Chapter 2 - Architecture and Design Flashcards

1
Q

Configuration Management

A

The process of maintaining systems, such as computer hardware and software, in a desired state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Network Diagram

A

Documentation of physical wire and device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Device Diagram

A

Documentation of individual cabling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Baseline Configuration

A

A documented set of specifications for an information system; security and integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Standard Naming Conventions

A

A set of rules for choosing the character sequence to be used for identifiers which denote variables, types, functions, and other entities in source code and documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Internet Protocol (IP) Schema

A

A plan or model used for addressing for network devices and avoiding duplicated IP addressing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Sovereignty

A

The idea that a country or jurisdiction has the authority and right to govern and control the data generated within its borders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Loss Prevention (DLP)

A

The practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Masking

A

Data obfuscation is the process of modifying sensitive data in such a way that it is of no or little value to unauthorized intruders while still being usable by software or authorized personnel
Example: number on a receipt - Bank card: **687

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Encryption

A

Encoding information into unreadable data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data at Rest

A

Data on a storage device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data in Transit/ Motion

A

Data transmitted over the network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data in Use

A

Data actively processing in memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Tokenization

A

Replacing sensitive data with a non-sensitive placeholder
Example: SSN 266-12-1112 is now 691-61-8539

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Information Rights Management (IRM)

A

Control how data is used by specific people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Geographical Considerations

A

Legal implications, offsite backup, offsite recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Incident Response and Recovery Controls

A

The handling of how respond and recover from a disaster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) Inspection

A

Used to examine outgoing data that is using the SSL/ TLS protocols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Hashing

A

Representing data as a short string of text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Site Resiliency

A

A network or system’s ability to adapt and to protect data and services from disruptions and disasters by having a second data center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Hot Site

A

An exact replica of the original data center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Cold Site

A

No hardware, data, or people
Will take a long time to get back up and running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Warm Site

