Security Trends of File Protection Technology in Israel

2008 情財第 0155 号
イスラエルにおけるセキュリティ関連動向調査報告書
Survey on Information Security Situation in Israel
Security Trends of File Protection Technology in Israel
2009 年 3 ⽉
GlobalConn LTD
Security Trends of
o File Protection
Technology in Israel
0
Table of Contents
Pages
Introduction
Overview
4-5
6-7
The Technology Used in Industry and Business
In Israel for File Protection
1.1
The challenges and threats of security
that the Israeli industry faces
8-9
Chapter 2:
The Trends and Solutions – Defending technologies
2.1
Strong Authentication
2.2
Authentication Protections
2.3
Directory Integration
2.4
Failed Login Detection
2.5
Password Policy Assessment
2.6
Mirroring Techniques
2.7
On-line/Off-line Protection
2.8
Intrusion Prevention
2.9
Endpoint Security
2.10 Virtualized Security Platform Technology
2.11 Reports management
10-14
10
10
10-11
11
11-12
12
12
13
13
14
14
Chapter 3:
Countermeasures – Protection Tools
3.1 Recovery and Anti Deletion
3.1.1 NetZ
3.1.2 SecureOL
3.1.3 DataMills
3.1.4 Repliweb
3.1.5 Covertix
3.1.6 XOsoft
3.1.7 Hexalock
3.2 Protective Security
3.2.1 Finjan
3.2.2 ControlGuard
3.2.3 Sentrigo
3.2.4 Hackstrick
3.2.5 Bsafe Information Systems
3.2.6 Gita Technologies
3.3 Anti Piracy
3.3.1 CheckPoint Software
3.3.2 San Disk (M-Systems)
15-25
Chapter 1:
8-9
15
15
16
16
16-17
17
18
18
18-19
19
19-20
20
20
20-21
21-22
1
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
Aladdin
Cyber Ark
Algoritmic Research
Applicure
Imperva Israel
Innovia R&D Ltd
22-23
23
23-24
24
24-25
25-26
Chapter 4: File Protection survey at Business Sectors
4.1
Questionnaire
4.2
Answers
27-30
27-28
28-30
Chapter 5: File Protection at the Israeli Government
5.1
Tehila
5.2
On-line Payments Service (Shoham)
5.3
Israel Cert Computer Emergency Response Team
5.4
The Proceeding Authority
5.5
The Ministry in Charge
5.6
Yael-Government Intra-net System
31-45
35-38
38-39
40-43
44
45
45-46
Chapter 6: The Law in Israel
6.1
New Amendment
6.2
The Right of the Patient’s Law
47-52
50-51
51-52
Chapter 7: The Standardization of File Protection
53-54
Chapter 8: Protecting Files at Storage & Transit
8.1
Techniques and Different Systems
8.1.1 Authentication and Authorization
8.1.2 Confidentiality and Integrity
8.1.3 Availability
8.1.4 Auditing and intrusion detection
8.2
USB –Disk on Key Portable Storage Devices
8.3
Hard Copy and Electronic File Protection
at Storage
8.4
File Protection in Cellular Phone and PDA’s
55-67
Chapter 9: File protection – Bluetooth
9.1 Cryptanalysis of the Bluetooth E0 Cipher Using OBDD’s
68-71
70-71
Chapter 10: Cases of File Protection in the Newspapers
72-74
Chapter 11: Researches by Universities and Institute
11.1 Real-Time Implementation for Digital Watermarking
in Audio Signals Using Perceptual Masking
11.2 Condor Local File System Sandbox High Level
Design Document.
11.3 Un-Trusted Storage
75-87
55-56
56
57
57-58
58-64
64-65
65-67
75-76
77-78
79-83
2
11.4
11.5
Terror on the Internet
Struggle with Information Warfare and
Possible Damage to Civil Rights
Chapter 12: Bibliography
84-85
86-87
88-90
3
Introduction
The development of telecommunication technology enabled remote surveillance,
inspection and detecting information to be done from a distance, which brought with it
business development on one hand but on the other hand privacy offenses.
New technology extend the use of the PC at home and at the industry which contains
private information, also the attitude of the democratic countries who provide direct
contact with the citizen and allow accessibility of information by the public can also
cause information offenses.
Over the years the need for more sophisticated and advanced technology has arisen.
The need to protect files brought with it new systems and technologies and legal
measures. These were created to protect privacy, to normative standards and adopt
laws to impose severe punishment to detect behavior which violates the law of
democratic countries.
An enterprise’s most valuable asset is its file system and database which is perhaps the
most sensitive segment of an IT company. Many organizations are learning that
database assets are vulnerable to both external attackers via Web applications and
internal employees who take advantage of more direct privileges. Customer records,
financial reports, patient data and other information are all at risk. In addition,
compliance with regulatory requirements forces organizations to perform database
security assessments.
Huge efforts have been carried out by security companies and different research
personnel to overcome these kinds of intrusions. Great investment has been dedicated
to stop and overcome the evil force. In fact, it is an endless war against the criminals
who are trying to permanently obtain information or damage files just for the sake of
damage. On the other side, the industry is constantly developing newer and more
advanced technologies to overcome any breach of security.
4
All these continuous efforts are needed because file security, like in any other software
security, has basic problems which include bugs and weaknesses that hackers exploit.
More sophisticated technology and new laws are needed to answer the vulnerability of
file protection which if breached, can harm the private person in many ways, at his
office or at home. Harm to a private person can occur if their private file, which exists in
a public office such as a hospital, or insurance company or in a semi governmental
organization or government office such as a water company, electricity company, gas
company, or government office is breached.
5
Overview
File protection and security has been addressed in past years by substantial research
and development of different technologies by security software companies. This field
will keep developing as the need for file protection grows.
In our report, we will present research from universities and technologies from industry.
In fact, we found that industry in Israel keeps researching and developing new products
and bringing new ideas to the file protection field.
The file protection issue is divided into two segments which need to be protected.
Separate systems and technologies are needed for each segment;
1- An attack of the file from an external source, such as hackers or different
malicious virus attacks and other technologies which are developed to ruin
a file. The external attack against Israel is relatively higher than other
countries due to the situation that Israel is in permanent conflict with
terror organizations and has been attacked by cyber terror attacks which
use the most sophisticated equipment to attempt to affect the security of
Israel.
2- An inside intrusion, which can be done on purpose or by negligence.
In our report, we will present the technology of some Israeli companies which are in the
file protection field. The work will include some laws which were adopted to deal with
file protection in Israel and describe some attacks which were aimed at damaging files in
Israeli sites. The following subjects will be addressed in this work:
The various file protection system used in Israeli businesses due to different security
needs. Including examples of medical, banking and insurance files protection
systems. It will also include file recovery, anti-deletion, messaging and on-line/offline protection of government agencies and the private sector as well as that of
more secured sections in Israel.
6
File protection technologies used in the industry and businesses in Israel.
Projects and policies that Israeli government agencies are promoting or using.
The Israeli standards that have been set for file protection.
File Protection research from Israeli universities.
Description of attacks that were published in Israeli newspapers.
7
1. The Technology Used in Industry and Business in
Israel for File Protection
1.1
The challenges and threats of security that Israeli industry faces:
There are always possible threats to an organization’s files that can come either from
outside the organization, such as from hackers and criminals who are trying to corrupt
files, and damage them. The motives can also be espionage reasons or threats from
inside an organization where an employee has personal motives to attack, damage or
corrupt the organization’s files or where the employee wants to steal information or to
make changes to the files or database for various reasons. There are also damages
caused to files and database due to negligence or caused without bad intention.
Following are some examples of reasons for file intrusion:
a. Weak Authentication
Weak authentication schemes allow attackers to assume the identity of
legitimate database users by stealing or obtaining login credentials. An
attacker may employ any number of strategies to obtain credentials.
b. Automated recording vulnerability
Automated recording of all sensitive and/or unusual database
transactions should be part of the foundation underlying any database
deployment. Weak database audit policy represents a serious
organizational risk on many levels.
c. Backup Data Exposure
Backup file storage media is often completely unprotected from attack.
As a result, several high profile security breaches have involved theft of
file backup tapes and hard disks.
d. Database Platform Vulnerabilities
8
Vulnerabilities in underlying operating systems and additional services
installed on a database server may lead to unauthorized access, file
corruption, or Denial of Service. The Blaster Worm, for example, took
advantage of an operating system vulnerability to create denial of service
conditions.
e. Legitimate Privilege Abuse
Intrusion from inside the organization can happen when a person has
access privileges that exceed the requirements of his job function. These
privileges may be abused for malicious purposes.
f. Privilege Elevation
Attackers may take advantage of database platform software
vulnerabilities to convert access privileges from those of an ordinary user
to those of an administrator. Vulnerabilities may be found in stored
procedures, built-in functions, protocol implementations, and even SQL
statements.
g. Denial of Service
Denial of Service (DoS) is a general attack category in which access to
network and file applications is denied to intended users. DoS conditions
may be created via many techniques. For example, DoS may be achieved
by taking advantage of a database platform vulnerability to crash a server.
Other common DoS techniques include file corruption, network flooding,
and server resource overload (memory, CPU, etc.). Resource overload is
particularly common in database environments.
The motivations behind DoS are similarly diverse. DoS attacks are often
linked to extortion scams in which a remote attacker will repeatedly
crash servers until the victim deposits funds to an international bank
account.
Alternatively, DoS may be traced to a worm infection. Whatever the
source, DoS represents a serious threat for many organizations.
9
2.
The Trends and
Technologies:
Solutions
-
Defending
Each of the above threats is addressed and has a solution to it. Following are some of
the Israeli industries’ solutions and up-dated technologies:
2.1
Strong Authentication
The strongest practical authentication technologies and policies are implemented. Twofactor authentication (tokens, certificates, biometrics, etc.) are preferable whenever
possible. Unfortunately, cost and ease of use issues often make two-factor
authentication impractical. In such cases, strong username/password policy (minimum
length, character diversity, obscurity, etc.) should be enforced. Possibly, often changing
the username and password.
2.2
Authentication Protections
Unfortunately, despite best efforts at strong authentication, breakdowns occasionally
occur. Password policies are ignored; a lucky attacker may successfully use brute force
to break even a reasonably strong password; a legacy authentication scheme may be
required for practical reasons. To deal with these situations, companies developed
different solutions for Login Detection, and Authentication Assessment which provide
broadly applicable authentication protection.
2.3
Directory Integration
For scalability and ease of use, strong authentication mechanisms should be integrated
with enterprise directory infrastructure. Among other possibilities, a directory
infrastructure can enable a user to use a single set of login credentials for multiple
databases and applications. This makes two-factor authentication systems more cost
10
effective and/or makes it much easier for users to memorize regularly changed
passwords.
Different technologies in the Israeli market track a range of user attributes that detect
compromised login credentials. These attributes include user IP addresses, hostnames,
and operating system username and client application. For example, if an attacker
manages to gain login credentials by posing as an IT administrator, it would trigger
multiple alerts when trying to use stolen credentials. The attacker’s hostname,
operating system username, and possibly even the IP address would not match the
profile of the real owner of the compromised login credentials. To further illustrate,
assuming an attacker manages to compromise a user’s database credentials and
operating system credentials and finds a way to use the victim’s actual computer, the
technology is still extremely likely to identify the attack. At least two violations come
into play: unauthorized query and activity which most likely violates the compromised
user’s normal usage profile and the Time of Day – to gain access to the compromised
user’s computer, the attacker is likely to use the machine at night or during other offhours. Since dedicated technologies include a model of normal hours, unusual off-hours
access will trigger a Time of Day violation.
2.4
Failed Login Detection
Optionally enforces a failed database login threshold (count and timeframe) to prevent
brute force attacks.
2.5
Password Policy Assessment
As part of its active assessment capability, evaluates password policy controls that are
enforced by the database. For example, the technology should be able to determine
whether or not password length, character diversity, and reset intervals are enforced by
the database server.
11
Recovery - File Recovery allows recovery of critical and important documents, or other
files, which have been lost by accidental deletion. These files may be lost by emptying
the Recycle Bin or using other deletion actions that bypass the Recycle Bin altogether.
Such actions include Shift-Delete, command line deletion, deleting excessively large files
or using applications that delete files without the Recycle Bin. When a file is deleted
from the Recycle Bin, the content of the file still remains on the drive, relatively intact,
until the section of the drive it occupies is overwritten by another file.
2.6
Mirroring Techniques
Mirroring Techniques is the creation of a remote copy of some files or complete
hypermedia document. This technique is used for information that is very popular or
served via low-speed connections. It can help in decreasing the network traffic over the
Internet backbone. A mature algorithm for mirroring and a standardized portable
hypermedia format can ease the distribution of hypermedia documents through the
World Wide Web (WWW). The mirroring algorithm can create a remote copy of a
complex HTML document stored in another WWW server. The algorithm provides the
mirrored file in a portable hypermedia format. The proper use of this environment can
decrease the network load during peak periods and can increase the accessibility of the
selected hypermedia documents.
2.7
On-line/Off-line Protection
There is a rapid increase in sensitive files such as healthcare records, customer records,
and financial files. Protecting such file while in transit as well as while at rest is crucial.
During its life-cycle, the data travels from various users through various networks and
storage systems and ends up in online or offline file archives. Therefore, there exist
numerous potential attack points. The file needs to be stored and protected at every
stage of its life-cycle.
12
2.8
Intrusion Prevention Technology
Intrusion Prevention Technology is a dedicated intrusion detection and prevention
system that helps organizations secure their enterprise network, and protect servers
and critical files against worms, automated malware, and blended threats both known
and unknown. The technology has a hybrid detection engine that leverages multiple
detection and analysis techniques to prevent network—and application-layer attacks.
