Banking Technology Risk Management 5 by sutedjo100

VIEWS: 2 PAGES: 26

									           Authentication of electronic dealings
 One of the most important issues in granting legal
  recognition to electronic record or facilitating electronic
  transactions the issue of authentication of electronic
  record and transactions.
Authentication: whatis.com [searchSecurity, 2003a]
 Defined as the process of determining whether someone
  or something is in fact, who or what it is declared to be.
 In private and public computer networks (including the
  Internet), it is commonly done through the use of logon
  passwords
 Authenticating is:
 Making sure “I am who I say I am”
 Authentication factors are conditions, properties or
  parameters that can be independently tested to confirm a
  claim
 According to [Zwicky E, et al, 2000]:
 Authentication is:
 Something you have
 �� Card
 �� Token
 �� ID
 Something you know
 �� Account number
 �� Password
 �� Answers
 �� PIN
 �� SSN
 Something you are:
 �� Voiceprint
 �� Fingerprint
 �� Scans (iris, retina, face).




                              1
 Authenticating oral agreements:
 At first parties used to conduct oral agreements, and the
  authenticity of such agreements was the between parties
  involved.
 The authentication process was through involved parties
  when the met in course of their agreement and each one
  recognize the other
 The main difficulties of this method were:
 Each party has no chance to transfer his interest to other
  party
 No way for independent party to verify what the parties
  had agreed to except rely on the word of the parties
  themselves.
 This mean in case of dispute between parties, oral
  agreements has it obvious limitations.
 Authenticating Written Agreements:
 The relatively permanent nature of written word allowed
  independent third party to examine the agreement and
  make a judgement in respect to what is embodied.
 This progress drags attention to two main issues.
 First the authentication of parties of agreement,
 Second authentication of the content of the agreement.
 1-Regarding parties authentication:
 This is done through signatures, there are three
  important types of situation under which a handwritten
  signature may take place:
 The first type:
 Is a situation where a specimen signature is carried by a
  person on an authenticated document, it is then verified
  by making the person signing in the presence of a verifier
  who is going to compare it with the specimen.
 Examples of this type are signing credit or debit card
  charge slip, countersigning a traveller cheque and singing
  and immigration form that gas to be presented along with
  a passport.

                             2
 Verifications of this type are carried out by persons with
  minimal training in signature verification, and rely upon
  authenticity of the specimen signature.
 No special security measure is used here other than
  ability of human to decide if the two signatures belong to
  the same person.
 The second type:
 Is the situation when the signed document is presented
  and the signer is not present i.e. cheque, and here the
  bank make sure if the supposed signer affix his signature
  or not by comparing with specimen signature.
 This type of verification requires more skill and training
  since the singer has not affix his signature in presence of
  the verifier, and there is situation where there is so slight
  difference between signatures that could hardly be
  detected. (legal)
 The third type:
 Is the situation where the supposed singer denies having
  a affix his signature which is called repudiation.
 To avoid or eliminate this situation the principal singer is
  asked to sign in presence of a witness who is asked to
  add his signature too.
 Later if the principal singer repudiates his signature
  (dispute) a service of handwritten experts may be
  required.
 2-Regarding integrity of the singed document
 This problem is different than signatures authenticity and
  should be dealt with independently.
 There are three major in preparation of an authenticated
  document:
 The First is the production of the paper itself.
 The Second is the printing of standard parts.
 The Third is completion where various parties will print or
  write cretin things and finally sign


                               3
 Consider the example of a cheque, the paper is produced,
  the cheque format is printed and finally someone fills out
  the payee name, amount and other particular and then
  signs. (in currency notes, stage 3 is absent).
 Firstly the production of the paper:
 Here certain measurements should be taken to make it
  hard to others to duplicate.
 Some of these are:
 A-the paper may has certain chemical composition and
  physical properties that can be verified in laboratories.
 B-Inclusion of a watermark which an image created in the
  paper itself. The verification in this case can be done by
  ordinary people without any special equipment.
 Secondly printing standard parts of a paper:
 To prevent an unauthorized duplication some measures
  exist such as:
 A-Use of complex and intricate patterns
 B-Deliberate introduction of small errors at various places
  in the pattern.
 C-Special printing effects like the use of holographic
  logos.
 D-Coating that will produce a colour if an attempt is made
  for alteration, or ink that will run on contact with wide
  Varity of solvents.
 In order to duplicate such printing access to sophisticated
  printing technology is required,
 However, with developments in computer technology
  duplication of simpler documents became within reach of
  individuals, but complexity one (currency) still requires
  additional efforts.
 Thirdly: document completion:
 In this stage something is written or printed onto a
  document, before it is finally signed.
 Although the document may have been specially printed
  on special paper, completion usually done using very

