Chapter 3 - Security Engineering Flashcards

1
Q

What is System Architecture?

A
  • Architecture is a conceptual tool to understand the structure and behavior of a complex entity through different views. The views are based upon the needs of the stakeholders of that system.
  • ISO 42010 defines five key System Architecture terms:
    • Architecture: organization of a system embodied in its components, their relationships to each other and to the environment
    • Architecture Description: Collection of documents that convey an architecture in a formal manner.
    • Stakeholders: individual, team or organization that have an interest or stake in the system.
    • View: representation of a system from a whole system from the perspective of a related set of concerns.
    • View point: A template from which to develop individual views by establishing the purposes and audience for a view and the techniques for its creation and analysis.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What functionality does the CPU provide?

A
  • The CPU is the brain of the computer and fetches instructions from memory and executes them.
  • Control unit: It determines what application instructions get processed and in what priority and time slice.
  • ALU performs mathematical functions and logical operations on data.
  • Uses registers to hold information:
    • General Registers are like scratch pads while the ALU is working.
    • Special Registers: Contains program counter, Stack pointer, PSW.
    • Program counter Register: contains the address of the next instruction.
    • PSW: contains bits to indicate if the CPU should execute in user or privileged mode.
  • Connected via an address bus, which is a hardwired connection, to the RAM chips, and I/O devices.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Multiprocessing?

A
  • Symmetric mode, this means the processors are handed work as needed. Scheduler determines which processor is ready for more work and sends it on.
  • When a processor is dedicated the system is working in asymmetric mode. This usually means the computer has some type of time-sensitive application that needs its own personal processor.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Random Access Memory (RAM)?

A

RAM is a type of temporary storage facility where data and program instructions can temporarily be held and altered. Considered volatile because when system reboots then information is lost. RAM is made up of millions of transistors and capacitors, and the capacitors hold a charge to represent 1 or no charge (0). Capacitors can’t hold the charge for long.

  • Dynamic RAM (DRAM): dynamically refresh the capacitors charge making it slow.
  • Static RAM (SRAM): holds bits in cells not capacitors. Users more transistors and therefore takes more space.
  • Synchronous DRAM (SDRAM): coordinates its activities with the CPU clock so the timing of the CPU and the timing of the memory activities are synchronized.
  • Extended data out DRAM (EDO DRAM): can capture the next block of data while the first block is being sent to the CPU. ‘Look ahead’ feature speeds up processing.
  • Burst EDO DRAM (BEDO DRAM): Works like EDO Ram but it can send more data at once (burst).
  • Double data rate SDRAM (DDR SDRAM): Carries out read operations on the rising and falling cycles of a clock pulse - twice the throughput.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Read Only Memory (ROM)?

A

ROM is a non-volatile memory type. ROM chips are manufactured with the stored program or routines designed into it. The software that is stored within ROM is called firmware.

  • Programmable read-only memory (PROM) is a form of ROM that can be modified after it has been manufactured but only once.
  • Erasable programmable read-only memory (EPROM) can be erased, modified, and upgraded. To erase the data on the memory chip, shine UV light on the quartz.
  • Electrically erasable programmable read-only memory (EEPROM): data storage can be erased and modified electrically by onboard programming circuitry and signals. This activity erases only 1 byte at a time.
  • Flash memory is a special type of memory, solid state technology used more as a type of hard drive than memory. Flash memory basically moves around different levels of voltages to indicate that a 1 or 0 must be held in a specific address.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Cache memory?

A
  • Used for high-speed writing and reading activities.
  • Information needed by the CPU very quickly and very often is usually stored in cache memory.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a memory mapper and how does it provide security?

A
  • Access to memory needs to be controlled to ensure data does not get corrupted and data is only accessed by authorized processes.
  • CPU has physical wires connecting it to the memory chips, which allows the CPU to use Physical or Absolute addresses
  • Operating systems enable software to access memory indirectly by using index tables and pointers, instead of giving them the right to access the memory directly.
  • When a program attempts to access memory, its access rights are verified and then instructions and commands are carried out in a way to ensure that badly written code does not affect other programs or the system itself.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What allows a bufferover attack to take place?

A
  • Buffer overflow takes place when there is insufficient input validation.
  • Applications, makes function calls which uses a linear memory construct (FILO Stack). First adds a return pointer (RP), which is pointer to the application’s memory that tells the function to return control to the application after it has finished working through the values.
  • Thus, if input validation is not performed, and a function call is made, malicious code can be inserted all the way to the RP, and overwrite the RP to point to the start of the malicious code just inserted. Allows the malicious code to be executed in the context of the application.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some memory protection techniques to prevent buffer overflow?