The attack confidence indexing allows customers to block only known, legitimate attacks
thus ensuring protection without impacting business operations. The technology has
multi-alert correlation which identifies patterns in alert activity that would otherwise be
reported as separate, unrelated events. The technology also has a dynamic worm
mitigation which identifies and blocks rapidly propagating worms.
This technology has advantages in the sense that it has strong security to protect the
network and business against increasingly sophisticated attacks and attack vendors. As
this product has efficient management, it overcomes data overload with tools that
provide direct, graphical focus only on important security events associated with critical
business systems.
2.9
Endpoint Security
Endpoint Security is the first single agent for total endpoint security that combines the
highest-rated firewall, network access control, program control, anti-virus, anti-spyware,
data security, and remote access. It protects PCs and eliminates the need to deploy and
manage multiple agents, the technology includes both file security to prevent data loss
and theft and a VPN client for secure remote communications and Malware protection
(anti-virus/anti-spyware), file security including full disk encryption, port protection, and
media encryption, remote access IPSec VPN, unified endpoint security management.
13
2.10 Virtualized Security Platform Technology for service providers and
large-scale environments.
The technology is a multi-service security operations platform designed for large-scale
environments like data centers and POP networks. The technology enables to manage
up to 250 virtual systems including firewall, VPN, intrusion prevention, and secured
remote access functionality on a single or clustered, highly scalable hardware platform.
This technology enables safe work from far places. It secures the working place and
ensures that files are protected and the connection from two distant computers will not
enable intruders.
2.11 Reports Management
A technology that provides reports which provide managers the possibility to control
their networks in order to manage them efficiently and validate the effectiveness of
their security policies. The technology is able to deliver critical security intelligence to
stakeholders concerned with auditing requirements and maximizing security
investments while log file entries contain a wealth of data. The product security
administrators can access multiple graphical reports on security, network and end user
activity, to help them make informed decisions related to resource allocation, security
optimization and regulatory compliance.
14
3. Countermeasures - Protection Tools
List of companies for file protection:
3.1
Recovery and Anti Deletion:
3.1.1 NetZ
This company develops security software products and services particularly in
disaster prevention and recovery. The company developed an all-generic antivirus package. The methods implemented in their product resemble electronic
warfare, which provides them their military strength and fail-safe nature. Their
product is a software package for Virus Protection, Data Defense, and Disaster
Prevention and Recovery. It is a complete generic solution to protect your data
and applications from both viruses and data loss, without needing constant and
scheduled updating. (www.invircible.com)
3.1.2 SecureOL
This company developed a technology that allows any form of attack, whether a
virus, worm, Trojan horse or malicious code to enter a PC, without causing any
damage. Their concept of “Security by Virtualization” means that each program
is segregated from the other, as if each is running on a separate computer. The
solution is completely transparent to the user (i.e., the user is oblivious to the
product which functions in the “background”), and ensures any assault to be
isolated in its own Virtual Environment. Each environment operates
simultaneously, without interference from the other environments and without
harming the PC. It is as if each program is running on a clean machine and any
damage therefore becomes irrelevant. (www.secureol.com)
15
3.1.3 DataMills
This company develops a backup to disk solution that has a built-in lifecycle
management for incremental backup generations (snapshots). Unlike backup to
tapes, this solution provides an instant restore of any file from a multitude of
backup generations. The technology is an incremental backup solution that can
protect the important files and data from total or partial loss. The product is a
high-end Eternal Incremental backup system bundled together with a backup
generation manager. The backup generation manager can be easily configured to
perform several policies for seamlessly discarding of older backup generations.
This way, it may perform frequent snapshots, and at the same time keep for
longer periods only the files that are needed. Recovering a file or data from a
choice of several backup generations is a single session operation.
(www.datamills.com)
3.1.4 Repliweb
This company is developing file replication and content synchronization solutions.
Their solution enables data replication and file synchronization in a variety of
networking environments. The technology gives a solution for large volume file
replication and data synchronization and enables content deployment in a
variety of networking environments, employing scheduling, recovery and
security processes. This technology does not change the system settings, modify
the kernel, install device drivers, or add accounts with bypass privileges. It runs
on a variety of Windows and UNIX platforms, as well as on NAS devices and is
fully
compatible
with
NET
and
Windows
2003
operating
systems.
(www.repliweb.com)
3.1.5 Covertix
This company developed a technology that enables organizations to track,
monitor and control documents and files within and outside of the organization.
16
The system utilizes a concept which transfers the file protection responsibility to
the file itself. Each file encapsulates a dynamic set of rules which defines the
appropriate protection and thus the file becomes a self-protecting file. The
protection is transparent to the end-user, occurring automatically behind the
scenes. The protection schema can be modified and updated by the system at
any given time. The technology expands Microsoft’s RMS (Rights Management
System). For example, it will enable protection of any file type and will provide
tracking and reporting capabilities of file location and actions performed.
(www.irv.co.il)
3.1.6 XOsoft
This company developed an integrated software solution for WAN-enabled
business platform continuity. The technology enables corporate information
resources to continuously be synchronized and replicated in real time to ensure
the data availability and a fast path to recovery from unexpected failures and
disasters. This solution provides companies with continuous business data flow,
and ensures seamless integrity, reliability and redundancy of business-critical
information resources.
The company’s products are: a technology for file replication and
synchronization of files of any format over the WAN, technology for increased
protection for application servers of any type, including open files and system
settings, a set of dedicated solutions providing specific application servers with
availability assurance and protection against both inadvertent and malicious data
corruption, and an undo capability based data rewind technology which allows
system administrators to instantly roll back damaged data resources to a
previous,
valid
state.
(This
company
was
recently
bought
by
CA)
(www.xosoft.com)
17
3.1.7 Hexalock
This company develops and markets digital copy protection solutions that help
prevent unauthorized copying of digital content when stored on optical or other
digital media. This technology offers publishers digital copy protection, so the
content owners will be able to optimize their propriety technology and improve
their product profitability. With the evolution of the digital-age, as digital
content is rapidly becoming accessible to more and more people around the
world, it also becomes vulnerable to unauthorized use by sophisticated software
crackers and users. Content owners today demand copy-protection tools in order
to protect their products throughout the products’ full product life cycle.
(www.hexalock.com)
3.2
Protective Security
3.2.1 Finjan
This company developed a technology to secure web gateway solutions for the
enterprise market. This technology prevents crime-ware and other malicious
web content from infiltrating corporate networks and stealing business data. The
product, which is real-time security technology, detects malicious content based
on the code’s intended criminal action, without using signatures, URLs or
reputation attributes. This technology combats a wide array of web threats,
including crime-ware, spyware, phishing, Trojans, obfuscated malicious code and
other types of malware. By detecting and stopping web-based attacks before
they enter the corporate network, this solution helps to protect continuous
business
operations
and
secure
vital
files
and
information
assets.
(www.finjan.com)
3.2.2 ControlGuard
This company developed the Endpoint Access Manager, an enterprise-grade
solution for protecting enterprise files and data. By implementing policy-based
18
control of endpoint access to devices and various media interfaces, the company
manages the usage of enterprise files and data and protects it from a wide range
of security threats. The technology will prevent copying or moving files and data
to removable media and portable devices, such as CDs, memory sticks, PDAs,
and smart phones. It shields the network from malicious code copied from
portable devices to the endpoint and secures the network from exposure to the
outside world through PCMCIA wireless modems, IR interfaces or blue tooth
devices. (www.controlguard.com)
3.2.3 Sentrigo
This company is developing a technology to secure PC files and safeguard
databases. The technology is designed to secure enterprise IT infrastructure
against all types of misuse, whether originating outside the organization or
perpetrated by sophisticated insiders. The technology protects files and
databases by monitoring all files and database transactions, alerting of
suspicious activity and if necessary, stopping it in its tracks, using a non-intrusive
solution that has no impact on the file or database performance, and is like
bullet-proof database protection against all potential intruders, regardless of
location, intentions or capabilities. The technology prevents intrusion, file or
data theft and attacks on the database, and has a full audit trail for regulatory
compliance requirements and compromise assessment. (www.sentrigo.com)
3.2.4 Hackstrick
This company is developing security technology Outside-In and Inside-Out Digital
Security for protection of classified digital files against unauthorized use and
industrial espionage. Their technology, an all-in-one product, defends against
external threats (outside-in security) with its full Unified Threat Management
(UTM) functionality and addresses the inside-out Security Digital Asset System
(SDAS). This solution is used to mark, block, and track sensitive documents sent
19
out through email, Instant Messaging, FTP or other electronic means and report
or alert on these transmissions.
3.2.5 Bsafe Information Systems
Besafe Information Systems develops network and file-security products for IBM
iSeries (AS/400), zSeries (mainframe) and open systems. The technological
advancements that have allowed files to be accessed from diverse sources
including the Internet and other networked connections and the growth in the
amount of sensitive information being stored in today's computer systems
brought the development of this technology. Their solution is mainly for large
organizations with rigorous security demands such as banks, insurance
companies
and
public
institutions
for
data-processing.
(www.bsafesolutions.com)
3.2.6 Gita Technologies
Gita Technologies develops a security technology that specialized in the
communication security, network protection, encryption technologies, signal
intelligence fields both for analysis and production and high-end information
security. File and data structures analysis, telephony communication analysis and
production, off-line communication analysis and production, IP traffic analysis,
analysis systems enabling complex signal research via an advanced operator
interface, and integrative solutions. The company’s solutions are used by various
government agencies and high end enterprises.
3.3
Anti Piracy
3.3.1 CheckPoint Software Technologies Ltd.
CheckPoint developed a technology called “Secure Virtual Network (SVN)” which
provides the infrastructure that enables secure Internet Communications. The
SVN technology secures business-to-business (B2B) communications between
20
networks, systems, applications and users across the Internet, intranets and
extranets. Open Platform for Security (OPSEC) is a software technology open
architecture solution that (OPSEC) provides the industry’s enterprise-wide policy
management and policy enforcement framework. More than 200 companies
which are part of the OPSEC Alliance leverage the OPSEC framework to provide
customers choice and an integrated architecture that can centrally manage all
aspects of secure enterprise networking. CheckPoint developed a Firewall
technology, VPN Gateway (e.g., content security, authentication, authorization
and intrusion detection.) The Firewall has a gateway anti-virus and anti-spyware
protection against viruses, spyware, and worms at the gateway intrusion
prevention integrates network- and application-level defenses including security
for VoIP, IM, and P2P file-sharing applications, Web filtering, Advanced Web
content filtering based on an extensive database of threat categories and
associated URLs Centralized, multi-site management UTM-1 Total Security is the
only UTM appliance solution that includes central management for multiple sites
preinstalled Clustering for high availability UTM-1 appliances can be clustered as
a solution so that both the gateways and the Smart Center servers can failover
Six dimensions of Messaging Security Protects against the three major
messaging-attack. (www.checkpoint.com)
3.3.2 San-Disk – (M-systems)
Development of the USB flash drives gave security a major thought. Password
protect USB drive “Cruzer® Professional” provides the freedom of a USB drive
and the protection of powerful, hardware-based security to protect the most
sensitive files and data. All security features are performed onboard by the drive
and not by the operating system. Users can create a private, password-protected
section of the drive for secure storage of confidential information; or store lesssensitive files in a public section for easy access and sharing. This sophisticated
password protect USB drive includes a lockdown mode when it detects hacker-
21
like behavior, such as consecutive wrong password attempts. These secure USB
measures do not reduce the speed of Cruzer Professional, which gives fast
transfer rates of 24MB/sec Read and 20MB/sec Write. The password protect USB
Cruzer Professional is a plug-and-play device, requiring no driver installation or
special usage rights.
Encrypted Flash Drive is aimed at the ultra-sensitive security requirements of
government agencies and financial institutions. It gives the employees the option
to safely extend their work environments to outside their office. This encrypted
flash drive allows users to work safely and securely from any location. Rather
than rely upon users to secure files, this technology imposes mandatory access
control on all files; they are stored in a secure partition that implements the
strongest 256-bit hardware-based AES encryption. Since the encryption keys
never leave the drive, they are kept safe from software hacking attempts. Stored
in a secured area totally sealed, the keys of this encrypted flash drive are also
protected against physical tampering attempts.
SanDisk has teamed with McAfee Security Company, to provide a solution for
Flash Drive Security that protects against malware infection and file leakage. The
joint solution of secure USB that includes encryption, password protection, and
malware scanning is aimed to give a more broad protection to secure USB flash
drives. This solution provides hardware-based encryption on all files together
with password protection to safeguard data stored on company-issued drives
both within and outside the office environment.
3.3.3 Aladdin Knowledge Systems Ltd.
Aladdin develops software security products and tools for software developers
and system integrators. This company’s products include the USB-based eToken
device for user authentication and e-commerce security; HASP and Hardlock,
hardware-based software security systems that protect the revenues of
developers; and Privilege, a software licensing and distribution platform.
22
Their “Hardware Against Software Piracy” is a hardware-based software
protection system that prevents unauthorized use of software applications,
protecting intellectual property. Aladdin is eSafe line of file and content security
solution provides proactive, multi-tiered Internet Content Security from the
gateway to the desktop, protecting the entire enterprise files and database from:
malicious code that destroys or steals digital assets, inappropriate and
nonproductive material, the misuse of company resources, and Internet-borne
content. (www.aladdin.com)
3.3.4 Cyber Ark
Cyber Ark develops a network-file security and e-business. This solution gives
security, connectivity and auditing. The company offers two solutions based on
the technology. The first technology is a secure Wide Area Network (WAN) for
connecting enterprises to their partners, customers, and sub-contractors over
the Internet. It enables enterprises to share information directly over the
Internet as if they have deployed a shared WAN, but without actually doing so.
Various modules enable enterprise users to leverage existing mail, file, and FTP
servers securely without any changes in the way they work.