A

Just enough resources to get back up and running again

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Honeypots

A

A computer security mechanism set to lure in attackers that attempts an unauthorized use of information systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Honeyfiles
A fake file designed to detect attackers who are accessing and potentially removing data from your network
26
Honeynets
A network or group of honeypots set up with intentional vulnerabilities hosted on a decoy server to attract hackers
27
Fake Telemetry
An attacker sending malicious data that the machine thinks is benign or not malicious
28
DNS Sinkhole
A DNS that sends out incorrect IP addresses
29
Infrastructure as a Service (IaaS)
Model in which computing resources are supplied by a cloud services provider Customer responsible for management and security Customer NOT responsible for physical components, such as computers, networks, or physical security of datacenter Customer has responsibility for software components running on the computing infrastructure such as operating systems, network controls, applications, or protecting data
30
Platform as a Service (PaaS)
Used for building, testing, and deploying applications Used for creating application quickly without using managing underlying infrastructure Cloud provider manages hardware and operating systems Customer responsible for applications and data
31
Software as a Service (SaaS)
Hosted and managed by the cloud provider for the customer Least amount of management by cloud customer Cloud provider responsible for managing everything but data, devices, accounts, and identities
32
Anything as a Service (XaaS)
A broad description of all cloud models that use any combination of the cloud
33
Public Cloud Deployment Model
Available to everyone over the internet
34
Community Cloud Deployment Model
Several organizations share the same resources
35
Private Cloud Deployment Model
Your own virtualized data center
36
Hybrid Cloud Deployment Model
A mix of public and private
37
Cloud Service Provider
A third-party that offers a cloud computing platform, infrastructure, application, or storage services, usually for a fee
38
Managed Service Provider (MSP)
Used as information technology-related support for companies who lack the in-house resources needed to maintain their systems
39
Managed Security Service Provider (MSSP)
Provides outsourced monitoring and management of security devices and systems
40
On-premises
Applications are on local hardware and your servers are in your data center building
41
Off-premises
Servers are not in the building and are usually running in a specialized computing environment
42
Cloud Computing
The on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user
43
Fog Computing
Helps in filtering important information from the massive amount of data collected from the device and saves it in the cloud by sending the filtered data
44
Edge Computing
Helps devices to get faster results by processing the data simultaneously received from the devices
45
Thin Client
A simple computer that has been optimized for establishing a remote connection with a server-based computing environment
46
Containers
Portable digital compartments holding a bundle of application files in one runtime environment that live in the cloud
47
Microservices/ API
A style of application architecture where a collection of independent services communicate through lightweight APIs
48
Infrastructure as Code
Managing and provisioning of infrastructure through code instead of through manual processes
49
Software-defined Networking (SDN)
An approach to network management that enables dynamic, programmatically efficient network configuration
50
Software-defined Visibility (SDV)
A way to monitor and understand what the traffic flows are for application instances
51
Serverless Architecture
A way to build and run applications and services without having to manage an operating system Function as a Service (FaaS)
52
Services Integration and Management (SIAM)
Approach to managing multiple suppliers of services and integrating them to provide a single business-facing IT organization
53
Resource Policies
System rules that specify resources and actions for a particular access feature
54
Transit Gateway
A network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks
55
Virtualization
Process of running many different operating systems on the same hardware
56
Virtual Machine (VM) Sprawl Avoidance
Having a formal process and detailed documentation by having information on every virtual object
57
VM Escape Protection
Updating software regularly by installing updates and patches the moment they are available
58
Development Stage
Establish by securing the environment, writing code, and testing in sandboxes
59
Test Stage
All pieces are put together and are used in functional tests to see if the application works
60
Staging Stage
A copy of the production data is being used for performance tests and usability features Almost ready to roll out
61
Production Stage
Application is live and rolled out to the user community
62
Quality Assurance (QA) Stage
Verifies if features are working correctly and validates new functionality
63
Elasticity
Increase or decrease available resources as the workload changes
64
Scalability
Ability to increase the workload in a given infrastructure
65
Deprovisioning
Dismantling and removing an application instance
66
Code Reuse
Use old code to build new applications to save time - copy and paste
66
Dead Code
A section in the source code of a program which is executed but whose result is never used in any other computation
67
Server-side Validation
Checks occurring on the server to help protect against malicious users