                              4
    commonly used technology, like ordinary pens or
    computer printers.
   Insertion in empty spaces, the deletion of information and
    replacing it with other information are expected risks.
   Measures in these cases may be:
   A-Make sure that empty space is struck off
   B-using of writing or printing techniques that are hard to
    erase or alter without being evident.
   C-In general document should be formatted in such a way
    that insertions are spotted easily.
   laser printer technology is involve melting of a fine plastic
    powder which is then fused to the paper, if the
    temperature is not correct, it is relatively easy to remove
    printing with sharp knife or by freezing techniques, then
    replace the blank space by something else.
   Authenticating Electronic Dealings:
   Electronic Signatures:
   It can be defined as: data in electronic form, which can
    be used to identify the signature holder with respect to
    the electronic record to which it is related, and serve to
    signify approval of that electronic record.
   Types of electronic signatures:
   1-PIN and Password system:
   It one of the earliest methodologies for individual signing
    each use unique PIN or password.
   This PIN or PW must be kept confidential and presented
    when access is required to a service.
   This type is not suitable for document authentication
    because if it is affixed to a document it becomes known to
    everybody and there will be no guarantee that it was affix
    by authorized person.
   It is suitable as an electronic signature only in the
    circumstances where it is to be communicated to a trusted
    verifier who will keep it confidential and grant access to


                                5
    some service carry out some transaction based upon this
    verification.
   The typical use is then is authentication of human to a
    machine, examples are the use of PIN to access an ATM
    and the use of password to access a computer system.
   Some times it is used by human verifier the use of credit
    card number given over the phone, this method requires
    that the verifier be trusted and the communication take
    place over a secure channel. (other examples).
   The disadvantages of PIN and PW systems:
   Passwords Are Broken
   “Passwords are the weakest of weakest links” – Bill Gates
    at RSA2007
   • They can be guessed or “cracked”
   – 3.8% of MySpace users’ passwords are single dictionary
    word
   –8% are single dictionary word+ the number“1”
   –23% could be cracked in 30 minutes
   • They are written down by users
   • People use the same one everywhere
   • They are never changed
   • They can be phished
   • People will give them up for a bar of chocolate!
   • Users are the weakest link
   –They are responsible for most (PW) problems
   –You cannot expect them to follow instructions
   –If it is possible for them to get it wrong, some definitely
    will
   –If they don’t like it, they will find a way round it
   •Most authentication technology developed for enterprise,
    users were not a primary consideration
   To accesses or use the system it doesn’t matter who uses
    the PIN or PW it is only should be correct.



                                6
 2-Handwritten signature Image:
 In this case holder handwritten signature is converted into
  an image and is actually affixed to the document in
  question.
 The process of taking the image from a protected
  database and putting it onto the document is activated by
  a password.
 This system create document that will be verified by other
  humans and can not be considered to have very good
  security.
 The easy by which electronic data can be copied makes
  this method as good as making a rubber stamp and using
  it as a signature.
 3-Crypotographic Checksums:
 This type requires the use of a symmetric key crypto
  system, where communicating parties must agree on a
  key.
 A value called checksum is computed from the document,
  this could be for example the number of vowels in the
  document.
 This value is then encrypted using the key which known
  only to receiver in addition to sender. Then the encrypted
  document and checksum will be send to the receiver.
 The receiver will restore the document using the key and
  calculate a checksum for it using the same format of the
  sender.
 Then the receiver will decrypt the checksum he received
  from the sender and compare it with one which computed
  by him from the original document.
 If the two (values) are identical the receiver will assume
  that the document is authentic.
 However, since two parties could have computed the
  signature, therefore it is difficult to resolve a dispute
  between them involving a valid signature, as either of
  them could have affixed it.

