ISSE 2010 Securing Electronic Business Processes (eBook)

Norbert Pohlmann: Professor for System and Information Security at the University of Applied Sciences in Gelsenkirchen Helmut Reimer: Senior Consultant, TeleTrusT Wolfgang Schneider: Deputy Institute Director, Fraunhofer Institute SIT

Contents 5
About this Book 9
Welcome 12
Germany on the Road to Electronic Proof of Identity 13
High security in miniature format 13
Security in many layers 14
Trust based on reciprocity 14
Give and take - the principle of networked system chains 15
Full control over data for citizens 15
Other components for using the German eID card 16
That's what authorisation certificates warrant 17
Tasks of AusweisApp 17
eID service as a trust authority 18
Who will benefit from the new eID architecture? 19
Security for the digital handshake 20
Citizens are the ones who will determine the success of the new concept 20
Outlook 21
Conclusion 21
Identityand Security Management 22
Security Analysis of OpenlD, followed by a Reference Implementation of an nPA-based OpenlD Provider 23
1 OpenlD asa standard for SSO on the Internet 23
1.1 Problem 23
1.2 Overview of OpenlD 24
1.3 Courseof the protocol 24
1.4 Possible fields of application 26
2 Security evaluation of using OpenlD 26
2.1 The main threats: Phishing and profiling 26
2.2 Additional risks and concerns 27
3 The new identity card (nPA) in Germany 29
3.1 Overview of the nPA 29
3.2 Course of an online authentication 30
3.3 Recognition via Restricted Identification 31
4 An nPA-based OpenlD provider (OP) 31
4.1 Fundamental Concept 31
4.2 OP's communication sequence 32
4.3 Precondition for user and services 33
4.4 Added value in different directions 33
5 Outlook 34
6 Summary 34
References 35
New Authentication Concepts for Electronic IdentityTokens 36
1 Introduction 36
2 Background and motivation 37
2.1 Standardized interfaces in the context of electronic Identity Cards 37
2.2 Java Card 3.0 connected 38
2.3 Existing and emerging SAML-related profiles 38
3 The Service Access Layer as interoperable smart card Interface 39
4 New Authentication Concepts 40
4.1 EAC Web Service Binding 40
4.2 Path Protection based on XML and WS Secure Conversation 43
4.3 Path protection based on an EAC-TLS cipher suite 43
4.4 Integrating eID and SAML 43
4.4.1 Naïve integration using Web Browser SSO Profile 43
4.4.2 An ECP-based SAML-profile for eID integration 43
4.4.3 Identity Provider inside the elD-Taken 46
5 Conclusion 47
References 47
A Simplified Approach for Classifying Applications 49
1 Introduction 49
2 Background 50
3 Classification scheme 50
3.1 Confidentiality 50
3.2 Availability 52
3.3 Integrity 53
4 How to Classify Information 54
4.1 Process-oriented Approach 55
4.2 Application-oriented Approach 56
5 Experiences 57
5.1 Application Classification 57
5.2 Fast Lane Information Classification 58
5.3 The FLICTool 58
6 Conclusion 59
Technical and Economical Aspects of Cloud Security 60
Single Sign-on(SSO) to Cloud based Services and Legacy Applications "Hitting the IAM wall" 61
1 Examining the role of IAM as SSO enabler 61
2 No SSO without solid Identity Management! 62
3 What makes Access Control 'in the Cloud' special? 63
3.1 Conventional SSO Solutions 63
3.2 Access to non web based legacy applications 64
3.3 Legacy Applications need user provisioning 64
4 SSO to Web applications 'in the cloud' using federation 65
5 SSO to Web applications 'in the cloud' using a User Centric Identity Management Framework (UCIF) 66
6 Conclusion 68
Cloud & SOA Application Security as a Service
1 Cloud Computing 69
2 Cloud Security & Compliance