The second solution is a Network Vault, a secure repository that provides a safe
haven, highly secured regardless of overall network security, to protect critical
files and administrative passwords. Based on multiple unified layers of security
which serves to protect the single data access channel to the data-storage, the
Network Vault protects information at rest as well as while in transit to end users
inside the enterprise. It also provides auditing and access control capabilities.
(www.cyber-ark.com)
3.3.5 Algoritmic Research
This company developed software solutions for network and file security. The
technology is a Firewall Analyzer (FA) for firewall auditing. The technology
23
identifies the rules that create security holes, and advises the user about how to
close them. It exposes all the hidden risks in the corporate policy and generates a
complete audit report that ranks the risks, presents each risk in a descriptive
manner, and provides guidance about remedies. Following FA guidelines ensures
that there are no “hidden” or unknown risks embedded in the corporate firewall
policy. The technology indicates when a rule has changed and whether the
change introduces any new risks. Currently, when a new rule is deployed, there
is no feedback on the effect on Network Security. The technology analyzes all
possible incoming and outgoing traffic, based on a detailed examination of the
actual rule set of a firewall. (www.algosec.com)
3.3.6 Applicure
This company is developing a solution for comprehensive web protection. This
solution prevents exploitation of the core information of the company’s Internetlinked systems, blocking inappropriate usage at the portal and within the
company. This gives the option for protection at the company’s web portal, and
continues through internal application servers, and extends into the heart of the
company’s critical business files and data, its confidential databases. The
technology is a software based web application firewall. It’s compatible to the
network firewall and other network-based Internet security products by
intercepting seemingly legitimate users attempting to use the web application to
commit fraud, or to gain access to valuable and confidential files.
(www.applicure.com)
3.3.7 Imperva Israel
This company developed Dynamic Profiling Firewall. It is aimed to give total
application security - protection from web application, database, and worm
attacks. The company’s technology gives advanced Enterprise Application Sphere
Security
Solutions,
protecting
next
generation
enterprise
application
24
architectures from a wide range of known and unknown attacks. The company’s
flagship product is a security solution to provide scalable defense for the entire
Enterprise Application Sphere, transparently shielding the Application Sphere.
The company detects and prevents intrusion attempts by learning and enforcing
normal behavior on Application Sphere components (e.g., company files, web
servers, databases). The technology covers risk analysis, security design, audit
and penetration tests. (www.imperva.com/)
3.3.8 Innovia R&D LTD.
This company developed a new Traceless Biometrics Solution that authenticates
a user’s identity without requiring storage of any unique biometric information.
Furthermore, the solution does not need to link, write, or bind any unique
information to an external device, smart card, or network of any kind. The
solution’s method is able to positively recognize and identify the biometric
identity in real time without violating the user’s privacy and without leaving any
intrinsic traces. The technology is not stored on any database, such as a bank,
government, or any other system. Instead, the user securely provides a Token
and by that maintains control over it. For example, the technology is called
BIdToken. It can replace the PIN associated with an ATM card. Only the
combination of physically possessing the ATM and Innovya’s Biometric Identifier
(BIdToken), permits the individual to make a transaction at the ATM machine. In
this new situation, when a PIN and/or PIN and card are shared with another
individual or stolen, the identity of the individual using the card can be
determined, allowing only the true owner to use the card. The method for
determining the BIdToken is kept secure and therefore it is not possible to
determine the non-unique BIdToken or its generation from the fingerprint or
other unique biometric identifier by an unauthorized party (reverse engineering).
However, a BIdToken can be replaced by another one and still be associated with
25
the real biometrics owner. Innovya’s solution neutralizes the obligation
requirements for trust by third parties.
26
4. File Protection Survey at Business Sectors
We have surveyed a few different sectors to observe the type of security they use to
secure their files and documentation. Following are the sectors we surveyed. We chose
large and small companies representing different sectors. We surveyed universities,
customer service companies, banks and high-tech companies and private organizations.
Following is the questionnaire we presented:
4.1
Questionnaire
1. What kind of technologies for file and data security does your organization use?
2. Which security factors do you choose to put emphasis on: messaging, anti-deletion,
file recovery and on-line/off-line protection?
3. Who in the organization chooses these technologies?
4. Do they check if the technology has ISO standards?
5. Is it important whether the technology is purchased by an Israeli company or a
foreign company?
6. How often do you check whether the technology is still relevant and, if not, then
do you look for new technologies or just get the up-dates?
7. Does your organization produce intrusion reports?
8. What are the organization’s regulations in case of intrusions or penetration to the
organization’s computers?
9. If a person from the organization is working from home, what are the
organization’s regulations for securing his/her computer and the files on it?
10. If the organization’s laptop is lost, do you have special security that the
information on it will not be revealed?
27
As the questionnaire was submitted in Hebrew, we translated it and we gathered all the
answers together.
Most of the questions of our questionnaire were not answered directly. The answer was
“too sensitive, cannot answer.”
4.2
Following are the answers:
1- Most of the enterprises purchase a security technology and tailor it to their
needs. In this way, they are sure that even the initial developers will not know
how to enter their files and database. Some companies that do not hold
sensitive information said that they use the Windows security permission
technology.
2- The companies try to cover all factors of security. Some are secured by basic
anti-virus or firewall technologies. Most companies put security emphasis on
employee’s payroll and Human resources files. All companies advised that they
have a daily backup system that is stored in fireproof safes to recover lost files.
3- Most of the enterprises have an IT department or a person who is in charge of
database management, or the network manager. This person is in charge of the
security issue also in the banks and companies holding on to “sensitive
information”.
4- The large enterprises such as banks and insurance companies are restricted to a
regulation issued to the Law of Financial Services in June 2007. (More details of
the regulation are detailed below). Most companies do require technologies
ascertained by ISO standards.
5- The companies are not dedicated to purchasing their security technology from
an Israeli company.
6- The relevancy of the technology and its capability to totally secure the
companies files and database is checked regularly.
28
7- The companies hold intrusion reports but they were not willing to provide or
disclose this information.
8- In the case of intrusion, the companies rely on Regulation 357.
9- Most of the companies that hold sensitive information such as banks do not
allow work from home. The high-tech companies use VPN (Virtual Private
Network). Technology mostly purchased from the Israeli company CheckPoint.
More details about this technology reported later in this report. If a worker
needs to copy information, it will be copies on an encrypted disk on key and in
the case of a burned disk it will be put in a secured envelope.
10- Companies that hold sensitive files hold private archives and do not send this
information to outsourcing archives. There is a regulation that defines the time
that information needs to be saved and then burned. There is information which
is defined as needs to be “saved forever” and information that is not defined
that cannot be archived. Every organization determines which information goes
under which classification.
We found that the banks in Israel and other enterprises are restricted to a regulation
submitted to all institutional bodies in Israel, as defined by the Insurance from 1981.
This regulation 357 was written in 30th June, 2007.
The regulation provides guidelines for file and data security. The main issue is that the
enterprises need to have secure areas, network management, separation environments,
means of identification, digital signature, denial prevention mechanisms, working link to
the Internet and e-mail system.
The Purpose of this regulation is to protect the information of the organization’s clients
(and other workers in the field such as insurance agents) from the pool of information
risks.
29
The main principle of the regulations is to reduce the risks of using information systems
and the exposure of sensitive files and information. This regulation lays out the
provisions of the information and filing security. The outline of this regulation is as
follows:
1. Management of file and data security
2. Classification of properties and evaluating information security risks
3. Conducting Information Security Risks Surveys and controlled penetration tests
4. Protection from attacks and viruses
5. Backup protection
6. Process of letting out sensitive files and information outside of the organization
7. Reaction to security events of file and information breach
8. Cryptographic systems
9. Connecting employees to the Internet
10. Online services and commerce.
Some additional information about the Israeli Technion’s file security regulations:
File protection at the Technion is managed by the Computer Center. A technical security
forum,
supervised
by
the
Computer
Center,
operates
in
parallel
and
includes representatives from several faculties. The forum discusses suggestions and
updates to the Technion’s file protection policy, recommends and supervises
implementation of yearly programs, performs damage assessment after failure, and
issues recommendations to Technion’s management.
Among others, the following topics are handled:
Policy - Setting general procedures and guidelines for file protection.
Regulations - Setting obligatory regulations for the various users.
McAfee Anti-virus - Distribution, installation and updates management of the
anti-virus software.
Firewall - Management of firewall software on Technion servers.
30
5. File Protection at the Israeli Government
The use of the filing of documents in the government Database instead of the usage of
paper has grown rapidly within the past few years and became inseparable from daily
life. The pace of development and expansion of the usage of computers and
documentation creates dependability on the computer and its applications.
Documents and filing government forms on the PC are established by organizations at
all levels of government. Local administrations have all taken a step further to simplify
the process of using and searching for files on the government sites which will be
elaborated in this report.
The potential for e-mail communication between the public and civil servants has grown
considerably in the past two years. Some administrations have established e-mail
policies and now have a widespread infrastructure that makes such communication
technically feasible. To benefit from this infrastructure, the processes will be geared to
exploit the facilities.
In Israel, the Government has a principal website that provides forms for different needs
that the citizens can use, and there are other dedicated departmental sites for
additional purposes as well for the convenience of the Israeli citizens. The Government
established a single point of entry containing direct links, indexing and search facilities
which can simplify and enhance the provision of government information.
These services have brought with them need to secure the files of the government
websites to ensure the privacy and security of the personal information that is provided
through this government’s services.
31
The Israeli Government guaranteed its citizens that by the year 2005, they would look
back to this time of pre “e-Government”, and it would seem distant and out-dated, just
as the times before cellular phones and the fax machines look to us today.
The responsibility of management and administration of the principal government
website including securing personal information on files on the site ultimately falls at
the central or federal level and under the control of the Prime Ministry Office and
Finance Ministry which gives financial support to back the policy decision.
The main contributions of the government website are the following:
1. Improving public service as the Government uses Internet technology as an
important mechanism to give services to Israeli citizens.
2. Reduction of paperwork, which saves space and contributes to a clean
environment.
3. Increasing the dissemination of the Government’s information to the public and
increasing the effective publishing medium and contact with the private citizen.
4. Improving the electronic service delivery in the government offices and
improving contacts among the government offices.
5. Providing means to support policy initiatives and helping the transparency of the
Government, and subsequently helping to obtain public opinion on different
issues.
In Israel, legislative proposals are published on the web and comments are invited.
Relevant comments are submitted to the parliament, and debates and feedbacks are
provided electronically. The parliament site also supports a monthly discussion forum
with the citizens on a popular issue.
32
Different Government Projects for Security
The Government succeeded in securing information which is sent from the Government
to the citizens and vice versa. The different projects in e-Government include:
Project “Tehila”, is a comprehensive infrastructure to realize “e-Government”
services in Israel.
Project “Shoham”, is an on-line payment system from and to the Government.
Project “Tamar”, provides security for connection to governmental databases by
using electronic signatures. The project includes the use of different forms to
identify the citizen who gets in contact with the Government.
Project “Lehava”, is a telephone-based support center for those citizens who
cannot use computers to assimilate the use of information technology in
peripheral areas.
Project “Merkava”, establishes the realization of “e-Government” program
which will improve efficiency and upgrade and simplify the information flow
inside government offices.
Project for intranet that allows transfer of secured information among
government offices.
The Government established an inter-office steering committee of managers of
government offices headed by the Prime Minister’s General Manager to apply
the decision of the Government and to make decisions and adjustments in daily
life.
Following is a model of five layers which was established to describe the “e-Government”
layout technologically, and detail the security systems required for the realization of the
“e-Government” program:
Layer 1 – Inter-governmental communication infrastructure: The basis of the
Government’s ability to take care of it’s citizens is the existence of an intergovernmental communication infrastructure that will allow information flow
within the Government and will give the different governmental bodies the
33
ability to provide services under the same umbrella. Without such infrastructure,
each office is forced to work independently, and the level of service is directly
damaged, both by the lack of unity as well as the fact that not all offices will
forward “e-Government” at the desired pace. This layer includes security of the
files and information and security during and after the transfer of the
information. The Tehila Department is taking care of all the security stages.
Layer 2 – Horizontal applications: An inter-governmental layer of horizontal
applications and databases in the Government. This application is protected
from the point of receiving the application and has security for the database. It is
the governmental ERP, covering a variety of subjects which are at the heart of
the organization: budget, logistics, manpower, etc. This integration of the
information and the systems enables a unified terminology and accessibility
needed to reach full integration of services.
Layer 3 – Infrastructure for the citizen: This layer is different from the previous
layers because it includes communication infrastructure as well as technologies
that allow for transparency of only certain governmental systems, while
maintaining information security in order to communicate with the citizen. The
existence of layers 1 and 2 enables usage of an all-governmental, unified
infrastructure for communication with the citizen.
Layer 4 – Applications for citizen service: This layer includes the layout of “eGovernment” applications through which the citizen can use on-line sites and
perform activities in them. These applications are especially built for public
service and are adjusted to the public’s needs. Some of the applications are
central but most of them are office-specific. The Tehila project layout security on
the files and data that the citizens are communicating.
34
Layer 5 – Support and assimilation: A layer that needs special security because it
consists of technologies and physical resources required for education and
assimilation of the technology in challenged populations, who are not aware of
the needs of security and don’t have a way to contact the Government Agencies
through the electronic device. This layer is responsible for closing the digital gap
and the actual usage of the systems by the layman.
5.1
Tehila
The Israeli Government established a central body that provides Government Ministries
and Institutions the ability to connect with citizens and between the government offices
themselves, in highly secure services. In this way, the dangers associated with
connecting these networks to the Internet are significantly reduced.
The Tehila project began in 1997 to answer the growing need of Government Ministries
to be connected to the Internet, in order to:
Provide services and information,
Make use of Internet resources, and
Communicate via email with people both in Israel and worldwide.