68
Memory Management
Ways to dynamically allocate portions of memory to programs at their request, and free it for reuse when no longer needed
68
Open Web Application Security Project (OWASP)
Online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security
68
Compiler
Computer program that translates computer code written in one programming language into another language
69
Automated Courses of Action
Predetermined/ predicted automated responses
69
Continuous Monitoring
Always checking for a particular event then responding
70
Continuous Validation
Automatically validate configuration of a change
71
Continuous Integration (CI)
Practice of merging all developers' working copies to a shared mainline several times a day
71
Continuous Delivery (CD)
Automate testing process, release process, and deploying the application
72
Continuous Deployment
Automatically deploy to production with no manual checks
73
Provisioning
Process of preparing and equipping a network to allow it to provide new services to its users
73
Integrity Measurement
Check for a secure baseline and see if corrections need to be made
74
Normalization
Making sure data is correct and in the right format
75
Stored Procedures
A set of SQL statements that limit client interactions to secure data
75
Obfuscation/ Camouflage
Make something normally understandable very difficult to understand
76
Client-side Validation
End-user's app makes the validation decisions
76
Third-party Libraries and SDKs
Extend the functionality of a programming language
77
Binary File
A file whose content is in a binary format consisting of a series of sequential bytes, each of which is eight bits in length
77
Software Diversity
Research field about the comprehension and engineering of diversity in the context of software
78
Version Control
The practice of tracking and managing changes to software code
79
Directory Services
A database for all of an organization's usernames, passwords, computers, printers, and other devices
80
Federation
A technology that allows users to access multiple tools, apps, and domains with only one set of credentials
81
Attestation
Prove that the hardware is really yours
82
Authentication Method - Time-based One-time Password (TOTP)
Temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors
83
Authentication Method - HMAC-based One-time Password (HTOP)
Type of one-time password (OTP) that is generated using a keyed-hash message authentication code (HMAC) - shared secret key
84
Authentication Method - Short Message Service (SMS)
Provide username and password, phone receives an SMS, and the code is inputted into the login form
85
Authentication Method - Token Key
A key that is unique to a user's session and is protected by an algorithm, which ensures servers can identify a token that has been tampered with and block it
86
Authentication Method - Static Codes
Authentication factors that don't change Example: PIN
87
Authentication Method - Authentication Applications
Application downloaded that provides pseudo-random token generators that are usually 6 digits
88
Authentication Method - Push Notifications
Provide username and password, app sends phone a notification, and the code is inputted into the login form
89
Authentication Method - Phone Call
A call providing authentication code
90
Biometric Factor - Fingerprint
Hold finger down on scanner
91
Biometric Factor - Retina
Unique capillary structure in the back of the eye
92
Biometric Factor - Iris
Texture and color
93
Biometric Factor - Facial
Shape of the face and features
94
Biometric Factor - Voice
Talking for access
95
Biometric Factor - Vein
Match the blood vessels visible from the surface of the skin
96
Biometric Factor - Gait Analysis
Unique measurements Example: how a person walks
97
Efficacy Rates
A measurable result acquired in ideal or controlled conditions
98
False Acceptance Rate (FAR)
Likelihood that an unauthorized user will be accepted
99
False Rejection Rate (FRR)
Likelihood that an authorized user will be rejected
100
Crossover Error Rate (CER)
The rate at which the FAR and FRR are equal
101
Multifactor Authentication Factor - Something You Know
Password, PIN, Pattern
102
Multifactor Authentication Factor - Something You Have
Smart card, USB token, hardware/ software tokens, phone
103
Multifactor Authentication Factor - Something You Are
Biometric authentication
104
Multifactor Authentication Attribute - Somewhere You Are
Location, IP address
105
Multifactor Authentication Attribute - Something You Can Do
Personal way of doing things - handwriting
106
Multifactor Authentication Attribute - Something You Exhibit
Unique trait - gait, typing
107
Multifactor Authentication Attribute - Someone You Know
Social factor, digital signature
108
Authentication, Authorization, and Accounting (AAA)
Authentication - Prove you are who you say you are Authorization - Based on your identification and authentication, what access do you have? Accounting - Resources used: login time, data sent and received, logout time
109
Redundancy
Keeping data in two or more places within a database or data storage system so that if something fails, operations can still be continued
110
Disk Redundancy
Having the same data stored on separate disks enables the data to be recovered in the event of a disk failure
111
Redundant Array of Independent Disks (RAID)
Using multiple drives within a single array where you can store some or all of the data on a redundant drive. If a physical drive is lost, you have separate pieces of data stored on multiple drives as part of that array
112
Multipath I/O (Input/ Output) Redundancy
Configuring multiple links in the network to provide redundancy if one part of the network was to fail