                              7
 4-Biometric Technology:
 It is a way of authentication in which a measurable
  biological characteristic is captured and stored.
 The process of signing consists of presenting a sample
  which is then compared with stored specimen.
 When the captured sample is compared against a single
  reference template for a specific individual, the process is
  called verification.
 Where the captured sample is matched against a number
  of reference templates I a database in order to find an
  appropriate match, the process is called identification.
 Bio technology can be broadly categorized as
  physiological or behavioral, at the current stage of
  technological development the physiological technologies
  are more reliable than behavioral ones
 Behavioural
 Signature dynamics
 Key strokes dynamics




                              8

   Physiological:
   Finger print recognition
   Finger geometry recognition
   Hand geometry recognition
   Irish recognition
   Retinal pattern recognition.
   Face recognition by facial geometry
   Face recognition by facial thermo grams
   Palm pattern recognition.
   Voice recognition.
   Vein pattern recognition
   Body odour recognition
   DNA analysis.




                              9
 The best situation for use of biometric is where a live
  sample is captured and authentication takes place
  against this captured sample.
 The identity card can contain stored sample and individual
  holding such a card can prove his identity by offering live
  sample captured through (finger scanner) matched with
  the sample stored on the card. This type of use has a very
  high reliability.
 However a sample that has been attached to a document,
  say an electronic cheque, and sent by email is vulnerable
  since it could be captured and reuse.
 So when there is situation that requires comparison
  between two stored samples, the process is vulnerable


                             10
  and need additional security for example ensuring that the
  biometric samples are encrypted and only matched by
  trusted method.
Errors in Biometric Systems:
 The first type of error is called the False Acceptance Error
  (FAE), in this case an imposter is accepted. Probability of
  this error called False Acceptance Rate (FAR).
 The second type of error is called the False Rejection
  Error (FRE), in this case a legitimate user is rejected.
  Probability of this error called False Rejection Rate (FRR).
 Most of the devices can be configured in a way that false
  rejection can be traded-off against false acceptance.
 This mean s that reducing one type of error will increase
  the other type of error and vice versa.
 On account of the inherent tradeoff between false
  acceptance and false rejection, neither the FAR nor the
  FRR is a good measure of the reliability of a biometric
  technology on its own
 A better method is to the cross rate, this is the point at
  which the FAR is equal to the FRR
 The lowest crossover rates are reported for retinal and iris
  scan devices in the range of (1 in 100,000) next finger
  scan devices(1 in 1000), the least accurate are signature
  dynamics and voice recognition(1in 50).
 Biometric technology are not always operated at their
  cross points, there may be a situation where a biometric is
  being operated in such a way that the FAR is very low, but
  FRR may be very high
 In applications where a privilege is being grunted by the
  use of biometric device, it is desirable to operate at a very
  low FAR.
 For example, as far as a customer is concerned, if a bank
  is offering ATM access via biometric device then the
  possibility of false acceptance should be very low.


                              11
 Here it is undesirable to have an imposter accepted; if
  some legitimate user is rejected he can approach a bank
  employee for assistance.
 On the other hand if a right is being granted through the
  use of a biometric device, then false rejection should be
  minimized.
 Thus if a biometric device is used to decide whether a
  person can vote or not then it is undesirable to have high
  false rejection.
 Types of Biometric Authentication:
 A-Finger print I identification:
 Finger print comparison is a very old technique(1800),it
  contain individual unique characteristic called minutiae,
  study of U.S Federal Bureau of Investigation (FBI) show
  that no two individuals have more than 8 minutiae in
  common. Courts have allowed testimony based on 12
  matching minutiae.
 A U.S study (1970) concludes that fingerprint recognition
  had the greatest potential to produce the highest accuracy
  level for identification purpose. In the light of current
  knowledge this perhaps not true any longer.
 This technology is quite mature and reliable now, a typical
  system today capture about 40 minutiae. Device suitable
  for verification are less cost (700 to 600$) than those for
  identification.