The Tehila project aims to provide a solution to the risks associated with exposing the
Government network, in terms of information security, by connecting Government
Ministries with appropriate security and control measures.
Mission and Goals
The mission of the Tehila project is to provide two main services:
1. Secure access to Internet services for Government users. Users receive a “service
package” that meets the specific information security requirements.
2. Hosting of Government websites that provide information and services to the
public, while using information security mechanisms to protect the data.
35
Among other goals, the Tehila servers have the following programs:
1. A system that checks the amount of e-mail that enters and exits each
government site.
2. A system that identifies the attempts to attack from abroad and handles them.
3. A system that collects information about the attempts to attack and analyses it.
4. An automatic system that presents the types of attacks.
The goals of the Tehila project
To provide Government users with access to basic Internet services, while
minimizing the information security risk to Government office computer systems.
To make Internet services available to a large number of workers who require
them and are unable to access them at their desks due to information security
concerns.
To build a secure platform upon which Government applications and data can
appear on the Internet.
To accelerate the entry of Government offices to the Internet world or to any
new technology or to improve the communication with the citizens and among
the government office or any other site, by creating an inexpensive and readily
available infrastructure for creating websites.
To provide security solutions when entering the Internet world with the goal of
distributing information to citizens.
To conserve resources for Government offices that are required to setup
Internet infrastructures including: hardware, software and communication
infrastructures or any other way of communication, for example covered
communication that is not using the Internet or sites that nobody knows about
its existence.
Tehila Server Farm
36
Tehila’s Server Farm is located in the Government complex. It hosts websites of
Government offices or any other covered site and bodies that invest a great deal of
effort in exposing information under heavy security which is on-line service as part of
the e-Government policy.
The Tehila project consists of highly trained staffs, who maintain the Server Farm 24hours-a-day, 7 days a week, with maximum security, using advanced protection
methods, including biometrics and special smart cards and more. The Communications
Center infrastructure is protected using various means of warning equipment which
maintains maximum security.
The Server Farm is also protected by a UPS (Uninterruptible Power Supply) system that
guarantees that the system will remain available even during emergency situations. The
Server Farm is continually backed-up and also stored at an external location.
Information Security
Tehila uses a variety of resources to maintain its information security goals, beginning
with a staff of information and communication security experts and continuing with a
variety of products and technologies mainly from Israeli companies and also from
leading world companies.
Security systems at Tehila face large numbers of attacks yearly and succeed in
overcoming them in most cases right away. In some cases, it takes a day or two
to overcome the attack.
During 2008, there were 90,000 attempted attacks, with 14,000 of them
considered significant ones.
Tehila’s mail servers process an average of 85,000 messages daily – about 30GB
of data. On days with e-mail attacks, there may be as many as 550,000 messages.
37
Each day, approximately 100 virus attacks and attacks of other harmful software
are avoided. On days with e-mail attacks, up to 80,000 harmful messages are
received.
There are about 51,000 warnings of attempts to attack government sites in the
control rooms weekly.
The most attacked sites in the Government are:
The main government site, gov.il.
The government payment service.
The Treasury Ministry.
Pension Funds.
The Ministry of Health.
5.2
On-line Payments Service (Shoham)
Another project for which Tehila covers security is the Shoham project, which provides
for electronic payments to the Government. This project is developing at a fast pace
with special security measures to enable the user to purchase products and transfer
funds without waiting in queue or searching for the place to pay. It is possible to
securely pay taxes and fees through the Internet as well as to purchase services and
information that the Government offers its citizens. Tehila developed “Shoham” during
2001 and 2002, and today includes some 20 services out of which 5 are significant
(income tax payments, fine payments, license renewals, VAT payments, and corporation
taxes). During 2002, a sum of NIS 250,000,000 was collected through the payment
system. In order to increase the number of services provided to the citizens and
businesses, the project must be further developed, both technologically – by developing
suitable software and hardware infrastructures, as well as by increasing the number of
services offered to the citizen through it.
The Project’s goals were:
38
•
Increase the number of services so that every government office/affiliate unit will
have a secured digital payment infrastructure, with strong emphasis on central
services in the Government (such as tax departments).
•
Develop designated services for businesses and large organizations.
•
Increase commerce in the next year for the service up to 20% of the total business
activity conducted between the public and the Government.
•
Support electronic commerce in large magnitudes and prepare a pay-off mechanism
that will allow on-line payment with all banking establishments while dealing with
information security problems.
•
Add services such as support for digital products, combining with forms and tenders
projects, combining with smart card projects to identify the payer and pull out
personal payments.
Upon the completion of the second year of operation, it is possible to obtain a range of
services from 28 government entities, including the Ministry of Transportation, the
Customs and VAT Division, Income and Property Tax Commission, Court of Justice
Management and many additional elements.
This payment system constitutes a central tier in the online service center that the
Government is making available to the public. By operating this system, the Government
is able to save bank commissions and fees, while offering the public various payment
options, including the use of credit cards and direct debits from bank accounts, without
having to sign a standing order.
39
5.3
Israel CERT- Computer Emergency Response Team
The Israeli Government established the site www.cert.gov.il in 2005 as part of the Tehila
project, to give the public answers to file and Information security on the computers.
Its main missions were:
1. Giving the Government answers about information and file security.
2. Processing information from different information resources in file and data
security.
3. Coordinating reactions and actions on file and information security breaches.
4. Surveying file and information security in order to improve and make more
efficient the Government, and authorizing information and file security events.
The CERT staff is part of Tehila which established a new website in May 2007. Its
purpose is to locate and alert specific attacks on world wide computers especially
attacks on the Israeli Government on-line available websites.
One new feature that this site provides is an electronic map of attacks that presents the
attacks that are being carried out on the Government’s infrastructures’ website as it
happens online. It provides the Tehila team an accurate picture of the amount of
electronic attacks that are aimed at the Israeli Government.
The warning about file and information breaches
The CERT site presents the breaches, problems and bugs that were found in the
software and hardware systems, and the level of danger that the breach constitutes.
The homepage of the site presents the last warnings that were published by the CERT
staff and the crucial breaches and warnings. Each warning includes the full technical
details of the problem and the links to the official manufacturer’s announcements, links
to additional information and additional solutions, provided CERT has this information.
In the warning page, all the warnings that have been published will be shown, it is
possible to find a summary of the warnings in order to find a specific warning, according
to the manufacturer’s name, the level of danger and the date it was published.
40
CERT’S staff publishes in this site, reports and articles that deal with information, and
data and file security. Among other subjects that it publishes, are demolition,
vandalizing of the site and other details of file protection.
CERT’s site enables everyone the possibility to be automatically updated with new
warnings for attacks with RSS (Really Simple Syndication) messages that are sent directly
to the computer. This RSS enables a customer to gather and handle a large amount of
content that comes from a number of sites.
The main difference between Israeli CERT and other CERT groups all over the world is
the fact that it is government owned and financed and gives full service to the Israeli
Government. Another application the Israeli CERT has is the attack map that provides
on-line information on attacks from all over the world on the on-line Government
services.
Government policies for securing “sensitive files” and governmental database and its
institutes:
The government offices and its institutes, according to the law, use technological
information systems to decisions for supervision, control, development and
implementation of government policies enforcement.
Definitions by the governmental committee:
a.
“Information” - news, data, symbols, concepts or instructions that are presented
by a human or computer language, or a draft document, which are preserved
and handled or stored at any storage possible and are assessed in any possible
range.
b. “Sensitive information”- any information that is possessed by the
Government
Ministries, Institutions, or other public authorities, or any kind of information,
41
the final stages of treatment, transporting, storing and saving is required
because of being one of the following:
1. Information whose confidentiality, integrity, reliability or its availability
may cause vulnerability or damage to:
a. The good management of the country.
b.
The proper operations of Government Ministries or other public
authorities.
2. Files containing personal information, protected by the “Privacy
Protection Law of 1981.”
3. Files containing economic secrets, commercial, legal, organizational or
other secrets, which were provided, voluntarily or due to obligations, by
people or corporations to the Government Ministries and Institutes,
which are required to keep these secrets, according to the law, or,
according to the request of, the people who possess the files and
information, or the people who provided it.
4. Files that must be kept according to the law.
c.
“File and information Security” - all steps and measures that are taken and are
implemented in the different offices, whose purpose is to ensure that the file
and its information must be protected from: injury and intentional or
unintentional exposure, and to protect the availability, integrity, confidentiality
and reliability of the information systems.
The need to protect “sensitive files” and database, control and supervision derives from
a few factors:
a. The proper management of government offices and the performance of duties.
b. The proper management of the country’s economy.
c. The protection of privacy according to the privacy law and its regulations
adopted in 1981.
d. Securing “sensitive files”.
42
e. Prevention of damage from the investigation process or from a court hearing
and protecting a persons’ right to a fair trail.
f. Protection of files and database according to law and regulations.
The use of essential information in the proper activities of the Ministries is contingent
upon the ability to maintain quality, availability, completeness, reliability, secrecy, and
confidentiality of the information database and software processes which in turn relates
to how the information is collected, processed, saved, assessed and forwarded.
The security policy of the Israeli Government:
a. Instruct the Director General of each government office to prepare a document
for “security policy” which will incorporate “sensitive information” information
systems and files that is the responsibility of its office and to implement this
security policy in its office and among all its employees according to the
instructions of the committee in the Prime Ministers’ Office.
b. To instruct the principles of the security of sensitive information and the rules
and regulations governing this information to all the office employees that use or
have contact with sensitive information and files.
The responsibility for the execution of the procedure:
The Director General Office has administrative responsibility which includes the
preparation of a policy document to protect “sensitive files and information”, the
database, information systems, and control and monitoring and to monitor the
implementation of the policy.
The person who is in charge of the security of files and information has responsibility to
prepare the policy document of the office, a document which needs the approval of the
Director General. All of the office employees have, without exception, a personal
responsibility to act according to the guidelines listed on the policy document and to
follow its security procedures.
43
5.4
The Proceeding Authority:
By law, the areas of security of files and database systems, the control and supervision
will apply to Ministers, and government offices and its authorities, in the following
areas:
a. Physical security of computers and records of sensitive files.
b. Security to access files and information and permits to use this information.
c. Security of files that is located within government offices in its buildings and the
communications that are passed to areas which do not have supervision or
control of the offices.
d. Securing computer outputs and different files and information platforms.
e. Securing personal computers including laptops.
f. Disaster preparation (preparation of alternative operating systems to disable
information, communication systems, control and monitoring) which will be
evaluated annually to check relevancy.
g. Securing sensitive files that are not magnetic or optical (paperwork, official
certificates, stamps, etc).
h. Conduction of reliability tests on employees that work with sensitive files and
information or whose job is related to monitoring or controlling sensitive
technology at the office.
i.
Performing monitoring and inspecting activities of “sensitive files and
information” and database. This control will be part of the structured role of the
person in charge.
44
5.5
The Ministry in Charge
The Treasury Ministry, which is responsible for the Tehila project and which is in charge
of fulfilling the government policy regarding security projects, issued recently a public
tender which will be valid from February 19 until May 19, 2009 for the establishment,
assessment and maintenance of a control and reaction system for file and data
protection events – SIEM - Security Event Manager. The tender will be won by an Israeli
company that has installed such a system in at least 25 other organizations and that can
deal with at least 2000 events in one second. The system must have been installed in at
least one Israeli organization that has at least 200 reporting components and deals with
at least 500 events in one second.
This type of SIEM system helps organizations to handle large volumes of logs that are
created by the different security systems and are leveraged to provide efficient security
in all.
The increasing numbers of logs require the different organizations to establish new
regulations in order to keep and to document information regarding security events.
The combination of the NBAD (Network Behavior Anomaly Detection) system makes it
possible to see what exactly is going on in the networks almost on line. The combination
of such a system with a SIEM system enables the analyzing of logs in file security
systems on line which creates a powerful and important security instrument. As the
government offices have turned the computer into a permanent tool without which,
their work would be stopped, any attempt to attack or to enter such a computer system
places a danger to the organization.
5.6
Yael-Government Intra-net system
The Israeli Government established in 2007, a new Intranet secured system for the Israel
Securities Authority in collaboration with Tehila for internal communication to send
electronic messages, including transferring files from one computer to the other within
the Securities Authority. The system allows the transfer of messages securely with
electronic signature, from the Securities Authority to the bodies that are controlled by it
45
such as corporations, fund managers, management companies, file managers, etc. and
vice versa from these bodies to the Authority.
The system will allow the workers to send messages signed electronically to the mail
server in the most secure way. The Authority’s representatives are allowed to access
their mail account in this system using a special security token and access the relevant
web browser and view the message. This system will replace the current
correspondence of mail, fax and e-mail in the near future.
This project is part of a large project, “The Government Safe” which was established and
is maintained by Tehila- the Treasury Ministry. The purpose of this project is to enable
the government bodies to pass written mail in a secured electronic method.
The authority drafted the law that will govern this procedure – secured electronic mail
which was adopted in 2007. Amendments were also made to the law IN 1968 Security
Law. This law also changed other laws that dealt with investment and consultancy.
The token which was chosen for this system was specifically developed by the Israeli
company Aladdin. The company tailored their technology to the Government’s needs
for this system.
46
6. The Law in Israel
File protection is included in many laws, such as in the income tax, banking and Patient
laws. There are also specific laws that deal directly with file protection which shows the
importance of this subject in Israel. One of the most important laws in this field is “The
Protection of the Privacy Law” adopted in 1981. This law details the protecting of
privacy of Israeli residents.
In this law there are three chapters:
The first chapter deals with protecting the privacy information of the citizens in PCs and
all kinds of database.