113
Load Balancing
Some servers are active and others are on standby If one server fails, the passive server takes its place
114
Network Interface Card (NIC) Teaming
Grouping physical network adapters to improve performance and redundancy
115
Uninterruptable Power Supply (UPS)
A type of device that powers equipment, nearly instantaneously, in the event of grid power failure Examples: offline/ standby, line-interactive, On-line/ double conversion
116
Generator
Long-term power backup that can power an entire building but takes a little time to power up
117
Dual-power Supplies
Redundant circuits that generate two different output voltages from a single input source Both run at 50% but can handle all 100% Can swap out without powering down
118
Power Distribution Units (PDUs)
Device fitted with multiple outputs designed to distribute electric power, especially to racks of computers and networking equipment located within a data center
119
Storage Area Network (SAN) Replication
Sharing data between two devices so if one fails you can still work with the data that has a very fast recovery time compared to traditional backups
120
VM Replication
Create backup versions of virtual machines that can be kept and used to restore the machine in the event that its data is corrupted or lost
121
On-premises Redundancy
Local devices are connected over fast networks Purchasing your own storage is an expensive capital investment Local data is private
122
Cloud Redundancy
Cloud connections are almost always slower Cloud costs have a low entry point and can scale Data stored in the cloud requires additional security controls
123
Full Backup
A complete copy of a business or organization's data assets in their entirety
124
Incremental Backup
All files changed since the last incremental backup
125
Differential Backup
All files changed since the last full backup
126
Snapshot Backup
The state of a system at a particular point in time
127
Tape Backup
A sequential storage device that is easy to ship and store
128
Disk Backup
A fast and efficient type of backup that can be deduplicated and compressed
129
Copy Backup
An exact replica of a system at a particular point in time
130
Network Attached Storage (NAS)
File-level storage server connected to a computer network, providing data access to a group of users on that network
131
Storage Area Network (SAN)
Dedicated network of storage devices that provides a shared pool of storage and appears to each user on the network as if it were connected directly to the computer
132
Cloud Backup
A backup to a remote device in a cloud that can support many devices
133
Image Backup
Capture an exact replica of everything on a storage device that can restore everything on a partition like OS files and documents
134
Online Backup
The use of a third-party service to back up data remotely over the Internet
135
Offline Backup
A backup to local devices in a secure external location that is completely isolated from the production environment
136
Offsite Storage
Any data or document facility that is physically separate from the organization usually for disaster recovery purposes
137
Non-persistence
Application instances being constantly built and torn down
138
Revert to Known State
Data that falls back to a previous snapshot
139
Last Known-good Configuration
Don't modify the data, but use a previous configuration
140
Live Boot Media
Being able to launch an entire operating system from removable media that is portable
141
High Availability (HA)
Describes systems that are dependable enough to operate continuously without failing
142
Restoration Order
The order in which you have to rebuild an application instance
143
Technology Diversity
Having a diversity of technology can be beneficial if an OS fails or gets exploited
144
Vendor Diversity
Can purchase different devices from different vendors to have flexibility during purchase process and renewal process Different vendors can have different support teams as well
145
Crypto Diversity
Diverse certificate authorities can provide additional protection
146
Controls Diversity
Combine different administrative, physical, and technical controls together to create a defense in depth for security
147
Application-specific Restoration Order
Databases should be restored before the application
148
Backup-specific Restoration Order
Incremental backups restore the full backup, then all subsequent incremental backups Differential backups restore the full backup, then the last differential backup
149
Embedded Systems
Hardware and software designed for specific functions or to operate as part of a larger system
150
Raspberry Pi
Is a System on a Chip (SoC) - multiple components running on a single chip
151
Field-programmable Gate Array (FPGA)
An integrated circuit that can be configured/ reprogrammed after manufacturing
152
Arduino
Hardware and software company, project, and user community that designs open-sourced electronics platform based on easy-to-use hardware and software
153
Supervisory Control and Data Acquisition (SCADA)/ Industrial Control System (ICS)
Provides a centralized interface for operations personnel to control and monitor all critical devices and processes from one location Allows a PC to manage equipment such as: facilities, industrial, manufacturing, energy, logistics
154
Smart Devices/ Internet of Things (IoT)
Devices commonly connected to the internet and connected to many different types of systems inside of our homes and businesses
155
Smart Devices/ Internet of Things (IoT) - Sensors
Heating and cooling, lighting
156
Smart Devices/ Internet of Things (IoT) - Smart Devices
Home automations, video door bell
157
Smart Devices/ Internet of Things (IoT) - Wearables