3 Cloud Application Security & Compliance
3.1 Authorization Management 71
3.2 Model Driven Security Policy Automation & Reporting
4 OpenPMF SCaaS: Security & Compliance as a Service
4.1 Policy Configuration in the Cloud (Policy as a Service) 75
4.2 Automatic Technieal Poliey Generation in the Cloud 76
4.3 Automatic Security Poliey Enforcement in the Cloud 76
4.4 Automatic Poliey Monitoring into the Cloud 77
5 Related Work 77
6 Conclusion 77
Acknowledgements 78
References 78
Authentication and Trust: Turning the Cloud inside out 80
1 Introduction: Shaking things up 80
2 What do we mean by Security in the Cloud? 81
2.1 The Cloud 81
2.2 Security 82
3 Why start with security? 82
4 Breaking things down further 83
5 The technical opportunity 84
6 The cultural barriers 84
7 Case Study: TriCipher security for Google Apps 85
8 Conclusion 86
References 87
User Risk Management Strategies and Models - Adaption for Cloud Computing 88
1 Introduction 88
2 The Cloud Dilemma, Facts and Benefits 89
3 Classification of Service Models and Origin of Risks 90
4 Demand for an Adapted Approach 91
4.1 Perceived Security and Business Risk 91
4.2 Standard Risk Management versus Ultimate Purchase 92
5 Risk Management for Third Party lCT Services 93
5.1 General Model of Adaption 93
5.2 Managing Vendor Risks 94
5.3 Choosing the Service Model 95
5.4 Managing Specific Issues 96
6 Outlook 97
7 Conclusion 97
References 98
Security and Compliance in Clouds 99
1 Introduction 99
2 Security Issues in Cloud Computing 100
3 Privacy regulations on a global scale 101
4 Compliance in clouds 102
5 Applying the APEX approach to Cloud Computing Systems 104
6 Conclusion 107
References 107
Applying BMIS to Cloud Security 109
1 Changes in the Security Universe 109
2 Reviewing Contractual lnstruments 110
3 Systemic Risks and Crises 112
4 Applying the BMIS 113
4.1 Taking Stock - What is There in Terms of Security 114
4.2 Cloud Requirements and Internalising Them to the BMIS 115
4.3 Introducing and Measuring Systemic Improvements 118
5 Conclusion 119
References 119
Security Services and Large Scale Public Applications 121
Critical lnfrastructure in Finance PARSIFAL Recommendations 122
1 PARSIFAL - An Overview 122
2 PARSIFAL Methodology 123
3 Mapping CFI Challenges to Scenarios 123
4 PARSIFAL Recommendations and Research Directions 124
5 Dependencies between the Recommendations 125
6 Stakeholders' Voting on the Recommendations 126
7 PARSIFAL Documentation 127
8 Conclusion 127
References 127
The SPOCS Interoperability Framework: Interoperability of eDocuments and eDelivery Systems taken as Example 129
1 Introduction 129
2 The given situation 130
3 The Vision of SPOCS 131
4 Example: eDocuments 132
4.1 Layers of an OCD 132
4.2 Use of OCD in the SPOCS context 134
5 Example: eDelivery 135
5.1 Cross-Border eDelivery Framework 136
5.2 Usage of Cross-Border eDelivery in SPOCS 137
6 Conclusions 137
References 137
STORK: Architecture, Implementation and Pilots 138
1 Introduction 138
2 Goals of STORK 140
3 Legal and operational aspects 141
4 Interoperability Framework 142
4.1 Conceptual Models 142
4.1.1 PEPS Model 142
4.1.2 MW model 143
4.2 Interoperability Scenarios 144
4.2.1 PEPS – PEPS Scenario 144
4.2.2 PEPS – MW Scenario 145
4.2.3 MW – MW Scenario 145
5 Implementation Architecture 145
5.1 PEPS Architecture 145
5.1.1 Authentication PEPS 146
5.1.2 Validation PEPS 146
5.2 MW Architecture 147
6 Conclusion 148
References 149
Secure Networking is the Key to German Public e-Health Solution: Migration Towards an Integrated e-Health Infrastructure 150
1 Introduction 150