A
  • Address Space layout Randomisation (ASLR): If an attacker needs to conduct a buffer overflow attack needs to know what memory address to send the attack. With ASLR the OS changes the addresses continously.
  • Data Execution prevention (DEP): Implemented via CPU or OS, to ensure executable code doesnt function within memory segments that could be dangerous.
  • Garbarge Collector, implemented by the OS to run an algorithim to identify unused commited memory and then mark the memory as available.
  • Memory leaks can also be addressed via better programming.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do OS manage processes?

A
  • Applications work as individual units called processes , when a process is created the OS assigns resources to it, such as memory segment, CPU time slot, access to system APIs. The collection of instructions and assigned resources is a ‘process’.
  • Multitasking allows the OS to maintain many processes in various execution states: running state (CPU is executing the instructions), ready state( waiting to send to the CPU), or blocked state (waiting for input data, such as keystrokes)
  • OS keeps a process table, contains process state, pointer, memory allocation, when a process CPU time slice is over, all the information about a process is put into the table.
  • Processes know when it can communicate CPU via interrupts. Two types of interrupts - maskable is assigned to an event that may not be overly important. Non-maskable interupt used for critical processes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How are processes protected from each other? To ensure a malicious program doesnt negatively impact others.

A
  • Encapsulation of objects: When a process is encapsulated, no other process understands or its internal programming code. Processes can communicate with other processes via interfaces.
  • Time multiplexing of shared resources:
  • Naming distinctions: Each process has its own name and ID value.
  • Virtual memory mapping: OS dividies memory and assigns portions of it to the requesting process. Each process has its own memory space, ensuring processes do not interact improperly.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does a memory management provide?

A
  • Provide an abstration level for programmers, maximise performance with the limited amount of memory and protect the OS and applications loaded into memory.

Provides the following:

  • Relocation: Swap contents from RAM to hard-drive. Systems use the hard-drive to extend RAM. When RAM is combined with hard-drive the result is virtual memory.
  • Protection: Limit process to interact only with the memory segments assigned. Provide access control to segments.
  • Sharing: Allow users with different levels to interact with the same app, complex controls to ensure Integrity, and confidentiality when processes to use shared resources.
  • Logical organisation: Segment all memory types and provide adddressing scheme, allow for sharing of specific software modules.
  • Physical organisation: Segment the physical space for application and OS processes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does the OS handle I/O devices?

A
  • I/O devices are usually considered block or character devices. A block device works with data in fixed-size blocks, eg. disk drive. A character device works with a streams of characters such as NIC, or mouse.
  • When an I/O device has completed its task, it needs to inform the CPU that data is memory is ready for processing. The OS maintains a table called Interrupt vector of all the I/O devices connected to it, including memory addresses.

OS can carry out software I/O procedures in various ways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does the CPU Architecture provide security?

A
  • The CPU and OS need to be compatible to work together. The OS uses memory protection to ensure processes dont impact each other.
  • The ring-based architecture of the CPU is another way to provide protection. Ring 0 is where the OS’s kernel (most trusted and powerful process) works. Ring 1 is where OS utilities reside, and the least trusted applications (applications) work in Ring 3.
  • less trusted processes that are working in ring 3 send their communication requests to an API provided by the OS specifically to ensure communication between an untrusted process and a trusted process is controlled and safe.
  • Process is assigned a status level by the OS, stored as PSW, and when the process needs to interact with the CPU, the CPU checks the process status level to know what it can or cannot do.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the types of OS Architectures?

A

OS architectures dictates how the pieces and parts of the OS interact with each other and provide the functionality that the applications and users require of it. Main differences in the architectural approaches come down to what is running in the kernel mode.

  • Monolithic: Earlier OS acted as 1 software layer between the user applications and the hardware level, all code ran in priviledged state making mistakes and malicious activites. Not modular in nature.
  • Layered: Seperates system functionality into hierarchical layers. 5 layers from 0 which is controlled access to the processor and layer 4 where the applications reside. Provides data hiding by not allowing layers with direct access to each other. Too many layers for even simple OS activities results in performance hit, and still too much code running in kernel.
  • Microkernel: smaller subset of critical kernel processes, focusing maintly on memory management and interprocess communication. Other processes including device drivers run in user mode. Performance hit was to great.
  • Hybrid Microkernel: Microkernel still exists. Other operating services work in a client/server model. If a user’s application needs the OS to carry out some type of functionality, it makes a request to the specific API of the system’s server service.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How do Virtual Machines work?