Watches, health monitors
158
Smart Devices/ Internet of Things (IoT) - Facility Automation
Temperature, air quality, lighting
159
Smart Devices/ Internet of Things (IoT) - Weak Defaults
IoT manufacturers are not security professionals
160
Specialized Embedded Device - Medical Systems
Heart monitors, insulin pumps - older OS
161
Specialized Embedded Device - Vehicles
Multiple embedded systems that can all communicate with each other for a better driving experience
162
Specialized Embedded Device - Aircraft
Multiple embedded systems that can all communicate with each other
163
Specialized Embedded Device - Smart Meters
In home to measure power and water usage
164
Voice Over IP (VoIP)
Type of phone system that uses an internet connection to make and receive calls, rather than traditional landlines
165
Heating, Ventilation, Air Conditioning (HVAC)
PC manages this equipment to make cooling and heating decisions for workspaces and data centers
166
Multifunction Printer (MFP)
A piece of office equipment that consolidates the capabilities of multiple devices
167
Real-time Operating System (RTOS)
Operating system with a deterministic processing schedule that does not wait for other processes Example: automatic brakes on a car
168
Surveillance Systems
Video/ audio have embedded systems in the camera and the monitoring stations
169
Embedded Systems Communication - 5G
Wireless cellular technology, offering higher upload and download speeds, more consistent connections, and improved capacity than previous networks
170
Embedded Systems Communication - Narrow-band
Communicate analog signals over a narrow range of frequencies Over a long distance - conserve the frequency use
171
Embedded Systems Communication - Baseband Radio
Using a single frequency to be able to communicate
172
Embedded Systems Communication - Subscriber Identity Module (SIM) Cards
Used to provide information to a cellular network provider - phones, tablets, embedded systems
173
Embedded Systems Communication - Zigbee
The meshed communication between IoT devices that is an alternative to Wi-Fi and Bluetooth
174
Embedded Systems Constraints - Power
May not have access to main power source Batteries need replaced
175
Embedded Systems Constraints - Compute
Low-power CPUs are limited in speed
176
Embedded Systems Constraints - Network
May not have the option for a wired link or may be in the middle of a field
177
Embedded Systems Constraints - Crypto
Limited hardware options that is difficult to change or modify cryptography features
178
Embedded Systems Constraints - Inability to Patch
Some devices have no field-upgradable options or difficult to install
179
Embedded Systems Constraints - Authentication
Security features are an after thought such as no multi-factor, limited integration
180
Embedded Systems Constraints - Range
Purpose-built and usually does one thing very well which may not provide additional functionality
181
Embedded Systems Constraints - Cost
Single-purpose comes at a low cost and low cost may affect product quality
182
Embedded Systems Constraints - Implied Trust
Limited access to hardware and software which makes it difficult to verify the security posture
183
Physical Controls - Bollards/ Barricades
Allow people, prevent access to cars and trucks
184
Physical Controls - Access Control Vestibules
Provides a space between two sets of interlocking doors
185
Physical Controls - Badges
Allows access to true employees/ workers
186
Physical Controls - Alarms
Triggered by a person and alerts people
187
Physical Controls - Signage
Provides clear and specific instructions
188
Physical Controls - Cameras
Motion recognition - can alarm and alert when something moves Object detection - can identify a license plat or a person's face
189
Physical Controls - Closed-circuit Television (CCTV)
A video surveillance resource that can replace physical guards
190
Physical Controls - Industrial Camouflage
Conceal an important facility in plain site
191
Physical Controls - Personnel
Guards Robot Sentries - continuously monitors Two-person integrity/ control - no single person has access to asset Reception
192
Physical Controls - Cable Locks
Temporary security to keep something from being removed
193
Physical Controls - USB Data Blocker
Prevents "juice jacking" Allows the voltage and rejects the data
194
Physical Controls - Lighting
More security by seeing easier and attackers avoiding
195
Physical Controls - Fencing
Builds a perimeter to keep people out
196
Physical Controls - Fire Suppression
Water is bad for electronics Chemical suppression - Dupont FM 200
197
Physical Controls - Sensors
Detects aspects such as motion, noise, proximity, moisture, and temperature
198
Physical Controls - Drones
Covers large areas quickly with motion detection and thermal sensors
199
Physical Controls - Visitor Logs
Keeps track of people going in and out of building of building for when something happens
200
Physical Controls - Faraday Cages
Blocks electromagnetic fields
201
Physical Controls - Screen Subnet (DZ)
An additional layer of security between internet and you
202
Physical Controls - Protected Cable Distribution
A physically secure cabled network
203
Secure Areas - Air Gap
Physical separation between networks
204
Secure Areas - Vault
Secure reinforced room
205
Secure Areas - Safe
Smaller less expensive space
206
Secure Areas - Hot Aisle and Cold Aisle
A way to keep components at optimal temperatures
207
Secure Data Destruction - Burning
Physically light documents on fire
208
Secure Data Destruction - Shredding
Put through a shredder and cut into tiny pieces
209
Secure Data Destruction - Pulping
Put in large tank to remove ink and broken down to a pulp
210
Secure Data Destruction - Pulverizing