2 The current state of German e-health infrastructure systems 151
3 Parallel vs. integrated e-health infrastructures 153
4 Comparison to international e-Health infrastructure projects 155
4.1 Austria 155
4.2 Taiwan 155
5 Migration towards an integrated public e-health infrastructure 156
6 Conclusion 157
References 157
Advanced Security Service cERTificate for SOA: Certified Services go Digital! 158
1 Concept and Objectives 159
2 Certification Drawbacks 161
3 Market Trends and Potential Impact 162
3.1 SaaS Technology 162
3.2 Limitation of Security Certification 163
4 Bringing Certification-based Assurance to Service-based Systems 164
5 Conclusion 166
References 167
Privacy and Data Protection 168
Data Protection and Data Security Issues Related to Cloud Computing in the EU 169
1 Introduction 169
2 Main Legal lssues Relate to Cloud Computing 170
3 Focus on Data Protection and Data Security Issues 172
3.1 When Does the Directive 95/46/EC Apply? 172
3.2 Data Controller or Data Processor? 173
3.3 Data Security Measures 175
3.4 Data Transfer to Countries Outside the EEA 176
3.5 Data Subject Rights 177
4 Conclusions 177
References 178
The Mask of the Honorable Citizen 179
1 Anonymity under Suspicion 179
1.1 Real World Anonymity 179
1.2 Internet Anonymity 180
2 Anonymity in Ancient Venice 180
2.1 The Invention of the Bauta Device 181
2.2 Hedonistic and Unethical? 182
3 Social Disadvantages and Advantages of Anonymity 183
4 Venetian Practice - Staying Honest while Wearing a Mask 184
4.1 The Ethical and Political Framework 184
4.2 The Role of Playing a Predefined Role 185
4.3 Living twice without deindividuation 185
5 The Impact of Psychological Contracts 185
6 Acceptance as the Key Factor 186
References 187
Towards Future-Proof Privacy-Respecting Identity Management Systems 188
1 Introduction 188
2 Challenges for designing long-term privacy-respecting identity management systems 189
2.1 Keeping pace with progressing technologies 189
2.2 Preventing erosion of the IT security level 189
2.3 Coping with various areas of life 189
2.4 Avoiding future risks for the individuals' privacy 190
2.5 Handling different stages of Iife 190
3 How to future-proof privacy-respecting identity management systems? 191
3.1 Keeping pace with progressing technologies 191
3.2 Preventing erosion of the IT security level 192
3.3 Coping with various areas of Iife 192
3.4 Avoiding future risks for the individuals' privacy 193
3.5 Handling different stages of Iife 194
4 Conclusion and outlook 195
Acknowledgement 195
References 196
Privacy Compliant Internal Fraud Screening 197
1 Introduction 197
2 Example Scenario 197
2.1 Example Purchasing Process 198
2.2 Example Fraud Scenarios 199
3 Fraud Detection in ERP Systems 199
3.1 Example Audit Data 200
4 Legal Assessment 200
5 Organizational Reconciliation of Conflicting Interests 201
6 Towards Automated Fraud Screening 201
6.1 Requirements for Audit Data Pseudonymization for Fraud Screening 202
6.2 Example Approach 203
6.2.1 Confidentiality and Linkability 203
6.2.2 Technical Purpose Binding 203
6.2.3 Organizational Purpose Binding 204
6.2.4 Confidentiality of Pseudonym Mapping 204
6.3 Revisited Assessment with Pseudonymization 204
7 Conclusion 204
References 205
Threats and Countermeasures 206
Malware Detection and Prevention Platform: Telecom Italia Case Study 207
1 Introduction 207
2 Overview of the Botnet detection solutions 209
3 Telecom Italia strategy 210
3.1 Malware Domain Monitoring 211
3.2 Malware Prevention 213
3.3 Bot IP Monitoring 213
3.4 Security Portal 214
3.5 Passive DNS Monitoring 215