A
  • Virtualization enables single hardware equipment to run multiple OS environments simultaneously, greatly enhancing processing power utilization, among other benefits.
  • The virtual machines do not directly access these resources; instead, they communicate with a hypervisor within the host environment, which is responsible for managing system resources.

VMs allow:

  • Consolidates the workloads of several under-utilized servers to fewer machines,
  • provide secure, isolated sandboxes for running untrusted applications.
  • retrofit new features in existing operating systems without “too much” work.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the components of System Security Architecture?

A
  • Security Policy involves setting the goals of what the security mechanisms are supposed to accomplish.
  • TCB is a collection of all the hardware, software, and firmware components within a system that provides some type of security and enforces the system’s security policy. Theprocesses within the TCB are the components that protect the system overall. They reside in ring 0, their instructions are executed in privileged state. OS maintains an isolated execution domain, so their processes cannot be compromised or tampered with.
  • Security Perimeter is a boundary that divides the trusted from the untrusted. Precise communication standards must be developed for components in and out of the TCB.
  • TCB & Security perimeter: are conceptual constructs do delineate between trusted and untrusted components and how they communicate.
  • Reference Monitor: abstract machine that mediates all access subjects have to objects, both to ensure that the subjects have the necessary access rights and to protect the objects from unauthorized access and destructive modification.
  • Security Kernel made up of hardware, software and firmware components that fall within the TCB. Provide isolation for the processes carrying out the reference monitor concept. Invoked in very access attempt and must be impossible to circumvent. Small enough to be tested and verified.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the Security models and what types of security do they provide?

A
  • Bell-LaPadula Model: 1st model of multilevel security policy, focuses on confidentiality.
    • Simple security rule: Cannot read data of a higher level object
    • * property rule: Cannot write down to lower level object
    • Strong Star property rule: Can read & write to an object at the same security level
  • Bilba Model: Describes access controls for data integrity
    • simple integrity axiom: Cannot read data of a lower level object
    • * integrity axiom: Cannot write to a high level object
  • Clark-Wilson Model: Ensure properly formatted transactions take place:
    • Subjects access objects through authorised programs
    • Seperation of duties is enforced
    • Auditing is required
  • Noninterference Model: multilevel security model states that commands and activities performed at one security level should not be seen by, or affect, subjects or objects at a different security level.
  • Brewer and Nash Model: allows for dynamically changing access controls that protect against conflicts of interest
  • Graham-Denning Model: shows how subjects and objects should be created and deleted, and how to assign specific access rights.
  • Harrison-Ruzzo-Ullman Model shows how a finite set of procedures can be available to edit the access rights of a subject.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Common Criteria?

A

Common Criteria is a framework within which users specify their security requirements and vendors make claims about how they satisfy those requirements, and independent labs can verify those claims. 7 assurance levels from 1-7.

Components of CC:

  • PP: Description of a needed security solution
  • TOE: Product proposed to provide a needed security solution.
  • ST: Vendor defines what the product does and how it defines it
  • Security functional requirements: Specifies the individual security functions provided by the product
  • Security assurance requirements: Measures taken during development and evaluation of the product for assurance.
  • EAL packages: Functional and assurance requirements that must be met to achieve certification.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is the difference between certification and accreditation for products?

A
  • Certification is a technical review that assesses the security mechanisms and evaluates their effectiveness. Accreditation is management’s official acceptance of the information in the certification process findings.
  • Any major addition of software, changes to the system, or modification of the environment should initiate a new certification and accreditation cycle.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is cloud computing?

A

Cloud computing is the use of shared, remote computing devices for the purpose of providing improved efficiencies, performance, reliability, scalability, and security.

  • Software as a Service (Saas): Specific application that executes on the service providers environment. e.g word app.
  • Platform as a Service (Paas): Spawning an instance of Server 2012 R2 to provide a web server. Service provider is responsible for securing the platform. User doesnt get admin privileges
  • Infrastructure as a Service (Iaas): Unfetted access to the cloud devices. Service provider is not responsible for security.

Parrell computing is the use of simultaneous us of multiple computers to solve a speific task, can be achieved using bit level, instruction-level and task-level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are the security issues for Databases?