The second chapter of this law deals with privacy, and more specifically deals with
private files which hold database information of private companies, institutes or private
persons. The law details even how the information should be kept in sophisticated ways
and used in computers. The Israeli law defines a private file which contains “sensitive
information” and defines sensitive information. The law gives examples of what is
sensitive information such as information about marital stratus, health, economic
situation, opinions (such as political opinions, religion, and belief’s). The Justice Minister
will publish regulations regarding privacy and sensitive information.
According to the law, any person or company that accumulates information about
people must ask permission to use it, and then this information must be protected. The
law imposes a penalty of 5 years in prison for someone who reveals sensitive
information that he obtained.
According to the law, every person has the right to demand to omit his name from a
private database that collected sensitive information if he so decides. This law prohibits
47
even the Government offices and Government institutes or any municipal institute from
releasing any personal information that it has accumulated unless either the law
specifically permits these institutes to do so or the information is released because it
needs to fulfill its duty. Any public office or Government institute which releases or
exposes personal information must register the information which was released.
For example, on August 20, 2008, the Databases Registrar revoked a database
registration. The Head of the Israeli Law, Information and Technology Authority (ILITA)
and the Databases Registrar (the Israeli Privacy and Data Protection Agency) ordered,
for security reasons, the registration revocation of two sensitive databases. The decision,
a first of its kind in Israel, followed an investigation led by ILITA of a pre-employment
testing and evaluation company’s privacy practices. The investigation revealed that an
Israeli company allegedly violated substantial provisions of the Privacy Law, some of
which constitute a criminal offense.
Under the Privacy Law, subject to certain limitations, every computerized, business
oriented database must be registered in a governmental database registry held and
managed by the Databases Registrar. The law further provides that a database owner
must notify the data subject of the purposes for which the data is processed and the
identity of third parties to whom the data will be transferred. Other provisions of the
law prohibit the processing of personal information for purposes other than the
purposes for which the information was provided, and require every database owner to
allow data subjects access to their personal records. The Databases Registrar found that
this Israeli company transferred assessments and test results to additional employers,
without receiving the required consent, presumably in an effort to save the costs of
preparing new assessments. This company refused requests made by examinees to
access their personal records and failed to provide them with a proper notification of
the processing purposes and data transfers.
48
The revocation of the databases’ registration may impose a grave risk on this company’s
business, as maintaining an unregistered database is a criminal offense, and can subject
it to civil tort claims, as well. This company informed that it does not accept the legal
analysis of the Databases Registrar and that it intends to fight the Registrar's decision.
49
Summary
One can learn from this law, the importance and seriousness with which Israeli law
treats file protection, by even giving the right to the family of a person that passed away
to be able to block the release of his personal file which is considered private even after
his death. Also, in case a person began litigation and passed away during the law suite,
his family can continue the process after his death. Moreover, there is a restriction
against personal files in criminal or civilian processes as proof of the person's actions in
the past, or of his opinion, behavior, character or even his bad name, all this just to
protect his personal privacy. The court has the power to prevent any publication of the
personal file and to call back, collect or prevent printing the private information.
It can be understood that the Israeli law is related to file protection in the most severe
way. The law goes into great detail to protect the files. File privacy of a person is very
important and anyone who ignores this basic right, will be punished in the most severe
way.
6.1
New Amendment that prohibits various sorts of spam
The Israeli Parliament approved at the end of May 2008, an amendment to the Israeli
Communication Law that prohibits various sorts of spam: e-mail, fax messages, short
text messages, such as cellular SMS and automatic dialing systems. This amendment
states that any recipients should know in advance if there is an intention to induce them
to spend money.
The strict demand requirement for prior consent is mitigated by two exemptions. An
advertiser may send a one-time unsolicited offer to businesses to accept further
commercial messages. An advertiser may also send unsolicited commercial messages if
the receiver of the message is a client or a potential client of the sender, if the message
refers to a product or a service similar to products or services purchased by the client in
50
the past from the sender, and if the receiver is given proper opportunity to refuse any
further messages. Furthermore, the advertiser must conspicuously indicate that the
message is commercial in nature and that the receiver has a right to refuse any further
messages. The advertiser must also provide clear contact details for sending refusal
notices.
The Anti Spam Law became effective in November 2008. Failure to comply with it will
subject spammers and senders of commercial offers to statutory damages of up to NIS
1,000 (approximately US $300) per message. The amendment also indicates that a class
action may be brought against infringers.
This amendment has dual purposes:
3.1 Preventing saturation of PC with Spam.
3.2 Preventing virus files which can contaminate the PC and effect many files and
computers.
6.2
The Right of the Patient’s Law
This is an additional 1996 law which protects the right of the patient. The medical
information of a person is considered “sensitive information”. This law defines what
“medical information” is, how to protect it and how to enforce the law against the
hospital’s staff while they are working and even after they leave their work. The law
goes into details regarding transfer of patient’s medical information by the hospital to a
different body, like for example:
1. When the patient himself agrees to it.
2. When the law forces the hospital to transfer medical information.
3. When it is needed to transfer the medical information to another doctor or
therapist or another medical organization.
51
4. When the ethics committee has decided to transfer the medical information.
5. When information is transferred for information processing or filing
6. When there is a need to publish the information for research purposes as long
as the personal details are not revealed.
In every hospital, there is a special committee that has the right to decide if the appeal
of the patient to not publish or transfer his file to a different party should be accepted
or not.
The law imposes punishment on any party that ignores the law or acts against any of its
clause previous.
52
7. The Standardization of File Protection in Israel
There are two major international standards for file protection: ISO 17799, ISO 27001.
These two standards were established in Israel due to the need to protect organizations’
main assets, their file system and data. A certificate issued by the Israel Standard
Association for File Protection System will confirm that the organization is taking the
right measures to meet its obligation to protect its data and files and at the same time
will give the company the assurance that it is working according to the international
standards which will help the company to export internationally.
The creation of a security system which protects the organizations’ files and data will
provide:
Identification and management of threats to a file.
Definition of the processes of treatment and prevention in a coherent and
methodical way.
Goals for managing file and information security planning and launching security.
Matching of the security to the requirements of the relevant law and regulations.
Reduction of expense for damages related to loss of files and information,
disability of its restoration and its availability.
Effective prevention of fraud.
New processes for improvement (even beyond the basic requirements).
Greater efficiency for the work processes.
Security to customers, confirming that the organization’s highest concern is to
protect the organization files and information.
The Israeli Standards Institute reviews will help identify whether the file and data
security management system is suitable for the requirements of the organization, which
points to the improvement at various levels.
53
For many organizations in fields such as medicine, transport service, and finance, file
and information system’s failure can be critical and protection against such failure is
essential. Businesses and organizations can protect themselves from intrusions and
faults or incorrect usage of the system by investing in independent checking systems.
ISO Standard 27001 includes comprehensive examination and review of all the security
information measures starting from loss of files and information, to penetrating the
systems through viruses and online commerce, illegal entries and reconstruction of the
system.
An information security management system has three main components:
1. Confidentiality - protecting vital information from exposure to unauthorized people.
2. Reliability - maintaining the perfection and accuracy of information software.
3. Availability - ensuring the availability of information and services.
These standards carefully check an organization’s risk potential and emphasize areas
that need improvement, giving a new level for handling sensitive files and information.
The certification process enables the organization to concentrate on the improvement
of the organization’s security systems and enables the exchange of information between
the people of the organization and its customers and partners.
54
8. Protecting Files at Storage & Transit
In this part of file protection, we will bring up techniques and different systems when
the file is on transit or in storage. In both cases, it is needed to protect the file from
exposing it to undesired intruders. It should be remembered that in many cases a file
has to be shared or replicated and kept online which makes the security of it very
complicated. In other words, file protection systems are becoming more vulnerable to
security breaches which can result in damaging losses.
Especially, when there is a rapid increase in sensitive files such as healthcare records,
customer records or financial files. Protecting such files while in transit as well as while
at rest is crucial. During its life-cycle, the file travels from various users through various
networks and storage systems and ends up in online or offline file archives. A lot of
potential attack points exist. Therefore, the file needs to be stored and protected at
every stage of its life-cycle. Which means, when planning a file protection system, the
following factors should be taken into consideration:
8.1
Techniques and Different Systems when the File is on Transit
or in Storage
8.1.1 Authentication and Authorization
Authentication and Authorization are the most basic security services that any
storage system should support. Authentication is the identity of an entity or the
source of a message. Therefore, the servers should verify the identity of the
producers, consumers and the administrators before granting them appropriate
access (read or write) to the file. Authentication can be mutual: that is, the
producers and consumers of the file may want to authenticate the servers to
establish a reciprocal trust relationship. Message authentication is preformed by
an entity to authenticate the origin of messages sent by another entity.
Authorization can be preformed by maintaining access control list on the storage
55
server or by using capability certificates that list the access right which grants the
holder of the certificate access to the storage.
8.1.2 Confidentiality and Integrity
As the file is transferred and stored at one or more remote storage servers, it
becomes vulnerable to unauthorized disclosures, unauthorized modifications
and attacks. An attacker can change or modify the file while traveling through
the network or when the file is stored on disks or tapes. Further, a malicious
server can replace current files with valid old versions. Therefore, securing files
while in transit as well as when it resides on physical media is crucial.
Confidentiality of a file from unauthorized users can be achieved by using
encryption while file integrity can be achieved using digital signatures and
message authentication codes. Confidentiality and integrity of a file at rest as
well as while in transit can be achieved by performing cryptographic operations
on the user’s side. This is called end-to-end security where the writers encrypt
(and sign) before sending the file to the storage servers and the readers decrypt
and verify the integrity of the file on their machines.
Encryption and decryption is not done on the server side. If the writers are
required to sign their modifications, then the signatures also ensure non
repudiation, since the writers cannot deny their modifications. End-to-end
security places minimal trust on the storage servers and the file is accessible only
to the users with appropriate keys. Therefore, securing these keys is important
for the systems that provide end-to-end file security. Further, the keys have to
be secured as long as the file is not deleted.
Israeli companies developed flash memory, which encrypt the data on the disk
on key, by this the data can be transferred physically by the owner from one
place to another and in the case the flash memory unit is lost, the files on it will
not be reviled as the strong encryption will be impossible to decrypt.
56
8.1.3 Availability
Daily business activities, requires continuous file availability whereas on the
other side, system failures and Denials of Service attacks are very difficult to
prevent. A system that embeds strong cryptographic techniques but does not
take measures to ensure availability by backup or to use technology for recovery
cannot survive.
Key sharing and key management
In some cases, especially in a group operation or in normal office activity, file
sharing is quite common and normally there is a multi-user net-centric
application. Usually the files are encrypted, then in order to share files among
the group, there is a need to share keys. Efficient management of these keys is
important, as revoking a user from group of users sharing files, or merging two
groups will require re-encryption of shared files and re-distribution of new keys.
8.1.4 Auditing and Intrusion Detection
Management logs are important in storage systems for system recovery and
intrusion detection. Storage systems require attention on the management
especially authenticating the people who access the storage as the information it
contains could be curtail to the organization.
In this case, where many users have access to the storage, it needs key sharing.
The storage server authenticates each user and checks whether the user has
appropriate privileges before granting any access to the file. Usually this is done
by using passwords and access controls.
End-to-end security can be achieved where cryptographic means are performed
on the client side to keep the file secured from the attacking server as well as
other unauthorized users. These systems embed cryptographic means into the
file system itself. Cryptographic file systems do not assume shared access to file,
do not include key sharing and key revocation mechanisms.
57
A storage-based intrusion detection system is an intrusion detection system
embedded in a storage device or a file server. It analyzes access patterns and
modification characteristics to the files, anticipating an attack. The main
advantage of a storage-based intrusion detection system running directly on the
storage servers, is that compromise of a host operating system, does not result
in compromise of the storage-based intrusion detection system. Therefore, a
storage-based intrusion detection system can still perform in the presence of
host compromise. Further, the storage servers can perform inline detection by
analyzing every request from the client.
The network file system is the most widely used network attack file system. It
enables heterogeneous clients to transparently share files stored on remote file
servers without having to worry about the location of the files. An authorized
client on a legitimate machine can mount the file system stored on the server.
Heterogeneity and portability were the driving principles in the design of
network file system. The system has two basic components: the client program
installed on the client machine and a server program installed on the server
machine. The administrator can specify a list of hosts that will be allowed to
access the exported directories and the security flavors that a client can use to
access the exported file systems.
8.2
USB – Disk on Key Portable Storage Devices
Personal storage devices are becoming more and more powerful and have become part
of the every day working tool in the enterprise environment. But these devices typically
lack security, control and management tools.
Employees don’t think twice about taking work home, or out of the office, on the
personal disk on key drive. These personal storage devices that people carry around
even as gadgets, are being used both innocently to increase productivity and for other
less legitimate purposes such as smuggling information out of the enterprise. Even when
58
used with the best intentions, the files and data stored on USB drives is generally not
covered by routine company procedures such as backup, encryption, or asset
management. It becomes a problem for organizations to keep track of the files and data
that are entering or leaving the company via these devices. Keeping the company files
and data secure has become a significant challenge for any IT department.
Security Implications
When the organization’s information is stored on non-secure and personally owned
devices, employees put their employer at risk every time they step out the door.
Auditing companies are at risk of exposing account numbers, hospitals can be exposed if
patient information falls into the wrong hands, and finance companies need to ensure
that mission-critical files are not lost. Once company files fall into the wrong hands, the
possibility of threats is significant.
To minimize the threat of files and data leakage, there are several measures that an
enterprise needs to take in order to secure its file and data:
1. The company should define and publicize the organization’s policy for personal
storage devices.
