An important requirement of any information management system is to protect information against improper disclosure or modification (known as con dentiality and integrity respectively).
Three mutually supportive technologies are used to achieve this goal.
Authentication establishes the identity of one part of the system typically by means of password. More generally, authentication can be computer-to-computer or process-to-process-to-process and mutual in both directions.
Access control determines what one party will allow another to do with respect to resources and objects mediated by the former. Access control usually requires authentication as a prerequisite.
The audit process gathers data about activity in the system and analyses it to discover security violations or diagnose their cause. Analysis can occur offline after the fact or online in real time. In the latter case, the process is usually called intrusion detection.
User-to-computer authentication can be based on one or more of the following: —something the user knows, such as a password, —something the user possesses, such as a credit-card-sized cryptographic token or smart card, or —something the user is, exhibited in a biometric signature such as a fingerprint or face recognition.
Password-based authentication is the most common technique but it has significant problems. Passwords can be surreptitiously observed or guessed. Password management is required to prod users to change their passwords regularly, to select good ones, and to protect them with care. Excessive password management makes adversaries of users and security administrators, which can be counterproductive. An intrinsic flaw of passwords is that users can share them with other users, which breaks down accountability. However, passwords can be effective and are cheap, so they are likely to remain in use.
The second technique authenticates the token rather than the user. Each token has a unique secret cryptographic key stored within it, used to establish the token’s identity via a challenge-response handshake. The party establishing the authentication issues a challenge to which a response is computed using the secret key. Sometimes the challenge is implicitly taken to be the current time. The secret key should never leave the token. Attempts to break the token open to recover the key should cause the key to be destroyed. User-to-token authentication can be based on passwords in the form of a PIN (personal identification number).
Biometric authentication has been used for some time for high-end applications. The biometric signature should be different every time (for example, a face recognition can turn a photo or video image into a code that describes the characteristics of the face on each occasion). Biometric Identification Systems regarding to the entrance controlled by fingerprinting, finger vein recognition and facial biometrics whereas the person identification solutions. Technically, the most safe and reliable combination would be biometric identification, which is hard and almost impossible to imitate falsification, as long as it is the cutting-edge authentication technology.
Access controls usually apply after authentication has been established.
—Discretionary access control (DAC) is based on the idea that the owner of data should determine who has access to it. DAC allows data to be freely copied from object to object, so even if access to the original data is denied, access to a copy can be obtained.
—Lattice-based access controls, also known as mandatory access controls (MAC), confine the transfer of information to one direction in a lattice of security labels (for example, low to high but not high to low). MAC emerged from confidentiality requirements of the military but has broad applications for integrity and separation objectives.
—Role-based access control (RBAC) requires that access rights be assigned to roles rather than to individual users (as in DAC). Users obtain these rights by virtue of being assigned membership in appropriate roles. This simple idea greatly eases the administration of authorizations.
Audit has two components: the collection and organization of audit data and an analysis of the data to discover or diagnose security violations. Audit data needs protection from modification by an intruder. Vast amounts of audit data can be recorded. Audit data tends to be captured at a low level of abstraction. Analysis of audit data is often performed only when violations are suspected. Even so, only audit data connected with the suspected violation are examined. Intrusion detection systems seek to help carry out audit controls. Passive intrusion detection systems analyze the audit data, usually offline, and bring possible intrusions or violations to the attention of the auditor. Active systems analyze audit data in real time and may take immediate protective response, such as killing the suspected process and disabling the account. The problem is what to look for in audit data and how to determine automatically whether a violation has occurred or is being perpetrated. The following approaches have been tried: anomaly detection, which is based on the assumption that the exploitation of the vulnerabilities of the system involves abnormal use of the system, and misuse detection, which is based on rules specifying events, sequences of events, or observable properties of the system, symptomatic of violations. Finally, we note that audit analysis is an empirical discipline.