Using heavy machinery for complete destruction
211
Secure Data Destruction - Degaussing
Remove the magnetic field to destroy the drive data
212
Secure Data Destruction - Third-party Solutions
Having someone destroy data for you Make sure to get certificate of destruction
213
Physical Controls - Door Locks
Conventional - Lock and key Deadbolt - Physical bolt Electronic - Keyless, PIN Token-based - RFID badge, magnetic swipe Biometric - Hand, fingers, retina Multi-factor - smart card and PIN
214
Digital Signature
An electronic, encrypted, stamp of authentication on digital information Authentication, non-repudiation, integrity
215
Key Length
Larger = more secure Shorter = more weak Symmetric = 128-bit or larger Asymmetric = 3,072 bits or larger
216
Key Stretching
Making a weak key more secure against a brute force attack by hashing a hash and hashing that hash and so on...
217
Salting
Random data added to a password when hashing
218
Hashing
Representing data as a short string of text
219
Key Exchange
Exchange the secret key so that each party is able to encrypt messages before sending, and decrypt received ones
220
Elliptic-curve Cryptography (ECC)
An approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields Powerful and used for a device with limited number of resources
221
Perfect Forward Secrecy (PFS)
Feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised
222
Quantum Communication
Protecting against eavesdropping using quantum cryptography by creating unbreakable encryption
223
Quantum Computing
Using a new computing technology that bases computers off of quantum physics Qubit is the smallest form of information
224
Post-quantum Cryptography
Not yet secure against classical computers Cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer
225
Ephemeral Key
Generated for each execution of a key establishment process Changing often
226
Modes of Operation - Electronic Code Book (ECB)
Each block being encrypted with the same key Identical plaintext blocks create identical ciphertext blocks
227
Modes of Operation - Cipher Block Chaining (CBC)
Each plaintext block is exclusive or (XORed) with the previous ciphertext block
228
Modes of Operation - Counter (CTR)
Every time a counter-initiated value is encrypted and given as input to XOR with plaintext which results in ciphertext block
229
Blockchain - Public Ledgers
A place to keep track of transactions that is distributed to everyone
230
Stream Cipher
An encryption technique that works byte by byte to transform plain text into code Each plaintext digit is encrypted one at a time
231
Block Cipher
A method of encrypting data in blocks to produce ciphertext Algorithm operating on fixed-length groups of bits, called blocks
232
Steganography
Security through obscurity Making a message invisible even though it is there
233
Steganography - Audio
Modifying the digital audio file to interlace a secret message within the audio file
234
Steganography - Video
A sequence of images Using image steganography on a larger scale
235
Steganography - Image
Embedding a message in an image itself
236
Homomorphic Encryption
The ability to perform calculations and research on data while it is encrypted
237
Common Use Cases - Low Power Devices
Smaller symmetric key Elliptic curve cryptography (ECC) for asymmetric encryption
238
Common Use Cases - Low Latency
Fast computation time Symmetric encryption, smaller key sized
239
Common Use Cases - High Resiliency
Larger key sizes Encryption algorithm quality Hashing provides data integrity
240
Common Use Cases - Supporting Confidentiality
To keep secret and private use encryption
241
Common Use Cases - Supporting Integrity
Use a hash to to prevent modification of data such as file downloads and password storage
242
Common Use Cases - Supporting Obfuscation
Encrypted data hides the active malware code and decryption occurs during execution
243
Common Use Cases - Supporting Authentication
Password hashing and salting to protect the password
244
Common Use Cases - Supporting Non-repudiation
Use digital signature to confirm the authenticity of data
245
Limitations - Speed
Cryptography adds overhead and more encryption can increase the load
246
Limitations - Size
Encrypting bytes might double storage size
247
Limitations - Weak Keys
Easier to brute force and may be security issues
248
Limitations - Time
Large files take a long time to encrypt and hash
249
Limitations - Longevity
A specific cryptographic technology can become less secure over time
250
Limitations - Predictability
Hardware random number generators can be predictable in which random numbers are critical for cryptography
251
Limitations - Reuse
Reduces complexity and if the key is compromised everything can be at risk
252
Limitations - Resource vs. Security Constraints
IoT - limited security, memory, and power Real-time applications can't delay Difficult to maintain and update security components
253
Symmetric Encryption
A single key, encrypt and decrypt with the same key
254
Asymmetric Encryption
Two (or more) mathematically related keys, private and public key Private key decrypt and public key encrypts Private key encrypts and public key decrypts
255
Lightweight Cryptography
Designed to protect information created and transmitted by the Internet of Things, as well as for other miniature technologies
256
Out-of-band Key Exchange
Sending the symmetric key by phone, courier, in person, etc.
257
In-band Key Exchange
Sending it on the network with additional encryption and using asymmetric encryption to deliver the symmetric key
258
Block Cipher Mode of Operation
An algorithm that uses a block cipher to provide information security such as confidentiality or authenticity