A
  • Aggregation is the act of combining information from separate sources. The combination of the data forms new information, which the subject does not have the necessary rights to access.
  • Preventing Aggregation: To prevent access to the whole combination, the individual components can be placed into containers at higher classification level. Also subjects’ queries should be tracked and a context-dependent access control can be enforced - keeping a history of all requests and denying a request if it appears to be aggregation attack.
  • Inference: happens when a subject deduces the full story from the pieces he learned of through aggregation.
  • Preventing inference: Using context-dependent access control, and cell suppression - hiding specific cells that contain information could be used in inference attacks. Partitioning a database involves dividing the database into different parts to make harder for individuals to connect the pieces. Noise and pertubation technique for inserting bogus information for misdirecting an attacker.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are security issues for web-based systems?

A

Web application security principles are meant to govern programming practices to regulate programming styles and strategically reduce the chances of repeating known software bugs and logical flaws.

  • Use Encryption to secure input/output operations of web apps
  • Fail securely, display a friendly error message without displaying internals
  • Use of WAF, that inspects the traffic going to (or coming) from a web application in order to filter out potentially malicious content.
24
Q

What are the security issues for mobile systems?

A
  • People do not usually install antimalware software on these devices and ensure that the software is up to date
  • Also puts workstations/laptops at risk when mobile devices are synchronising.
  • Mobile carriers typically encrypt their users’ data, typically it is encrypted only while it is traveling over the wireless portion of the network, and in clear text on the wired.
  • Emterprise mobile security:
    • Only centrally managed devices can access corporate resources.
    • Data encryption, remote wipe, idle timout and authentication.
    • Bluetooth capabilities should be locked down
    • Endpoint security should expand to mobile devices.
25
Q

What are the security issues for cyber physical systems?

A
  • Embedded Systems is the simpliest form of cyber physical system, usually build around microcontrollers which are specialised devices CPU, memory, and perpheral control interfaces. These devices are increasingly shipped with network connectivity. At a minimum an analysis of the data flows must be conducted.
  • Internet of things global network of connected embedded systems, and each node is connected to the internet.
    • Authentication: typically have poor (if any) authentication.
    • Encryption: Typically expensive in terms of processing power and memory requirements, but puts data at risk
    • Updates: Vendors dont provide functionality to automatically update software/firmware.
26
Q

What are the security issues for industrial control systems (ICS)?

A

ICS exist on factory floors to control conveyor belts and industrial robots. They exist in the power and water infrastructures to control the flows of these utilities. Three major categories:

  • Programmable Logic Controllers (PLC) are computers designed to control electromechanical processes such assembly lines, elevators, roller coasters, and nuclear centrifuges. Connect to these devices using non standard protocols. Generally network enabled.
  • Distributed Control System (DCS) is a network of control devices within fairly close proximity that are part of one or more industrial processes. Communication was not meant for WAN connections or for security. Physical security was assumed to be sufficient.
  • Supervisory Control and Data Acquisition (SCADA) were developed to control large-scale physical processes involving nodes separated by significant distances. Bigger than DCS in size and distance.
  • ICS Security: greatest vulnerabilty is their increasing connectivity to traditional IT networks. Exposes once private systems, and accelerates convergence towards standard protocols.
    • Segment the network to place IDS/IPS at the subnet boundaries.
    • Use encryption wherever feasible.
    • Ensure there is a process for patch management.
27
Q

What are some security considerations for Software development?

A

Maintainence hooks, are a type of back door which can be useful during development for debugging - causes major security issues.

Prevent maintainence hooks:

  • Code reviews and unit/quality assurance testing should be conducted and lookout for backdoors.
  • Use a host based intusion detection systems to watch for any back doors to the system
  • Use of file system encryption to protect sensitive information
  • implement auditing to detect back door use

Race condition is an attack in which an attacker makes processes execute out of sequence to control the result. A TOC/TOU attack is when an attacker jumps in between two tasks and modifies something to control the result.

To prevent Race conditions

  • not split up critical tasks that can have their sequence altered.
  • not give the processor the opportunity to switch to another process in between two tasks. This would not give the processor the opportunity to switch to another process in between two tasks.
28
Q

What are the following cryptographic terms mean?

  • Cryptanalysis
  • Cryptography
  • Cryptology
  • Cryptosystem
  • algorithm
  • key
  • Kerckhoffs’ principle
A

Cryptanalysis is the science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and reverse-engineering algorithms and keys.

Cryptography is a method of storing and transmitting data in a form that only those it is intended for can read and process.