3.6 Malware Analysis and Remediation 216
4 Conclusion 216
References 217
Defining Threat Agents: Towards a More Complete Threat Analysis 218
1 Introduction 218
1.1 Game Change in Cybersecurity and Threat Modeling 219
1.2 Economic Aspects of Threat Analysis 220
2 Approaches to Threat Agents 221
2.1 Approach in Intel TAL 223
3 Uses of TAL 224
3.1 Components of threat assessments 225
3.2 Using TAL to analyze known threats: insights that we can gain 225
3.2.1 Device Remarking 225
3.2.2 Cognitive Hacking: Another Example 226
4 Conclusions and Future Work 227
References 227
A Mechanism for e-Banking Frauds Prevention and User Privacy Protection 230
1 Introduction 230
2 Proposed Solution 233
2.1 Protocol Details 235
2.1.1 Bootstrap Phase 235
2.1.2 Transaction Phase 237
3 A Brief Solution Analysis 237
4 Conclusion 238
References 239
Countering Phishing with TPM-bound Credentials 240
1 Introduction 240
2 Related Work 241
3 Online Banking in a Nutshell 242
3.1 SSL/TLS Usage 243
3.2 Threats 244
3.2.1 (T1): Misuse of Authentication Data 244
3.2.2 (T2): Misuse of Authentication and Authorization Data 244
3.2.3 (T3): Unauthorized manipulation of online banking sessions 244
4 Binding banking accounts to specific platforms 245
4.1 Deployment Phase 245
4.1.1 Key creation Problems 246
4.2 Authentication Phase 246
4.3 Security Consideration 247
4.3.1 (T1) Misuse of Authentication Data and (T2) Misuse of Authentication and Authorization Data 247
4.3.2 (T3.1): Unauthorized manipulation of online banking sessions by performing man in the middle attacks (remote) 248
4.3.3 (T3.2): Unauthorized manipulation of online banking sessions by performing malware attacks (local) 248
4.4 Practicability Consideration 248
4.4.1 (1) Practicability to users 248
4.4.2 (2) Practicability to banks 249
5 Conclusion and Future Work 249
References 250
Smart Grid Security and Future Aspects 251
Security Challenges of a Changing Energy Landscape 252
1 Motivation 252
2 The Energy Landscape under Change 253
2.1 Yesterday: Few Players, Strong lies 254
2.2 Today: Totally Liberalized ... 254
2.3 Tomorrow: Smart Grid Utopia 255
3 Emerging Technological Changes 256
3.1 More Communication Relationships with Heterogeneous Partners 256
3.2 Interfaces where No Interfaces Existed Before 256
3.3 New Communication Paradigms 257
3.4 High Amounts of Privacy Related Data 257
3.5 Overarching Architecture 257
4 Security Challenges 257
4.1 More Communication Relationships with Heterogeneous Partners 258
4.2 Interfaces where No Interfaces Existed Before 258
4.3 New Communication Paradigms 258
4.4 High Amounts of Privacy Related Data 259
4.5 Overarching Architecture 259
5 Related Work 260
6 Conclusion 260
7 Acknowledgment 261
References 261
Privacy by Design: Best Practices for Privacy and the Smart Grid 263
1 Introduction 263
2 The Smart Grid 264
3 Personally Identifiable Information and Privacy on the Smart Grid 265
4 Privacy by Design and the Smart Grid 267
5 Best Practices for Privacy and the Smart Grid 267
6 Conclusion 270
7 Appendix 270
7.1 The Smart Grid in Ontario 270
References 272
A Policy-based Authorization Scheme for Resource Sharing in Pervasive Environments 274
1 Introduction 274
2 Use Case Scenario 275
3 Security Challenges 276
4 CARM's Security Architecture 277
4.1 Security Module 277
4.2 Communication Protocol 278
4.3 Message Transmission 279
4.4 Testbed and Implementation 279
5 Related Work 280
6 Conclusions 281
Acknowledgement 281
References 281
Visual Representation of Advanced Electronic Signatures 283
1 Introduction: From Paper to Electronic 283
