Security Programming

Security Programming

1 Rules for writing programs with blocks of protection against unauthorized data entry

The password system as an integral part of the access control subsystem information protection system (GIS) is part of the "leading edge of defense" of the entire security system. Therefore, the password system becomes one of the first objects of attack when an intruder intrudes into a protected system.

The GIS access control subsystem covers the following concepts:

- Access ID - a unique feature of the subject or object of access.

- Identification - the assignment of an identifier to subjects and objects of access and (or) comparison of the presented identifier with the list of assigned identifiers.

- Password - identifier of the subject of access, which is his (subject) secret.

- Authentication - verification of the identity of the identifier presented by the subject of access; authentication.

You can also find such interpretations of the terms the user ID and password [1]:

Identifier - some unique amount of information that allows you to distinguish individual users of the password system (to identify them). Often, an identifier is also called a username or a user account name.

Password - some secret amount of information known only to the user and the password system, presented for the authentication procedure.

Account - a set of user ID and password.

One of the most important components of a password system is the account database (security database). The following options are available for storing passwords in the system:

- in open form;

- in the form of hash values ​​(hash (English) - a mixture, hash);

- encrypted on some key.

Of greatest interest are the second and third methods, which have a number of features.

Hashing does not provide protection against the selection of passwords in the dictionary in the case of a database attacker. When choosing a hash algorithm that will be used to calculate password hash values, it is necessary to ensure that the hash values ​​obtained from different user passwords do not match. In addition, a mechanism should be provided to ensure the uniqueness of the hash values ​​in the event that two users select the same passwords. To do this, when calculating each hash value, a certain amount of “random” information is usually used, for example, generated by a pseudo-random number generator.

When encrypting passwords, the method of generating and storing the encryption key of the accounts database is of particular importance. The following options are possible:

- the key is generated programmatically and stored in the system, providing the possibility of its automatic reboot;

- the key is generated programmatically and stored on external media, from which it is read each time it is started;

- the key is generated based on the password chosen by the administrator, which is entered into the system each time it is started.

The safest storage of passwords is ensured by hashing them and then encrypting the received hash values, i.e. with a combination of the second and third methods of storing passwords in the system.

How can a password get into the hands of an intruder? The most realistic are the following cases:

- The password you wrote down was found by the attacker;

- the password was overseen by the attacker when entered by a legal user;

- The attacker gained access to the database protection system.

The countermeasures of the first two hazards are obvious.

In the latter case, the attacker will need specialized software, since the records in such a file are extremely rarely stored in clear form. The strength of a password system is determined by its ability to withstand an attack by an attacker who has taken possession of a database of accounts and is trying to recover passwords, and depends on the speed of the "fastest" implementation of the hashing algorithm used. Recovering passwords consists of calculating hash values ​​for possible passwords and comparing them with existing password hash values ​​and then presenting them in an explicit form, taking into account the case.

From the account database, a password can be recovered in various ways: dictionary attack, sequential (full) brute force, and a hybrid dictionary attack and sequential brute force.

During a dictionary attack, hash values ​​are sequentially calculated for each of the vocabulary words or dictionary word modifications and compared with the hash values ​​of each user password. If the hash values ​​match, the password is found. The advantage of the method is its high speed. The disadvantage is that in this way only very simple passwords can be found that are in the dictionary or are modifications of the words in the dictionary. The success of this attack directly depends on the quality and volume of the dictionary used (it is easy to find such ready-made dictionaries on the Internet).

Sequential enumeration of all possible combinations (brute force (eng.) - brute force, head-on solution) uses a set of characters and calculates a hash value for each possible password made up of these characters. When using this method, the password will always be defined if its constituent characters are present in the selected set. The only drawback of this method is the large amount of time it may take to determine the password. The greater the number of characters (letters of different case, numbers, special characters) contained in the selected set, the more time can pass until the enumeration of combinations ends.

When recovering passwords of a hybrid dictionary attack and brute force, symbols on the right and / or left (123parol) are added to each word or modification of the dictionary word. In addition, a check can be carried out on the use of: usernames as passwords; repeating words (dogdog); reverse the order of the characters of the word (elpoep); letter transliteration (parol); replacement of Cyrillic letters with a Latin layout (gfhjkm).