                             12
13
 B- Iris recognition:
 This technology based on comparing a stored template of
  the iris (coloured part of the eye) with a freshly taken
  video picture of the iris.
 Irides (plural of iris) are extremely featuring rich and
  contain about 250 Minutiae each; a typical system will
  take about 80 minutiae.
 The technology works by making the user look at a video
  camera from about 18 inches, which will take a short
  video clip of the iris and match it with stored template.
 The video camera functions with normal light and no laser
  is required. Devices price (1000 to 4000 $)
 Apart from being more feature rich than a finger print and
  consequently more accurate, it can not be as easy
  captured as fingerprint.
 While it is easy to take impression of the finger of a
  person, sometimes even without that person knowledge, it

                             14
    is not easy to take a video clip of person's iris at a close
    range without that person's knowledge. This gives the iris
    scan added security.
   Iris technology is accurate enough to be used in
    identification mode although it can be used in verification
    mode if required.
   C-Face (Facial) recognition:
   Although this type is the most natural one, automatic
    system are not yet mature enough to produce the type of
    accuracy needed for a practical system.
   Faces are Different than passwords
   •The brain uses a dedicated process to “learn” and
    remember faces.
   •The brain recognizes, not recalls, faces.
   •This most powerful form of memory is unique to human
    faces and does not apply to other images.
   •Face recognition is a universal skill– independent of age,
    language or education.
   There are two types of Facial systems:
   First type based on facial geometry, it work by measuring
    specific facial features like the distance between the
    inside corners of eyes, or distance between the outside
    corners of eyes and other such parameters.




                               15
 The second type called face recognition by facial thermo
  gram, it works by recognizing the temperature patterns of
  an individual face.
 D-Hand Geometry systems:
 This type works by measuring parameters like length of
  fingers, width of fingers etc.
 Hand geometry does not produce a large data set.
  Therefore it is best to with small populations.
 E-Retinal Scan Technology:
 It is based upon recognising the pattern of blood vessel on
  the retina. This a very accurate method but suffers from
  some important drawbacks such as:
 I. The method is personally invasive, as it involves shining
  laser onto the retina through the pupil.
 II. A retinal scan reveals a great deal about the state of
  health of an individual.
 III. The retinal scan is susceptible to change due to
  disease such as cataract.
 Iris recognition technology does not suffer from these
  drawbacks
 F- Signature Dynamic:
 It is a technique that is based on the dynamic of making
  signature rather than a direct compression of a written
  signature with a stored one.
 Factors measured are a acceleration rate, directions,
  pressure, stroke length etc.
 The problem with this system are that current technology
  cannot accurately measure the parameters that constitute
  the dynamic of signature,
 Also a person does not always make a signature in fixed
  manner, so allowance has to be made for a range of
  possibilities.
 F-voice recognition:
 This method consists of comparing sample of individual
  voice with stored temples to find a match.

                              16
 The live voice captured and then compared with recorded
  ones.
 A drawback of this system individual live voice may
  affected by diseases




   Advantages of Biometric System:
   Higher Security – than passwords
   2. Usability – no complex pass codes or procedures
   3. Non-Intrusive – users are adverse to change and
    reluctant to do more
   4. Visibility–users want to see that companies are
    increasing security
   5. Mobility–users log on using different PCs in different
    locations
   6. Consistency–of user experience
   7. Reliability – no false rejection, no system errors, no
    user errors



                              17
 8. Bidirectional – verify the User to the Site AND the Site
  to the User
 9. Flexibility – for varying risk levels and customer choice
 10.Easy Integration – with current systems and
  procedures
 11.Low Cost – Procurement, deployment and ongoing
  maintenance

 5-Digital Signature:
 It a type of electronic signature that have some very
  desirable properties. (legally)
 It is normally based on asymmetric crypto systems, when
  the recipient receive digitally signed message, it possible
  for him to directly verify the digital signature using the
  senders public key.
 This is unlike the digital signature in the case of symmetric
  encryption, where it should involve trusted third party to
  verify signatures.

