterdam./87/$0.00 + 2.20 No part of this publication may be reproduced. stored in a retrieval system. or transmitted by any form or by any means. electronic, mechanical. photocopying. recording or otherwise. without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.)