2. Institute the use of company-issued personal storage devices.
3. Make sure devices are fully encrypted.
4. Make sure users cannot circumvent security measures.
5. Maintain an audit trail of data stored on devices.
6. Be able to recover data residing on personal storage devices.
7. Make sure the enterprise solution comprehensively provides the ability to
control the use of all removable devices, inside and outside the corporate
environment, and to centrally manage company-issued USB drives.
Further, there are a number of hardware and software solutions ranging from data
encryption to authentication, anti-virus protection, and other monitoring options that
have been developed in recent years to address these problems. Some solutions, such
59
as blocked ports, encrypted storage devices, and software encryption of data are used,
but these do not give all the security that is required to ensure a comprehensive
solution for the majority of removable devices.
Evaluating access control and encryption are two major elements which are essential in
securing data on USB flash drives. Access control, whereby access is granted to decrypt
data only to users who have been authenticated as authorized users, is measured by the
strength of authentication. At a minimum, a complex password, typically consisting of
an 8-character combination of letters and digits, is used to prevent attempts to guess
the password.
Encryption which is preformed either by software or hardware alters data in order to
make it inaccessible without the proper key to decrypt the data, measured by the
strength of the algorithm that is used to encrypt the file and by the ability of the
software or hardware-based system to generate a truly random encryption key.
Fending off Common Attacks
It is widely acknowledged that hardware-based encryption implementations can help
prevent a range of common attacks more effectively than software-based encryption.
But not all hardware-based encryption implementations are equal in strength.
Brute Force Attack
Brute Force attacks guess the password or the encryption key. An attacker who illegally
obtains a USB flash drive can plug it into a computer and use a program designed to
guess hundreds of passwords or the encryption key every second, based on algorithms
specifically designed for this purpose.
These attacks are thwarted both by enforcing the use of complex passwords and by
counting and thereby limiting the number of login or decryption attempts. Software
implementations cannot prevent these attacks efficiently since they must use the host’s
60
memory to store intermediate results, including the number of login/decryption
attempts. This implies that a modestly knowledgeable hacker can locate and then reset
the counter without too much effort until the password is discovered.
In hardware-based security solutions, access control, encryption and decryption are
implemented by a dedicated crypto module located inside the USB flash drive. When
hackers run a brute force program on the host computer, the crypto module counts the
number of attempts and locks down the USB flash drive, rendering information stored
on it inaccessible after a predefined limit is reached. Some systems also destroy the data
and the encryption keys on the USB flash drive as an extra precautionary measure.
Unlike with software-based solutions, hackers cannot run analysis utilities to locate and
reset the counter since the USB flash drive does not allow any external program to run
on it and access its memory.
Parallel Attack
A parallel attack is a brute force attack variant in which the attacker copies the
encrypted data from the stolen USB flash drive, shares the data with as many computers
as possible that are under his/her control, and then puts them to work in parallel to
guess the password offline and unlock the encrypted data. By nature and design,
software implementations cannot prevent the attacker from easily copying the
encrypted file from the USB flash drive and initiating a parallel offline attack.
In contrast, hardware-based implementations prevent the mapping of storage from the
USB flash drive to the OS file system until the user enters a correct password. As a result,
the attacker cannot copy the USB flash drive contents without first knowing the
password.
Cold Boot Attack
Very recent research by a team at the highly respected Princeton University points to
how a little known characteristic of Dynamic Random Accesses Memory (DRAM) can
serve as a window of opportunity for a cold boot attack.
61
DRAM is used to store data while the system is running. After power is removed, all
content is deleted in a gradual process that can take anywhere between a few seconds
and a few minutes. If the chip is cooled by artificial means, the content can be retained
for as long as 10 minutes.
This characteristic of DRAM memory enables a hacker to read the memory content by
cutting power and then performing a cold boot with a malicious operating system. This
is deadly for disk encryption products that rely on software to store encryption keys. An
attacker can cut power to the computer, then power it back up and boot a malicious
operating system that copies the memory content. The attacker can then search
through the captured memory content, find the master decryption keys and use them to
start decrypting hard disk contents. To retain the content for a longer interval, the
hacker can simply chill the DRAM chip before cutting power.
A hardware-based encryption system is not vulnerable to a cold boot attack since it does
not use the host RAM to store the keys.
Malicious Code
Malicious code can run on a PC into which a USB flash drive is inserted. This could alter
the software-based encryption, including the software itself or the drivers, to disable
the encryption. Malicious code can also copy data from the USB flash drive after it has
been authenticated, or it can copy the user password and use it after the user logs out
of the drive.
Hardware-based encryption is not affected by malicious code because it uses a security
mechanism that is independent of the PC and its operating system.
Choosing the Right Security Activation
Software-based encryption can be implemented on all types of media used by the
organization. Hardware-based encryption is tied to a specific device; however, this
means that it is “always on” as part of the device specifications. This of course makes
security a given, requiring no user intervention. In contrast, software-based encryption
62
can be disabled by the user/attacker, or the user can unintentionally forget to enable it,
causing data to be stored with no protection.
Dependence on Security of Operating System
An application’s security depends on the security level of the operating system. A flaw in
the operating system is likely to lead to the subsequent vulnerability of the application
running on top of it. For instance, a security problem involving the operating system can
cause security problems with the cryptographic module implementation. Examples of
this phenomenon include operating systems that leak memory contents through swap
files and flaws in the memory management and protection schemes of operating
systems.
Software-based encryption, by nature, depends on high-level operating system services.
Hardware-based encryption does not, and is therefore not dependent on the secure
implementation of these services to ensure its own level of security.
Designed for Usability
The level and type of security provided by software-based encryption typically requires
driver installation onto the PC operating system to enable the USB flash drive to
function properly. When the USB flash drive is used on a foreign PC, it also requires
driver installation with the associated risks of incompatible drivers and malicious code
transfer. Some hardware-based encryption solutions also require installation of a driver
on the host PC, making the driver susceptible to attacks and making the drive more
cumbersome to install.
More robust hardware-based encryption does not require driver installation, nor any
other type of software installation on the host PC. This keeps the encryption
independent of the PC while not leaving behind software footprints.
Application Code Integrity
Application code is stored in memory and is executed on demand or according to prior
instructions. If this code is stored in a common memory space which is not necessarily
63
protected as required (as explained in the section on “Brute Force Attack”), an
adversary can modify it, causing the USB flash drive to either malfunction or leak critical
information.
Software-based encryption is much less effective at maintaining application code
integrity than hardware-based encryption, which uses a fully contained memory space.
In some hardware-based encryption systems, the code is digitally signed against the
hardware, verifying software integrity each time the USB flash drive is inserted in the PC
to provide an extremely high level of code integrity.
Comparing Performance
It is generally recognized that hardware-based encryption solutions are superior in
terms of throughput capacity and speed as compared with software encryption, with
the added benefit of not degrading the performance of other programs or processes
that are running. This is because dedicated hardware inside the USB flash drive is used
for the encryption/decryption process, rather than latching onto existing processing
capacity as in the case of software-based encryption.
Of course, not all types of hardware-based encryption deliver equivalent throughput
and speed on USB flash drives. The experience of a given company with flash memory
management and the type of flash technology used are key factors in evaluating the
USB flash drive and its encryption.
8.3
Hard Copy and Electronic File Protection at Storage
In recent years, electronic information’s archive has reached an all time high, while
storage of information has also increased in organizational importance. In an enterprises’
storage, many factors are involved and must be taken into consideration such as
security, safeguarding, cost of management and support.
This is the reason that many enterprises outsource their storage to utility-model based
service providers. Outsourcing has emerged as a popular and often cost-effective option.
However, this raises issues related to data safety and file protection.
64
The performance of the file protection while in storage and the factors of managing,
supporting, and safeguarding it are among other considerations of any enterprise that is
considering outsourcing the management of its storage.
The Israeli Government passed a law concerning the storage obligation for certain
sensitive types of files and their security. The law imposes on the manager of the archive
a high obligation to protect the hard copy files and legislates how to burn the files when
the time is right. The law details which file is sensitive and how long it needs to be kept.
Some companies outsource their storage management and some run their storage
themselves because of lack of trust of the outsourcing storage. This lack of trust is due
to the fact that any person who gets in touch with the file can affect the security of it by
changing, adding, coping or taking information. Therefore, many organizations keep the
physical file under their control, and if they outsource it, they use encryption.
Enterprises that outsource their archive expect comprehensive service which includes
fulfilling that the security requirements will be fulfilled according to the law and the
rules that the company issued.
The service providers need to be concerned about the possibility of reading, writing, or
changing the contents of the files. They should be sure that their employees have the
integrity and the responsibility of working in such a storage service providing and should
have them sign a contract that obliges them to keep secrecy and to secure the files and
not to make any use of the file other then the one that was intended for it.
8.4
File Protection in Cellular Phone and PDA’s
It is well known that the cellular phone is no longer just a phone. It has become more
and more like any other PCs because of the connectivity to the Internet. These third
generation devices now have a variety of application abilities and transmit information
from one device to another or to a PC or hand-held device. All of this has transformed
the mobile phone into a full working station. As such, it is unsurprisingly exposed to
virus and worm threats, as well as malicious codes and Denial of Service attacks. 50% of
all cellular devices support third generation technology, and therefore they are more
65
exposed to the Bluetooth and Wi-Fi interfaces. This means more use of the cellular
phone for Internet surfing, for office works including connecting to files. Until recently,
the subject of security was not taken seriously since all communication actions passed
through the cellular operator, and its protection of the network was sufficient. However,
the new communication abilities have created new demands for security.
An additional problem is that communication protocols, on which the cellular networks
are based, were not planed to provide built-in information security abilities. Security
breaches should be mitigated through the network perimeter systems which operate at
the level of the cellular operator and the network service providers. Standardization
bodies have started to address the issue and refer to the traditional security solutions
without elaborating or setting a uniform standard, therefore each organization chooses
what to focus on and how to execute according to its considerations without direction
and guidance.
The cellular and PDA devices pose new risks to an organization, including the following:
Handheld devices can be easier to misplace or to be stolen than a laptop or
notebook computer because of their small size and used outside the office. If
they do fall into the wrong hands, gaining access to the information they store or
are able to access remotely can be relatively easy.
Communications networks, desktop synchronization, and tainted storage media
can be used to deliver malware to handheld devices. Malware is often disguised
as a game, device patch, utility, or other useful third-party application available
for download. Once installed, malware can initiate a wide range of attacks and
spread itself onto other devices.
Similar to desktop computers and cell phones, PDAs are subject to spam, but this
can include text messages and voice mail, in addition to electronic mail. Besides
the inconvenience of deleting spam, charges may apply for inbound activity.
Spam can also be used for phishing attempts.
66
Besides the virus problem, spam mails have become a major nuisance and a security risk
to the cellular. Soon, marketing messages on the mobile phones will need filtering and
will become a problem. These messages can carry various viruses that directly attack the
mobile phone and unlike a file sent to a PC that requires an approval for its opening, in
this situation, just receiving the message will open a Back Door for a Trojan horse.
Various legislation proposals have been raised for the prohibition of sending spam mails.
SMS messages and other kinds of phone messages can be regarded as spam. Such
regulations do deal with the definition level, however it is difficult to imagine
enforcement abilities in general, and in the cellular world in particular.
Responsibility for customer protection
Following are questions regarding cellular security:
Can the cellular operator take responsibility for information passed between its
customers?
Are the content services it provides, protected and secured?
In the near future, new anti-virus products and personal firewalls will be developed. In
addition, special attention should be given to the question of supporting digital
signature in cellular phones, and to the management and control of communication
interfaces. Cellular operators are starting to cope with the problems with which every
ISP is already familiar.
67
9. File Protection – Bluetooth
File protection is needed in many applications where files are transferred. One
technology that has been addressed is the Bluetooth technology which is used for short
range communications. Bluetooth technology is used in a large set of wired and wireless
devices such as mobile phones, PDA's, desktop and mobile PC's, printers, digital cameras,
and dozens of other devices. Being wireless, Bluetooth is potentially vulnerable to many
attacks. It is very difficult to prevent Bluetooth signals from leaking outside the desired
boundaries. The possible damage of successful wireless attack starts with the ability to
eavesdrop on the file transferred during the communication of two devices, and ends
with the ability to fully impersonate other devices.
Bluetooth technology has a significant security component, which includes key
management, authentication and secrecy. However, the security of the whole system
relies on the user’s choice of a secret Personal Identification Number (PIN) which is
often much too short. Moreover, Bluetooth designers invented several new
cryptographic primitives, which were incorporated into the system. Cryptographers
consider fielding new primitives to be risky, because new cryptography is less tested and
may contain hidden flaws. Furthermore, Bluetooth is designed for short-range
communication, this short-range is perceived as security feature, since an attack is
supposed to be quite near the attack target – but as the technology develops the
distance for transmission extends. Finally, as Bluetooth gains popularity on PDA’s and
laptops, the information that lures attackers grow from cell-phone address books to
valuable corporate files.
Research has been done regarding the efficiency of the attack on the Bluetooth, which
shows that to be successful in the attack, Bluetooth technology needs some special
conditions. These attacks can be split into two classes: short key-stream attacks, attacks
68
that need at most 3,100 known key-streams bits: and long key-stream attacks, attacks
that require much more known key-stream. Long key-stream attacks are generally not
applicable within the Bluetooth settings since a maximal Bluetooth continuous frame is
shorter than 3,100 bits.
Therefore, all long key-stream attacks are applicable only outside the Bluetooth system.
Researchers at the Israeli Technion introduced an experimental passive attack, in which
an attacker could find the PIN used during the Bluetooth pairing process. In the pairing
process, the researcher assumed that the attacker eavesdropped on an entire
authentication process and saved all the messages between A and B. He then used two
messages that he identified and compared them. The attacker could use brute force
algorithms to find the PIN that was used and enumerated all possible values of the PIN.
