The document proposes an authentication and auditing architecture to enhance security on eGovernment services. It aims to address issues with relying solely on digital certificates for authentication by designing a centralized authentication service that uses salted password hashes. The model also implements a network intrusion detection system and database login auditing to detect and generate evidence of unauthorized database access. Further research will focus on analyzing evidence sources to investigate credential misuse.
1. First International Seminar on eDemocracy and eGovernment. Quito - Ecuador
An Authentication and Auditing
Architecture for Enhancing Security on
eGovernment Services
Denys A. Flores, MSc.
Escuela Politécnica Nacional, Ecuador
First International Conference on eDemocracy & eGovernment
2. First International Seminar on eDemocracy and eGovernment. Quito - Ecuador
About me
• Computer Systems Engineering Degree, Escuela Politécnica Nacional, Ecuador
• MSc. Forensic Computing and Security, University of Derby, UK
• Lecturer of Information Security in the Faculty of Systems Engineering, Escuela
Politécnica Nacional, Ecuador
• Digital Forensics Investigator at Sakura Consulting Group, Ecuador
• IEEE member, ACM member
First International Conference on eDemocracy & eGovernment
3. Topics
• E-Government – Some Security Issues
• Our Research Approach
• Authentication and Auditing Model
• Salting-Based Authentication Module (SAM)
- SAM – User Registration
- SAM – User Authentication
• Data Base Intrusion Detection Module (DB-IDM)
• Conclusions and Further Research
• References
4. E-Government – Some Security Issues
• Governmental information and services for citizens are widely
available through eGovernment platforms
• However...
- Internet is the underlying platform
- Information exchange is exposed to data tampering and unauthorised
access
- PKI – what about over reliance on digital certificates?
5. E-Government – Some Security Issues
• First of all:
- Security cannot be addressed using a holistic approach - I.e. your
problem is maybe just the tip of the iceberg! – you are not seeing the
whole thing yet!
- Securing eGovernment implementations is challenging as it depends
on many factors, such as:
‣ Software/hardware architecture
‣ Network requirements
‣ Compliance and auditing needs
‣ ….
6. Our Research Approach
• Therefore:
- It is better to narrow the scope of eGovernment security by means of incidents
associated to a specific eGovernment service:
- Service: The Ecuadorean Electoral Database
- Incidents reported [1]:
‣ Suspicions of data tampering
‣ Suspicions of unauthorised access
- Questions:
‣ Whether it is true or not, then:
• What has been done to prevent these issues?
• If something was done, can we enhance it to respond the Ecuadorean needs?
• Is it possible to obtain intrusion evidence for further investigations?
7. Our Research Approach
• Analysing Previous Work:
- The most relevant for solving our questions were developed in 2010:
‣ A model for securing eGovernment web sites, based on SSL and PKI [2]:
• Certificate management using a centralized Certifying Authority (CA)
• Key Escrow supported by a LDAP-based directory server with the purpose of
providing user information and retrieve both, credentials and certificates
‣ Secure Scheme for Client/Server eGovernment Systems [3]:
• A client-server architecture to authenticate and validate users
• Users are required to provide a certificate to prove identity along with their private
key
• An authentication service validates user credentials, certificate revocation and user
rights to access the requested service.
8. Our Research Approach
• Issues with the previous models:
- A Directory Service requires a pre-defined hierarchy to describe an
organization, but governmental services are not static [4]
- A centralized CA is an important effort to support certificate issuing
and revocation – if there is no CA nationwide, each governmental
institution should set up their own CA
- Both approaches are acceptable if the services to be accessed must
not be available to all the citizens, yet visible to a few privileged ones.
9. Our Research Approach
• Issues with the previous models:
- Both over rely on digital certificates - it is going to be required as
many certificates as citizens in the country
- Fake digital certificates can be used to deceive users to access
phishing sites[5] [6]
- Although both solve authentication problems, unauthorised access to
the back-end cannot be prevented
10. Our Research Approach
• Proposal:
- Design an architectural solution to tackle authentication and
authorisation problems
- Avoid using digital-certificate-based models as they are not a scalable
solution for a large number of citizens
- Produce evidence and audit trails in databases that are accessed
without authorisation, which hinders the possibility to carry out
effective digital investigations
12. Salting-Based Authentication Module (SAM)
1. SSL protection for in-transit credentials – digital
certificates are used to ensure trusted client-
server connections
2. Centralised Authentication Service (AS)
User Registration
User Authentication
15. Data Base Intrusion Detection Module (DB-IDM)
• Previous Models prevent unauthorised access using role-based controls at
application level
• DB-IDM protects database from insiders. I.e. when data tampering is
attempted
16. Data Base Intrusion Detection Module (DB-IDM)
1. NIDS – Snort registers login attempts to the Application Database Server
2. Database Login Audit Logs –used for correlation analysis in between login
attempts and successful login events
3. Both components generate audit trails and evidence sources for digital
investigations
17. Conclusions and Further Research
• An authentication and auditing architecture is proposed as digital certificate
protection is not enough to provide access control and prevent unauthorised
access to databases
• Access control can be achieved by implementing a centralised Authentication
Service in charge of user authentication and user registration
• Securing passwords through salting is proposed, enhancing its security by
randomizing salts on every session request
• Unauthorised access to databases can be prevented by combining database
auditing through login logs and intrusion detection by implementing a NIDS in
passive detection mode
• Further research is focused on generating and analysing evidence sources for
investigating user credential misuse
18. References
[1] Ecuador Inmediato, “Manipulación de Base de Datos del CNE, provino desde el propio organismo
electoral,” ecuadorinmediato.com, 7 October 2012. [Online]. Available:
http://www.ecuadorinmediato.com/index.php?module=Noticias&func=news_user_view&id=182966&u
mt=manipulacion_base_datos_del_cne_provino_desde_propio_organismo_electoral_revela_perito_inf
ormatico. [Accessed 23 January 2014 (In Spanish)]
[2] W. Zhong, “Research on e-Government Security Model,” in International Conference on eBusiness
and eGovernment, Guangzhou, China, 2010.
[3] Z. Feng and Y. Zhu, “Design and Implementation of a Secure Scheme for the C/S mode E-
Government system,” in Second International Workshop on Education Technology and Computer
Science, Wuhan, China, 2010.
[4] A. Nilsson, “Management of Technochange in an Interorganizational e-Governmen tProject,” in 41st
International Conference on System Sciences, Hawaii, US, 2008.
[5] Microsoft, “Improperly Issued Digital Certificates Could Allow Spoofing,” Security TechCenter, 9
December 2013. [Online]. Available: http://technet.microsoft.com/en-us/security/advisory/2916652.
[Accessed 4 February 2014].
[6] P. Paganini, “Turkey – Another story on use of fraudulent digital certificates,” Security Affairs, 4
January 2013. [Online]. Available: http://securityaffairs.co/wordpress/11512/cyber-crime/turkey-
another-story-on-use-of-fraudulent-digital-certificates.html. [Accessed 4 February 2014].
19. • THANK YOU
- denys.flores@epn.edu.ec
- denys.flores@sakuracg.com.ec