For each resulting combination, a hash value is calculated, which is compared with the hash values ​​of the passwords of each user.

What password can definitely be called weak in all respects (with the exception of memorization)? A typical example: a password of a small amount (up to 5) characters / numbers. According to some information, out of 967 passwords of one of the hacked Internet mail servers, 335 (almost a third) consisted solely of numbers. The number of passwords including letters and numbers turned out to be equal to 20. The rest of the passwords consisted of letters mainly in lower case with a rare exception (in the amount of 2 passwords) including special characters ("*", "_"). The "_" character, however, is often found in user names. In 33 cases, the user name and password are the same. The most popular was the password 123 (met 35 times, almost every 27 password). In the second place is the qwerty password (20 passwords). How convenient it is recruited, is not it? The following follow: 666 (18 times), 12 (17 times), xakep (14 times) and 1, 11111111, 9128 (10 times). 16 passwords consisted of one character / number.

In everyday life, a modern person has to keep in mind a considerable amount of information: pin codes to a bank card and a mobile phone, combinations of code locks, a password for accessing the Internet, resources of various kinds, electronic mailboxes. Do all passwords need to be kept in memory? It all depends on the assessment of the level of losses as a result of your password falling into the wrong hands. No one bothers to write down passwords for access to the Internet and network resources in a notebook, if you are not afraid that someone will enter the network without your knowledge and become familiar with the contents of the mailbox. This inference, however, does not apply to passwords used in the workplace. Getting access to the local network on your behalf may, for some reason, be a tempting option. The pin-code of a bank card is also not prohibited to be fixed on paper, the main condition in this case is the separate storage of the card and the code combination recorded without explanation.

1.1.2 Reliable programming techniques

An alternative to the right PS is reliable PS. Reliability PS is its ability to perform certain functions reliably under given conditions for a given period of time with a fairly high probability [5]. In this case, a refusal in PS means the manifestation of an error in it [2]. Thus, a reliable PS does not exclude the presence of errors in it - it is only important that these errors in the practical application of this PS under given conditions occur rarely enough. You can make sure that the PS has this property when it is tested by testing, as well as in practical application. Thus, in fact, we can develop only reliable, and not the correct PS.

The developed PS can have various degrees of reliability. How to measure this degree? Just as in engineering, the degree of reliability can be characterized [2] by the probability of PS operation without failure for a certain period of time. However, due to specific features of PS, the determination of this probability encounters a number of difficulties compared to solving this problem in engineering. Later we will return to a more detailed discussion of this issue.

In assessing the reliability of the PS, the consequences of each failure should also be considered. Some errors in the PS can cause only some inconvenience in its application, while other errors can have disastrous consequences, for example, threaten human life. Therefore, to assess the reliability of PS sometimes use additional indicators that take into account the cost (harm) for the user of each failure.

Let us now consider the general principles of ensuring the reliability of PS, which, as we have already emphasized, is the main motive for the development of PS, specifying a specific color for all technological processes of developing PS. The technique is known for four approaches to ensuring reliability [11]:

• error warning;
• self-detection of errors;
• self-correction of errors;
• error resilience.

The purpose of the error prevention approach is to prevent errors in finished products, in our case - in PS. Conducted consideration of the nature of errors in the development of PS allows to achieve this goal to focus on the following issues:

• combat complexity;
• ensuring accuracy of translation;
• overcoming the barrier between the user and the developer;
• ensuring control of decisions made.

This approach is associated with the organization of PS development processes, i.e. with programming technology. And although, as we have already noted, it is impossible to guarantee the absence of errors in the PS, but within the framework of this approach, an acceptable level of PS reliability can be achieved.

The remaining three approaches are related to the organization of the technology products themselves, in our case programs. They take into account the possibility of errors in the programs. Self-detection of an error in a program means that the program contains a means of detecting a failure during its execution. Self-correction of errors in the program means not only the detection of a failure in the process of its implementation, but also the correction of the consequences of this failure, for which the program must have the appropriate means. Ensuring the stability of the program to errors means that the program contains tools to localize the scope of the impact of a program’s failure, or reduce its unpleasant consequences, and sometimes prevent the catastrophic consequences of a failure. However, these approaches are used very rarely (perhaps error resilience is used relatively often).