The researchers then describe implementations of this attack, using three optimization
methods. For this purpose, they wrote a special-purpose Bluetooth security suite from
scratch. Their fastest optimization employs an algebraic representation of a central
cryptographic primitive used in Bluetooth. Their results show that a 4-digit PIN can be
cracked in less than 0.3 seconds on an old Pentium III 450MHz computer, and in 0.06
seconds on a Pentium IV 3Ghz HT computer. They then sketch an additional attack that
can force Bluetooth devices to repeat the pairing process and make them vulnerable to
the first attack. Knowing all of the messages between A and B, it is possible to use each
one of the messages to find out the Bluetooth PIN and to crack it.
Some different projects have been carried out by different universities and companies in
Israel to come-up with the solution to the securing the problem of the files and
information that can be stolen using the Bluetooth technology.
Work carried out at the Technion Institute by Dr. Tal Keidar, addresses the security
scheme in Bluetooth, describing the different mechanisms and protocols. The work also
addresses several of the known weaknesses in the security scheme. The work analyses
one of the known weaknesses, with regard to the use of “unit keys” and suggests an
69
improvement to overcome this weakness, with minimal impact on the rest of the
security scheme and with no significant addition of logic functions.
9.1
Cryptanalysis of the Bluetooth E0 Cipher Using OBDD’s
This research was carried out by Dr. Yaniv Shaked and Dr. Avishai Wool, at The Technion,
Israel Institute of Technology.
The researchers’ thesis relied on the fact that Binary Decision Diagrams (BDDs)
Bluetooth employs a stream cipher as the data encryption mechanism. This stream
cipher, E0, is based on 4 Linear Feedback Shift Registers of different lengths, along with
non-linear combiner logic (finite state machine). The key-stream is XOR-ed with the
plaintext, to create the cipher-text, and decryption is performed in exactly the same way
using the same stream used for encryption.
The research describes an implementation of an attack against E0 that is based on the
use of BDDs. They based their work on the work carried out by M. Krause. They used
OBDDs instead of FBDDs throughout the algorithm, re-engineering the algorithm to
adjust to the different LFSR (Linear Feedback Shift Registers) lengths. They developed an
efficient compostable BDD for the compressor, and after discovering that standard BDD
algorithms and libraries are very inefficient for this algorithm, they wrote a new BDD
code that is optimized for attacking E0.
The researchers built several hybrid variants of the basic BDD-based algorithm. These
variants include: partially guessing LFSR's initial data, using an intentionally defective
compressor, and enumerating the satisfying assignments and testing them. They
evaluated their attacks against the full, non-reduced, E0 cipher. Their best research
tools can recover the initial state of the LFSRs, for the first time, with a practical space
complexity 84MB RAM. The time complexity is 287, slightly higher complexity than
reported before; however, the attack is massively parallelizable. In addition to the
specifics of Bluetooth, this work describes practical experience with BDD-based
70
cryptanalysis, which so far has mostly been a theoretical concept. The researcher’s
conclusion was that after they presented an implementation of a BDD-based attack that
is a short key cryptanalysis of the E0 cipher that several significant reductions and
changes needed to be made to Krause’s general attack. Their best research tool has a
time complexity and has significantly better space complexity than the recent work of
which is roughly equivalent to that of the attacks of their colleagues.
When two Bluetooth devices wish to establish a secure communication link, they first
undergo the pairing and authentication process. At the end of this process, both devices
hold a 128 bit secret key. This key is stored in a stable memory area of the two devices,
for future communication between these devices. This key is used to generate the
encryption key, also known as the session key. Using an algorithm, both devices derive
the encryption key from the link key, a ciphering offset number that is generated during
the authentication process done prior to the encryption phase, and a public known
random number that is exchanged between the devices. The encryption key is then
modified into another key. This modification is done to lower the effective size of the
session key, according to the effective length the devices have decided upon negotiation
in a preliminary phase.
71
10. Cases of File Protection in the Newspapers
The Israeli newspapers publish articles from time to time to inform of computer
intrusions that occur in the Israeli market. The most attacked countries for computer
assaults are Switzerland, Hong Kong, Israel and India. Following are a few examples of
intrusions that occurred on purpose to damage files:
1. The people, Daily Mail Edition 4257 date: 27/07/2006: The Science and
Technology Committee in the Israeli Parliament advised that in the last few
months, the attacks on Government computers increased by 8% and are about
40,000 -79,000 attacks per day. The most preferred sites are: police sites,
General Security Services, the Mosad - Israeli undercover intelligence
organization, the Government and Prime Ministers’ sites.
The Science and
Technology Committee held an urgent meeting to discuss the “war on the net”
and to be sure that all security measures have been taken to protect the
Government site. According to the committee, the average attacks on Tehila
servers, the Government project for e-Government site, on normal days are
about 10,000 - 15,000. Sometimes, they intensify and can double to 20,000 40,000 attacks, with the peak of attacks at 79,000. It was said that there is direct
correlation between the physical conflict and the virtual conflict on the network.
The attackers are scanning thousands of ports every day on purpose to find
weakness in Government security.
The characteristics of the attacks:
There are two basic attacks: DoS type which attempts to prevent Government
services and to disrupt access to these sites and a second type which attempts to
destroy Government files. The Committee advised that the security possibilities
72
are not absolute and there are always possibilities to break into a site. However,
the security procedures are very strict and Tehila’s first concern is the file and
information security which is secured 24 hours a day by heavy technology.
Tehila’s project manager advised that although there are many attacks, the
attackers do not succeeded in penetrating the systems.
2. The People: Internet service providers claim that recently there has been an
increase of 20% - 30% in attacks on their clients’ sites. They claim that they are
doing their utmost to prevent these attacks they have checked that they have
complied with all the necessary standards and they have sent letters to all their
clients and advised them to protect their computers.
3. The Internet News 14/07/2008: Anonymous people attempted to break into the
computer of one of the largest banks in Israel. They intended to steal a file
named “business risk” which included sensitive information about the banks
customers. It is possible that the intruder is a person that owes money to the
bank and wanted to delete his debt to the bank or it is more likely that it was
done by private detectives. The bank also checked the possibility that this
incident was initiated by a person from inside the bank.
4. The Internet News, 06/07/2008: The website of the Center for Examination and
Assessments was broken into and the site was ruined. This Center is in charge of
testing and classifying the different candidates to the various faculties. The
penetration occurred close to the date of the psychometric examination. The site
was closed and was not put back on air for checking the incident and building a
better security system.
5. The site for reporting about companies that trade on The Tel Aviv Stock Market
was paralyzed during the last half hour of the trading day. The reason the site
73
stopped trading was due to an attempted attack by hackers. During the attack, it
was not possible to enter the site, and an error message came-up. This system is
not linked to trading on the stock exchange therefore it was difficult to locate
possible hackers without disrupting information.
6. Israeli police arrested a suspect for breaking into e-mails of users at the service
provider Walla. This person copied intimate image of users and ruined their files.
The suspect was arrested following complaints from several young girls that held
an e-mail account in the portal, who complained to the portal management. The
portal management collaborated with the district police fraud squad in Tel Aviv
and followed the attacker’s actions. Once he was identified, the police
investigators came to his home and searched his materials on his computer. In
this investigation, the attacker admitted that he broke into more than 30
different e-mail boxes. The suspect was brought to the Magistrate's Court in Tel
Aviv, where police requested that he be released under restrictive conditions.
Presumably, the complaining girls were registered in different forums in the site
where they identified themselves with user name and passwords that they also
used for their private e-mail accounts. This information led to the exposure of
their e-mail and the possible penetration.
74
11. Researches by Universities and Institutes
11.1 Real-Time Implementation for Digital Watermarking in Audio
Signals Using Perceptual Masking
This research was carried out by Dr. Tal Mizrahi, Dr. Eran Borenstein and their
colleagues at The Technion, Israel Institute for Technology.
This research presents a technology which will help to protect the authentication and
originality of a file. Digital watermarking is the process of embedding information into a
digital signal. The signal may be audio, pictures, or video, for example. If the signal is
copied, then the information is also carried in the copy.
There are two possibilities for watermarking, visible and invisible. In visible
watermarking, the information is visible in the picture or video. In invisible
watermarking, information is added as digital data to audio, picture or video, but it
cannot be perceived as such. An important application of invisible watermarking is to
copyright protection systems, which are intended to prevent or deter unauthorized
copying of digital media. Steganography is an application of digital watermarking, where
two parties communicate a secret message embedded in the digital signal. While some
file formats for digital media can contain additional information called metadata, digital
watermarking is distinct in that the data is carried in the signal itself.
In this research, the researchers emphasized that the watermark is a signature,
embedded within a file of an original signal, which in addition to being inaudible to the
human ear should also be statistically undetectable and resistant to any malicious
attempts to remove it, which means, the embedding system gives the owner of the file
the possibility of inserting a signature into his original file.
75
Digital watermarking is one of the most significant copyright protection system. The
researchers presented in their work a novel real-time signature embedding system for
digital watermark in audio signals. The embedding mechanism enables an owner to
insert into his own file a digital watermark in such a way that the audio quality is not
reduced. In addition, the watermark should be able to resolve multiple ownership
claims, by using the original signal in the signature detection process. This is done by
using the human auditory system’s masking characteristics. The detection system
enables the owner to check for the existence of the watermark in a tested file. The
presented system solves the problem of ownership claims by keeping the original file or
parts of it for future ownership claims.
The audio signal is divided into segments. For each segment, a local key is calculated and
summed up with a general key (independent of the segment) to initiate a pseudorandom noise sequence for the segment. The noise is colored by a filter whose
coefficients are calculated according to the psycho-acoustic model. After applying a
temporal mask (in order to reduce the pre-echo effect), the colored noise becomes a
watermark. The resulting signature is inaudible because it is using the Human Auditory
System masking characteristics both in time and frequency domains.
The owner can use the detection mechanism which enables him to check for the
existence of his signature in a tested media.
76
11.2 Condor Local File System Sandbox High Level Design Document
This research was carried out by Dr. Kfir Karmon and colleagues at The Technion,
Institute for Technology.
This research deals with Condor which is a system developed at the Technion which was
developed to implement, deploy, and evaluate mechanisms and policies that support
high throughput computing on large collections of distributive owned computing
resources. The team of researchers is building software tools that enable scientists and
engineers to increase their computing throughput.
This system is capable of executing any program submitted to it when running on
remote resource, a program can perform various activities, such as reading and writing
files, opening network connections and communicating with other remote entities, e.g.,
database, or hierarchical storage. Condor system does not have mechanisms to prevent
malicious attacks such as virus attacks or actions that are preformed to steal
confidential information from the execution machines, to distribute spam, initiate
distributed coordinated attack on some server, or try to cause local resource
malfunction by filling up tmps. These attacks restrict access to specific system resources,
such as local file system or network. This problem is particularly critical for the pools
with resources running MS Windows, mainly due to the fact that it comes with fairly
relaxed default security policy.
This current project aims to provide a solution to the problem of resource protection, by
allowing to explicitly controlling Condor-invoked program access to local system
resources. This solution is called the Resource Body Guard. The vision is to be able to
specify Access Control Lists for file system and network, together with restricting the
intensity of their usage. For instance, the researchers want to allow the Condor program
to write to c:\temp directory, but they disallow it to write more than 500 Kbytes per
second and not more than 500MB in total.
There are several technical and algorithmic challenges. First, it is vital for this solution to
have minimal impact on the locally invoked programs, and on the non-malicious
77
programs invoked by Condor system. Second, a running program should not be able to
escape from this solution. And finally the Resource Body Guard solution is required to
interact with Condor resource allocation process in order to minimize the amount of
programs which can be known in advance to not be allowed to run on a resource.
The researchers are currently working only on the aspects of the solution for file system.
78
11.3 Un-Trusted Storage
This research was carried out by Dr. Amir Shenhav and Associates atUniversity of Tel
Aviv .
In this research on Secure Un-trusted storage, network based storage solution, such as
Storage Area Networks provide users with the opportunity to outsource storage
management, and to achieve good performance when accessing the file. However,
crucial security problems arise when the storage environment is no longer trusted. A
secure system needs to provide confidentiality, data integrity, authenticity, freshness
guarantees and access control. Since the outsource storage companies present poor
performance, maybe this is one of the main reasons to limit the adoption of such a
solution.
The fact that many research works use public-key cryptography, motivates a careful
examination of the reasons for its usage, while looking for symmetric key alternatives.
Public-key cryptography is used in secure file systems for the following reasons:
1. Key Distribution.
The cryptographic algorithms involved in securing the file system require the use of
several keys for different operations. Some systems use two types of keys. User keys,
that are bound to each user’s identity, and file keys that are assigned to each file, group
of files or even to a block in a file, and are handed to the users that share this file.
Therefore, a mechanism for key distribution is required. This mechanism may be inband, which means that the file system manages or participates in the distribution
process, or out-of-band, assuming an existing key distribution infrastructure. Most of
the systems use public-key cryptography to allow secure, confident and authenticated
key distribution.
2. Digital Signature.
79
Cryptographic file systems use digital signatures to achieve three goals: data integrity,
user authentication and differentiation of readers from writers. The differentiation is an
outcome of the asymmetry of public-key signatures between the signer and the verifier.
Users who are only allowed to read the file are handed only the public key and thus
cannot change the file without being noticed.
The importance of this subject can be measured by the research that has been done in
this field, the reason for that is because storage security research has attracted growing
interest in recent years. Since the storage world advances, it becomes more complicated
to secure, yet more vulnerable to attacks.
This research emphasizes the different assumption of system architecture, the trust
model and security goals in the different works that are reviewed.
Most research trusts the file server but wish to protect against malicious users using or
snooping the network.