Cryptology is the study of cryptanalysis and cryptography

Cryptosystem is a system or product that provides encryption and decryption. Strength of an encryption method comes from the algorithm, secrecy of the key, length of the key, and initialization vectors

Algorithm set of rules also known as the cipher , dictates how enciphering and deciphering take place.

Key value that comprises a large sequence of random bits.

Kerckhoffs’ principle making an algorithm publicly available means that many more people can view the source code, test it, and uncover any type of flaws or weaknesses.

29
Q

What is a one-time pad and how does it provide perfect secrecy?

A

OTP is an encryption process that uses a binary mathematical function that uses XOR, and is considered perfect because it is unbreakable if implemented properly.

Unbreakable if and only if:

  • Pad must be made up of truly random values.
  • Pad must be securely distributed and protected at its destination.
  • Pad must be used only one time.
  • Pad must be used only one time.

A number generator is used to create random values and must be seeded by an initial value, if the seeding value is predicatable then resulting values are pseudorandom.

30
Q

What is Steganography and how does enable files to hidden?

A

Is a method of hiding data in another media type so the very existence of the data is concealed.

  • Carrier a signal/file that has hidden information
  • Stegomedium medium in which the information is hidden
  • Payload informaiton that needs to be hidden/transmitted

All media has bits that can be modified and not affect the file they are in, which are the least significant bit (LSB) - which is where data can be hidden without altering the file in visibile manner.

31
Q

What is the difference between Symmetric and Asymmetric encryption?

A

Symmetric:

  • Strengths
    • Much faster and hard to break if using large keys
  • Weaknesses
    • Requires a secure mechanism to deliever keys
    • number of keys required as users increases is = N(N – 1)/2
    • Provides confidentiality but not authenticity or nonrepudiation.

Asymmetric:

  • Strengths:
    • Better key distribution & scalability than symmetric systems.
    • Can provide authentication and nonrepudiation.
  • Weakness
    • Much more slow, and intensive than symmetric
32
Q

What is the difference between block and stream ciphers?

A

Block Ciphers messages are divided into blocks of bits. A strong cipher contains two main attributes: Confusion - carried out with substituion and diffusion - carried out with using transposition.

  • Confusion pertains to making the relationship between the key and resulting ciphertext as complex as possible so the key cannot be uncovered
  • Diffusion, on the other hand, means that a single plaintext bit has influence over several of the ciphertext bits.

Stream ciphers treats the message as a stream of bits and performs mathematical functions on each bit. Uses a keystream generator which is XORed with the plaintext to produce ciphertext. Similar to the OTP.

33
Q

What do Initialization Vectors (IV) provide?

A
  • If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext.
  • IV and key are both used by the algorithm to provide more randomness and remove pattern

Effective keystreams must:

  • easy to implement in hardware
  • long periods of no repeating patterns within keystreams
  • keystreams not linearly related to the key
  • Statiscally unbiased keystream (same no of 0s/1s)
34
Q

How are Asymmetric and Symmetric Algorithms Used Together?

A

Asymmetric algorithm for protecting encryption keys and key distribution, and a secret key is generated by a symmetric algorithm and used for bulk encryption.

  • Session keys are single-use symmetric key that is used to encrypt messages between two users
  • When two computers want to communicate using encryption, they must first go through a handshaking process.
  • Use Asymmetric encryption to exchange session key
35
Q

How does 3des work?

A

Symmetric block encryption algorithim that operates on blocks one at a time through 16 rounds of transposition and substitution.

Modes of encryption:

ECB: Only useful for short messages, each block is encrypted with the same key - not enough randomness

CBC: ciphertext from the previous block of data is used in encrypting the next block of data. Slower because each block must be fed into the next, errors will impact the subsquent blocks.

CFB: emulate a stream cipher,

36
Q

How does 3DES work?

A

Uses 48 rounds, but takes a huge performance hit.

Works in different configurations, and each one determines number of keys:

  • DES-EEE3: Three different keys, encrypt, encrypt, encrypt
  • DES-EDE3: Three different keys, encrypt, decrypt, encrypt
  • DES-EEE2: Same as EEE3 but uses 2 keys, first and third use the same key
  • DES-EDE2: Same as EDE3, but uses 2 keys, first and third use the same key.
37
Q

What are the other popular Symmetric algorthims?

A
38
Q

What is Diffie-Hellman and how does it work?

A

DH is the first Asymmetric Key agreement algorithim and is different to key exchange.