  Digital Signature based upon Asymmetric Crypto System

  A                                                  B
            Messa                         Messa
              ge                            ge
            Signed                        Signed
             by A                          by A

  Digital Signature based upon Symmetric Crypto System
                                                            Verifier
       Messa            Messa                      Messa
         ge               ge                         ge
       Signed           Signed                     Signed
        by A             by A                       by A
 A                                    B




                                 18
 This system depends on what is known as hash function
  which is a procedure by which value is calculated on the
  electronic record to which it is applied.
 For example the number of times the letter (a) appears in
  a document.
 In the figure below value of the hash function is (5)

                   A sample Document

           This is an example to illustrate
           the concept of a hash function

 A hash function must be easy to compute and must be
  publicly known.
 If a document is sent along with its hash function, then if
  the document is modified, the hash value sent may not
  tally with the hash value calculated from the modified
  document, and this is how digital signature implemented.
 In asymmetric crypto systems there is a type RSA where
  anything that is encrypted with a public key of an
  individual can only be decrypted by that individual's
  private key
 Also any thing that is encrypted using the private key of an
  individual can only be decrypted with the public key
  corresponding to that individual.
 To affix a digital signature to an electronic record we must
  first compute the hash value for that record, then the hash
  value should be encrypted with the private key of the
  signer. The encrypted hash function is called the
  signature.




                              19
 In order to verify a signature that is claimed to have been
  affixed by some person, the signature can be decrypted
  using the public key corresponding to that person.
 If the signature really belongs to that person, then the
  signature will get decrypted to yield the hash value of the
  signed record.
 This decrypted hash value can be compared with the hash
  value computed directly from the record.
 If these values match the record must have been singed
  by the claimed singer, and the record could not have been
  altered since the record was signed.
 If the two values are not equal, then either the record was
  not signed by the claimed signer, or the record has been
  altered since it was signed or both.

                Signing an Electronic Record
   Electroni
      c                    Hash                Hash
    Record                Function             Value




    Signed
    Record                                     Encryption

   Electronic
    Record

                          Private key
                            of Signer
                                                 signature
  signature




                              20
           Verifying a Signed Electronic Record
  Signed Record
    Electronic
     Record             Hash                    Computed
                       Function                   Hash
                                                  Value
                      Public key
                       of Signer
     signature
                                                           =?



     Decryption
                                    Decrypted
                                      Hash
                                      Value



 Hash Functions:
 As explained earlier a hash function is a procedure by
  which any record can be converted into a fixed size value.
 In order to be useful a hash function must depend upon all
  the information in the record.
 In this case changing even the smallest unit of information
  in the record should produce a change in the computed
  hash value.
 Consider a hash value as the number of times that the
  letter (a) appears in a document which is not good hash
  function.
 If we have the two following messages:
 “you are not authorized to proceed on leave” And
 “you are authorized to proceed on leave”
 If we use the simple hash function and count the number
  of times that the letter (a) occurs in these messages then
  we will find that the hash value of both messages is 3



                               21
 If a person digitally signed the first of these messages
  based on the simple hash function, then this signature
  would be verified as valid even with the second message,
  and this will result in a problem.
 There are numbers of function available which have the
  properties that are desirable for a hash function; some of
  these are MD5, SHA, and RipeMD 160.
 The U.S National Institute for Standards and Technology
  (NIST) has developed a standard for digital signature
  called Digital Signature Standard (DSS), which specifies
  that SHA is to be used as the hash function.
 SHA takes an electronic document of any size and
  produces a hash value that is 160 bits long, this size can
  be represented by a decimal number having about 50
  digits.
 The RipeMD 160 has functions produces a value that is
  160 bits long and MD5 produces a value that is 128 bits
  long.
 The design of hash function in these cases is such that
  the probability of two records having the same hash value
  is extremely small, SHA and RipeMD 160 are considered
  secure where as some concerns have been expressed
  about the security of MD5
 Digital signature Based on RSA:
 RSA crypto system has a very desirable property, since in
  addition to that public key can be used for encryption, the
  private key can also be used for encryption.
 So anything that encrypted using the private key, can only
  be decrypted using the corresponding public key. This
  enable applying digital signature using RSA directly
 Hash value could be encrypted using the signer's private
  key, and constitutes the singer's signature, any person
  can decrypt this using the singer's public key to verify the
  signature.