2 Visual Aspects of Electronic Signatures 285
2.1 Visual Appearance vs Verification 285
2.2 Visual Appearance 286
2.3 Signature Verification 287
3 Principles 288
3.1 The Signature Appearance is Only a Claim 289
3.2 The Signature Appearance should be visually verified against the Digital Signature 289
3.3 Human Understanding of Advanced E-Signature Verification 289
3.4 Consistency of Visual Representation of Electronic Signatures and Familiarity 290
3.5 Layered Approach to Advanced E-Signature Verification 290
3.6 Verification Clearly separate from Document Visible Content 291
3.7 See what was signed 291
4 Further Aspects of Electronic Signature Representation 292
5 Conclusions 292
6 References: 293
7 Acknowledgements 293
DSKPP and PSKC, IETF Standard Protocol and Payload for Symmetric Key Provisioning 294
1 Introduction 294
1.1 Hlstory of the 'keyprov' working group 296
2 The Dynamic Symmetric Key Provisioning Protocol (DSKPP) 296
2.1 DSKPP Protocol variants 296
2.2 Cryptographic properties 297
2.3 DSKPP bindings 298
3 Portable Symmetric Key Container (PSKC) 298
3.1 PSKC Data Model 299
3.2 PSKC Example 300
3.3 PSKC Key protection methods 300
3.4 PSKC additional features 300
4 Conclusion 301
References 302
Silicon PUFs in Practice 303
1 Introduction 303
1.1 Background 304
1.2 The Focus ofThis Paper 305
2 PUF Properties 306
2.1 Noise 306
2.2 Challenge-Response Space 307
2.3 Unpredictability 307
2.4 Physical Unclonabilty 308
2.5 Tamper Evidence 308
2.6 Area Efficiency 309
3 PUFApplications 310
3.1 Large Challenge-Response Space PUFs 310
3.1.1 Lightweight PUF Authentication 310
3.1.2 Controlled PUFs 311
3.2 Single CRP PUFs 311
3.2.1 PUF Based Secure Key Storage 312
4 Conclusions 312
References 313
Biometries and Teehnieal Solutions 315
Visa Applications inTG Biometries for Public Sector Applications 316
1 Introduction 316
2 Objectives 317
3 Overview of the TG Biometrics 317
4 Software Architecture 319
5 Introducing Visa applications in the TR Biometrics 320
6 Conclusion 323
References 323
Taking Signatures Seriously - Combining Biometric and Digital Signatures 324
1 Introduction 324
2 The Digitalised Signature Project 325
2.1 Original Objectives 325
2.2 Paradigm Shift: Embedding handwritten signatures in digital processes instead of replacing them 326
2.3 The Challenge: Documents requiring a Signature 326
2.4 Inspiration from German Experience 326
2.5 Award-Winning Solution receiving worldwide attention 327
2.6 The Track Record so far 328
2.6.1 Project Phases: 328
2.6.2 Project Management: 329
2.6.3 Significant Cost Reductions 329
2.7 The Components of the Solution 330
2.7.1 Client component 330
2.7.2 Server component 331
2.7.3 Administration & Signature Analyzer
2.8 Creating an optimized Workflow Through ProcessTransformation 332
2.8.1 Making the Auditing Department happy 332
3 Creating a "Green Workflow" 332
4 The Future Directions 333
4.1 Impacts beyond banking 333
5 Conclusion 334
References 334
Automatic Configuration of Complex IPsec-VPNs and Implications to Higher Layer Network Management 335
1 Introduction 335
2 Objectives 337
3 Related Work 337
4 Secure OverLay for IPsec Discovery (SOLID) 338
5 Network Services 339
5.1 Time Synchronization 340
5.2 DNS Name Resolution 341
5.3 VPN Monitoring 341
5.4 Other Services 342
6 Conclusion 342
References 342
SCADA and Control System Security: New Standards Protecting Old Technology 344
1 Cyber Security in Industrial Control Systems 344
1.1 ICS Security Incidents On the Rise 345
1.2 New Technologies Expose Old Vulnerabilities 346
1.3 What's Happening Out There? 346
1.4 Why are ICS Networks So Vulnerable? 347