The researchers follow the model of un-trusted server storage as in the systems SiRiUS,
Plutus and SNAD. SiRiUS and Plutus can be viewed as complementary works: SiRiUS
handles key distribution issues but operates as an add-on that does not change the
underlying file system; Plutus does not refer to key distribution but presents a new
design for the file systems itself, providing efficient random access, filename encryption
and revocation. SNAD, like SiRiUS, uses in-band key distribution, but in contrast to
SiRiUS, suggests that keys refer to users and not to files. Both SNAD and Plutus are
ambivalent concerning the trust they have in the file system. They both require the
server or disk to perform checks before reading or writing the data as an access control
measure that is effective only if the server has not been compromised.
SiRiUS, Plutus and SNAD rely on the public-key cryptography in their design except that
file or block encryption is done with symmetric-key algorithm. In SNAD, a symmetric
HMAC is suggested as an alternative to signatures – but then the user must rely on the
file server to handle the access control and to differentiate readers from writers.
The researchers suggest methods to improve the performance of cryptographic file
systems by replacing the public-key cryptography with symmetric key algorithms. The
80
main issues they address are in-band key distribution using symmetric key methods and
providing data integrity and cryptographic access control without public-key signature.
The researchers mentioned some other research and suggested their way of integrity
and access control and public-key signature. They suggest two schemes to replace
public-key signature with symmetric key techniques, and consider the relevant tradeoffs between the two options.
1.
Using master authentication code. The scheme is most suitable for the scenario
of a few readers and many writers.
2.
If all the users that share a file have written permission, a master authentication
code with a signal shared key is sufficient, since each user has an equal right to
exchange the file. The researchers suggest adding a single user with a read-only
permission. This reader will be able to verify the file integrity against an external
adversary, yet to prevent him from changing the file without being detected by
the writers. To do this, they require each writer to calculate two master
authentication codes on every file update, one with a key shared only by the
writers, and another with a key that is common to all the writers and the single
reader. The reader can change the second master authentication code since he
holds the key, but this will give him nothing as he is the only user that checks this
master authentication code. The reader cannot modify the first master
authentication code, since only the writers hold its key. To extend the scheme to
support more readers, the researchers require the writers to calculate a
different master authentication code for every reader. For each of these codes
the writer uses a designated key known only to the writers and the appropriate
reader. This approach encounters three drawbacks:
a) Key management.
b) Time added to each write operation to calculate all the codes.
c) The overall space consumed.
For the problem of key management, the researchers suggest the following scheme:
81
During file creation, the owner generates a random file master code key that is
handed only to the writer.
Each reader receives a private file reader code key and identifies the
identification number.
The key of the readers are derived from the master key using a one-way function.
There is no need to store multiple reader keys. When the file is updated by one
of the writers, he can derive all file reader codes keys, on the fly, from the file
master code key.
A second drawback of this scheme is that the time and overhead grow with the number
of readers of the file. The overhead includes the time needed to derive the readers’
master authentication code keys from the file master code key, and for each update, the
time required to calculate all the codes. To lower the first overhead, the researchers
suggested deriving the reader keys at file opening. The keys can be saved locally as long
as the file is open.
The third drawback of this scheme is space. The researchers argue that for a very small
number of readers, the space overhead can be similar to a public-key signature
requiring about a few hundreds of bytes. It becomes a significant problem as the
number of readers grows. To address the problems that result from a large number of
readers, we suggest using a combinatorial approach. Instead of adding another key for
any additional user, the owner derives a fixed number of keys from his file master code
key. These keys will be later used by the writers to calculate a set of master
authentication codes using each one of the keys. The owner gives each reader a subset
of the derived keys. To verify the file integrity, the reader calculates the master
authentication code using his subset of keys and compares them to the corresponding
master authentication code. However, this method allows a group of malicious readers
to collude and share their keys. Therefore, the security of the rest of the readers is
problematic and depends on the size of the set of keys, the size of the subset of keys
handed to each user, and the coalition size.
82
Using one time signature, the researcher suggested a different approach which is to
look for an efficient signature scheme that presents better performance than a regular
public-key scheme, an approach that was used for multicast authentication to use onetime signatures that are based on symmetric-key primitives such as one way hash
function. Here, the researchers introduced a scheme that is useful for scenarios where
the files permission profile consists of one publisher and many readers. A one time
signature is based on a set of public commitments to secrets that the signer randomly
generates. Some of the secrets are exposed according to the message to be signed.
These secrets serve as a signature and can be validated against the public commitments.
However, each set of such committed secrets can be used to sign only one (or a few)
messages. In contrast to master authentication code, one-time signatures provide the
asymmetry between signer and verifier which can give us the ability to distinguish
readers from writers. One-time signatures also provide non-repudiation.
83
11.4 Terror on the Internet
This research was carried out by Dr. Ela Oppenhimer, at Bar Ilan University in Tel Aviv.
This research examines whether there is a connection between the appearance of cyber
terrorism and a crisis which is happening simultaneously (e.g., political, nationalistic and
regional crisis). The research indicates that terror and Internet are two notions that are
completely different from one another but were combined together in the concept of
“information warfare”. Information warfare constitutes an activity which is intended to
make one object superior to another object, by damaging the file system of the enemy
by using the tool of processing information. Information warfare strategies can be a
means of protection and also a warfare tool. Terrorists look for ways which will assist
their goal of disrupting daily lives by hitting exposed spots. An example of these spots is
the communication networks and also social events which guarantee an extensive
media coverage. A vast usage of computing and of communication networks also
creates an infrastructure for crimes that can be added under the title: “terrorist attack”;
terrorist attacks of this kind have gained a new name: cyber-terrorism. Actions of cyberterrorism can be preformed by individuals and by terror organizations. Usually, a terror
organization has its own web site, which represents the organization in a positive light.
By using the Internet, these organizations can attain support and sympathy and even
recruit new members and followers. The terrorist attacks arena is getting wider and one
of its main factors is the Internet. Operating terror via the Internet is inexpensive: all
that is needed is a computer, a modem and a highly motivated hacker; these three
factors can damage an entire filing system. The attack of a filing system is most highly
dangerous, because it can harm important strategic systems.
The researcher found that during the last several years, cyberspace has become a battle
field or even more accurate, another warfare front that can be seen in every political
crisis which is taking place around the globe, such as the crisis between Israel and the
Palestinians or the crisis between India and Pakistan, the crisis in the Bask district and in
Kosovo and others. This research shows that there definitely exists a connection
84
between the emergence of cyber-terrorism and a political regional and nationalistic
crisis, which occurs simultaneously. In these cases, terrorist warfare is another front in
the struggle. Furthermore, this research shows that cyber-terrorism can emerge as a
completely independent phenomenon. Terror on enemy’s filing systems could happen.
Numerous technological innovations in the information age have changed the
sociological order. Information became a main factor at this period of time and a
dominant one. The cold war between east and west contributed to the development of
communication networks which were used as a defense system against enemy’s attack.
This process contributed to the development of the Internet which enables combining
information from different geographical places feasible. Every day, new addresses are
added to the Internet. The Internet gives people full freedom of expression which the
terror organizations take advantage of and use in malicious ways.
85
11.5 Struggle with Information Warfare and Possible Damage to
Civil Rights
This research was carried out by, Dr. Harel Menishri, at Bar Ilan University.
This research deals with file protection in modern countries that struggle with terror.
It is a research about the USA which is used as an example of all information warfare.
The researcher describes the information technology revolution that happened at the
end of the last decade, and the deep effect it had on the daily life of every citizen who
lives in the western world.
This research is based on literary survey and historical research. It focuses on
examination of the processes and ways of defending essential national infrastructures in
the USA from a computerized attack. The American Government’s activities against
cyber terrorists may infringe, on the personal freedom of its citizens and on the citizens
of other countries.
The researcher emphasizes the fact that damage to these essential systems could
damage the modern country’s security and its ability to sustain a sound way of life. The
more developed the country, the more dependent it is on computerized information
systems, and the more severe the outcome of damage. In our time, cyber warfare
constitutes a solution that is both cheap and causes a large damage affect compared
with the alternatives. This issue is doubly important in times of security budget cuts and
the price increase of weapon systems.
According to the researcher, terror organizations might take action against files and
information infrastructure systems, while using the Internet medium. The wide
dispersion of computers makes it an ideal tool for performing information terror attacks,
which may, in some cases, have a result similar to that of terror attacks performed with
conventional weapons. The computer from which the attack originates is hard to
identify, there is no need for special labs to create it, the training field resides in every
house, and every beginning hacker could serve as a terrorist. In other words, one of the
characteristics of cyber warfare is the fact that not only countries serve as opponents,
86
but private people – hackers, private companies and organizations while using software
tools, which use loopholes in personal computers and are available to all. The
researcher indicates that cyber warfare threatens the existence of national
infrastructures, and warrants countermeasures which like warfare in other terror
intelligence domains, takes place in “grey” areas, and sometimes outside the laws of the
country in which it is performed and while abusing basic rights and freedoms.
American intelligence is directing its defense of information infrastructure activities
towards foreign citizens, as well as against American citizens, through supervising
websites, infiltrating personal computers and networks, listening in on telephone
conversations, fax and e-mail correspondences and so on, without the knowledge of
these citizens, and without having to abide by the eavesdropping laws, or answer to
public security. In other words, the technological leadership of American intelligence
enables it to use extremely advanced technologies, which sometimes seem like a
manifestation of science fiction, in order to thwart their opponents’ actions, while
infiltrating personal information systems of citizens and companies from the USA and
other countries worldwide. In addition, when confronted with problems created by the
eavesdropping laws (for example, being legally unable to eavesdrop on American
citizens), the American intelligence can turn to its allies for assistance.
Part of this activity relies on special laws, directives and regulations (“The Patriot Act law”
and others). The other part is performed in the “grey area”, with the assistance of
colleague intelligence bodies to bypass ethical and legal issues. The researcher
summarizes the research by saying that the activities of the American defense agencies
infringe upon the personal rights of the citizens of the United States as well as the
citizens of other countries.
The research also shows that in our days, it is impossible to sustain a society without
compromising its members’ privacy to a certain degree in the name of public interest.
The defense of society requires access to information using intelligence tools and means,
which sometimes requires an abuse of privacy.
87
12. Bibliography
“A Three-Year Master Plan “E-Government” Initiative 2003-2005”, State of Israel,
Ministry of Finance General Accountant Office E-government Imitative. Yizhak Cohen,
Senior Deputy to General Accountant.
“Bluetooth, security” , http://eprint.iacr.org/2006/072.pdf
“Condor Local File System Sandbox High Level Design Document”, the Technion DSL
Lab, Israel, November 23, 2006.
“Cryptanalysis of the Bluetooth Eo Cipher using OBDD’s”, Yaniv Shaked and Avishai
Wool, School of Electrical Engineering Systems, Tel Aviv University.
‘Networked File Systems”, 2007.
“Real-Time Implementation for Digital Watermarking in Audio Signals Using
Perceptual Masking”, Tal Mizrahi, Eran Borenstein and Associates. Signal and Image
Processing Lab, Dept of EE, Technion, Haifa Israel.
“Resource Boby Guard-Protecting Resource from Locally Executed Software”, Kfir
Karmon, Eran Sevi, Keren Ouaknine, Technion, Haifa, Israel, June 10, 2008.
“SAS Companion for the Open VMS Operating Environment”, Technion, Haifa Israel,
2008.
Secure Un-trusted Storage, Amir Shenhav, 2005.
Securing Cellular Networks-Problems and Threats, 2007
‘The Evoloution of Storage Service Providers: Techniques and Challenges to
Outsourcing Storage”, National Center for Supercomputing Applications, 2008.
“The Provision of Information to the Public from Government Database”, State of
Israel, Ministry of Finance-Office of the Accountant-General, Government Internet
Committee. Brian D. Negin Adv. February 14, 1997.
http://www.gov.il/FirstGov/WorldWideEgov/Article_B575C37D-E9C4-435C-8D44-5A
http://www.patentim.com/forum_articles.asp?ArticleID=323&Fnumber=30
88
http://www.amalnet.k12.il/sites/commun/law/comi0104.htm
http://www.itpolicy.gov.il/vadat_inter_gov/docs/mso37C.pdf
http://www.eng.tau.ac.il/~yash/infosec-seminar/NCryptfsPresentation.ppt#258,3,Introduction
http://www.itpolicy.gov.il/pirsumim/type.htm#1skirot
http://portal.acm.org/citation.cfm?id=1103788&coll=GUIDE&dl=GUIDE&CFID=2140645
&CFTOKEN=78876591&ret=1#Fulltext
http://www.ag.mof.gov.il/NR/rdonlyres/A8E43FB6-F0BD-43FB-86788F4E0645D9A7/0/MaarchotMeida.pdf
http://www.isa.gov.il/Download/IsaFile_2192.pdf
http://www.imperva.com/docs/WP_DB_Security_Assessment_0807LK.pdf
http://www.law.co.il/news/computer-crimes/2008/09/08/police-arrested-suspects-ofstealing-computer-informatin/
http://hsdailywire.com/category/Infrastructure
http://www.news1.co.il/ArticlePrintVersion.aspx?docID-40515&subjectID=1
http://www.iqc.co.il?categoryId=18263
http://www.sii.org.il/135-1336-he/SII.aspx
Personal Meetings with:
1. Check Point Software Technologies Ltd., Security Engineer, Middle East Regional
Office
2. SanDisk, Product Marketing Manager- Enterprise Solutions
3. SecITech, Secure Information Technologies Ltd. / Safe-mail.net
4. Hebrew University
5. Technion Israel Institute of Technology
89
6. Representative from Bank Leumi
7. Representative from Bank Otzar Hachyal
8. Representative from Prime Minister is Office, Computer Department
9. Representative from the Ministry for Commerce and Trade
10. Representative from the Israel Institute for Standards
90