                              22
 Digital signature Based on ElGamal
 AlGamal crypto system allows encryption to be done only
  using public key not private key.
 Therefore digital signature in this case can not be used
  directly, therefore special method different from encryption
  is used.
 The hash value computed using any hash function, using
  this hash value another value is computed using the
  private key, this value is the signature and is send along
  with signed information.
 The method is designed so that it is possible for the
  verifier to do another calculation on the information, using
  the same hash function and the public key.
 As mentioned NIST issued DSS, this system revised and
  a new digital signature technique proposed which is called
  Digital Signature Algorithm (DSA).This is a variation of
  ElGamal digital signature method.
 the DSS specifies that the hash function to be used is
  SHA, and DSA can only be used for digital signature and
  not for encryption.
 This mean when using RSA crypto system the SHA
  function used with public key of the recipient to encrypt
  the information, and it is used with the private key of the
  sender (signer) to produce signature.
 While in the case of ElGamal crypto system the SHA used
  with public key of the recipient for encryption of the
  information, but for producing signature DSA is used with
  private key of the sender (singer).
 Security of Digital Signature:
 There are two main aspects in this regard
 The first the private key of the singer must not be
  computed deduced or disclosed during using digital
  signature algorithm or in the process of affixing or
  verifying digital signature.


                              23
 The second the hash function that is used should not yield
  the same value for two different records.
 Regarding private as mentioned before choosing a key of
  appropriate size is important factor, sine key in this case
  can not be recovered from signature or public key
 However apart from the situation where someone
  intentionally reveals his private key to another, there are
  two practical ways when a private key of someone may
  become known to another person.
 The first situation the private key is stored in such a
  manner that someone else may get it.
 The second situation when two or more individuals have
  identical private keys
 Regarding first situation security demand that key sizes in
  the range of 512 to 1024 bits be used (in decimal this
  150–300 digit long)
 Remembering such large numbers is impossible.
 It also impractical to enter this key using keyboard or
  keypad, every time a digital signature is to be affixed.
 The only practical way is to have a method where the key
  is stored in such a form that can be read automatically by
  the signing process.
 The question of where to store a private key is important,
  for example the local hard disk of a computer seem risky
  since computer is usually used by more than one person
  which mean the possibility of someone copy and use the
  private key of another.
 This mean even if the private key is stored on the hard
  disk it should be encrypted with sufficient strong one. This
  is another long key whose only purpose is to protect the
  private key.
 A practical solution is to use a symmetric crypto system
  and use an easy to remember sentence. symmetric
  encryption is suitable in this case since the owner of the


                              24
    private key is the only one who will decrypt or encrypt the
    private key
   If a key of length 128 bits is secure in symmetric
    encryption then choosing a sentence of about 26 letters
    as a passphrase will be sufficient.
   The passphrase should be a sentence not a word it
    should be long enough but easy to remember, since it
    would be kept only in user mind, it is different than
    password.
   Another problem with stoning private on a local hard disk,
    the signing process must take place on that particular
    computer.
   If the encrypted private key became available over a
    network each user must use the right size passphrase.
   Another drawback is, the passphrase is subject to
    interception while it is being keyed in.
   A practical solution may be is to store the encrypted
    private key on a removable storage device.
   This ensures that the encrypted private key is available
    only to the owner and that he is not tied to a particular
    computer.
   There are two options for removable storage, first using
    floppy disk which is not reliable enough, and there may be
    need to copy the key to a new floppy periodically to
    ensure it does not got corrupted, in addition to the risk of
    picking up a transmitting viruses if a number of different
    machines are used for signing.
   The second option is smartcards which more reliable and
    less risky in virus transmission and it could be consider as
    the best if a processor card is used to compute the
    signature on the card itself.
   The problem is that smartcard readers are not standard
    equipment on PCs yet, also there are many problems with
    smart card that may be out of reach of individuals


                               25
    .however these problems may not be too much of an
    issue smart card used in closed systems.
   Regarding the issue of uniqueness of the private key, the
    probability of two person have the same key is absolutely
    negligible( even in length 512 bit which is about 150
    decimal digit)
   This happen if keys were picked truly randomly, and a
    poor random number generator is used.
   If a poor random number has been used to generate
    private keys, then an attacker with knowledge of the
    random number generator might use it to repeatedly
    generate a number of public key – private key pairs
   The attacker could then check each public key so
    generated to check if anyone else has the same public
    key. If this is true the private keys corresponding to these
    public keys must also be the same
   There fore the random number generator being used must
    be implemented in such a way so as to insure that random
    number generated is not predictable.
   This brings up the important question of weather each
    user should be allowed to a key pairs, or should
    centralized agency do that.




                               26

								
To top