1.4.1 Security Assumptions are Built-in to Tools and Procedures 
347 
1.4.2 ICS Components are Extremely Vulnerable 348
2 Divide and Conquer: Defense in Depth 
349 
2.1 ANSI/lSA-99 and 1EC62443 
349 
2.2 The Tofino Security Appliance 350
3 Trusted Network Connect: the Next Generation 351
3.1 TNC on the Plant Floor 352
4 Conclusion 354
References 354
A Small Leak will Sink a Great Ship: An Empirical Study of DLP Solutions 355
1 Introduction 355
2 Background: DLP Solutions 356
2.1 Practical Examples of Data Leakage 356
2.2 Data Leakage Prevention Techniques 357
3 Evaluation Methodology 358
3.1 Evaluation and Results 359
3.2 Test Cases for DLP Endpoint Agents 359
3.3 Basic Setup and Reporting 359
3.4 McAfee Host Data Loss Prevention 360
3.4.1 Identify 360
3.4.2 Monitor 360
3A.3 React 361
3.5 Websense Data Security Suite 361
3.5.1 Identify 362
3.5.2 Monitor 362
3.5.3 React 362
3.5.4 System Security 363
3.6 Evaluation Summary 363
4 Conclusion 364
References 365
eID and the new German Identity Card 366
The New German ID Card 367
1 Introduction 367
2 Commercial applications 368
2.1 Electronic authentication 369
2.2 Qualified Digital Signature 370
3 Realization of the electronic authentication 370
3.1 Enter the PIN (Pass word Authentication Communication Protocol (PACE)) 370
3.2 Mutual Authentication (Extented Access Control (EAC)) 371
3.2.1 Public Key Infrastructure 371
3.2.2 Authentication of the Service Provider (Terminal Authentication) 371
3.2.3 Authentication of the Document (Chip Authentication) 372
3.2.4 Authentication of the Cardholder 372
3.3 Revocation Management 372
3.3.1 Revocation of Documents 372
3.3.2 Revocation of Service Providers 373
References 373
AusweisApp and the eID Service/Server - Online Identification Finally more Secure 374
1 The new ID card 375
1.1 Certificated identity makes online services more secure 375
2 AusweisApp and the eID service - Online identification 376
2.1 AusweisApp 376
2.2 The eID service 377
2.3 Interaction between AusweisApp and the eID service 377
3 eID and QES 379
3.1 The qualified electronic signature (QES) 379
3.2 Differences between the identification and signature function 379
4 Application scenarios and testing 380
4.1 Publlc authorities 381
4.2 Enterprises 382
5 Important issues for service providers 383
Postident Online with the new Personal ldentity Card 385
1 Deutsche Post as an identification service provider 385
1.1 The situation in today's identification market 385
1.2 Future challenges 386
2 The product development of Postident Online 387
2.1 The online strategy of Postident 387
2.2 Postident Online in detail 387
2.3 Benefits of Postident Online for companies 390
2.4 Benefits of Postident Online for end users 390
3 Summary and outlook 391
The eID Function of the nPA within the European STORK Infrastructure 392
1 Introduction 392
1.1 The way from paper-based to electronic ID 392
1.2 German field trial 393
1.3 The STORK project 393
2 The architecture and technical infrastructure 394
3 Conclusion 397
References 398
Polish Concepts for Securing E-Government Document Flow 399
1 Digital Signatures in Public Administration 399
1.1 Specific Conditions 400
1.1.1 Hierarchical Structure 400
1.1.2 Multiple Trust Points 400
1.1.3 Role of Time 401
1.1.4 Economic Issues 401
1.2 Implementation Requirements 401
2 Mediated Signatures and RSA 402
3 Mediated Merkle Signatures 403
3.1 Merkle Signatures 404
3.1.1 Construction Idea 404
3.1.2 Implementation Issues 405
3.2 Mediated Merkle Signatures 406
4 Conclusion 406
5 Acknowledgment 406
References 406
Index 408