  • Illustrated by Tanya and Erica communicating. Tanya’s software would take her private key and Erica’s public key and insert them into a DH algorithim.
  • Erica’s sofware would also taker her private key and Tanya’s public key and insert them into a DH algorithim.
  • Tanya and Erica both derive the same shared value used to create symmetric keys.

The orginial DH algorithim was vulnerable to man-in-the-middle, and thus a countermeasure was to use authentication with certificates.

39
Q

What security services does RSA /ECC provide?

A

Provides digital signatures, key exchange, and encryption.

RSA’s maths are based on difficulty of factoring large integers into its two prime factors.

ECC can provide the same level of protection with a key size that is shorter than what RSA requires.

  • Key exchange: it is used to encrypt symmetric key to get it securely to its destination.
  • Digital signature: Private key is used for signature generation, and decryption.
  • Encryption: Public key used in encryption, and signature verification.
40
Q

How does the Message Authentication Code (MAC) work?

A

MAC function is an authentication scheme derived by applying a secret key to a message in some form, and does not apply symmetric key encryption.

  • HMAC: symmetric key would be concatenated with the message, and produce a MAC value. Thus if a message is intercepted and MAC value altered, then receiver can difference in MAC value when adding the symmetric key to the message. Provides no confidentiality
  • CBC-MAC: Message is encrypted with a symmetric block cipher in CBC mode, and the output of the final block of ciphertext is used as a MAC. Clear text version of the MAC value is sent, and once the encrypted text is unencrypted, the MAC value can be verified.
  • CMAC: works in the same way CBC-MAC but is based on more complex logic and maths functins.
41
Q

What are some Hash Algorithims? What are some attacks against it?

A
  • MD4: 128 bit message, developed by Ron Rivest
  • MD5: 128 bit message but more complex than MD4, developed by Ron Rivest
  • SHA-1: 160 bit message,
  • SHA-2/SHA-3: Produces message sizes 256, 384, 512

Attacks against a hash algorithims, collisions can be forced via the concept of birthday attack - maths paradox where there is greater than 50% chance that 2 or more people have the same birthday = 23. Thus if a hashing algorithims has 160 bits, then if there is a chance that a collision can occur in less than 2^80, then a brute force attack is successful.

42
Q

What function does Certificates play in PKI?

A
  • PKI requires the use of digital certificates which is credential to uniquely identify an individual that contains the public key. Certs are created and signed (Digital signed) by a 3rd party (CA).
  • CA is a trusted organisation, contructs the cert, signs it, sends it to the requester and maintains the cert over the lifetime.
  • CAs can be internal or external e.g Entrust and verisign
  • Cross certification is the process where two CAs in 2 different organisation trust each other and each one can validate the certs in the other organisation.
  • Revocation of certs are handled via CRL or OSCP.
  • Registration Authority confirms the identity of an individual, and initiates the certification process with the CA on behalf of an end user.
  • PKI must retain a key history, which keeps track of all the old and current public keys that have been used by individual users.
43
Q

What services do cryptosystems provide?

A
  • Confidentiality: Encryption
  • Integrity: Hashed
  • Authentication Message can be digitally signed which provides authentication
  • Authorisation Upon proving identity, the individual is then provided with the key or password that will allow access to some resource.
  • Non-repudiation: Message digitally signed
  • Digital signatures: Hash value that has been encrypted with the sender’s private key. Act of signing means encrypting the message’s hash value with a private key.
44
Q

What is Key Management?

A
  • Provides the means to distribute and maintain secure keys to ensure they arent modified, corrupted or disclosed.
  • Frequency of key rotation is directly related to how frequently its used.
  • key length should be long enough to provide the necessary level of protection.
  • Keys are stored and transmitted by secure means
  • Keys are extremely random
  • Keys lifetime should correspond with the sensitivity of the data.
  • Keys should be backed up or escrowed in case of emergencies. Multiparty key recovery implements dual control, meaning that 2 or more people are involved with critical task.
  • Keys should be properly destroyed when its lifetime has ended.
45
Q

What function does the TPM provide?

A
  • TPM is a microchip installed on the motherboard, stores and processes symmetric and asymmetric keys, hashes, certs.
  • TPMs can bind to the hard-disk, hard-disk is encrypted with the key in the TPM.
  • Sealing a system’s state, to detect any attempts to tamper with a system’s configuration. TPM generates a hash on the system’s config files. Sealed systems will verify the integrity of the systems file with the stored value.
  • Persistent Memory:
    • ​Endorsement Key (EK): Public/private key is installed in the TPM at the time of manufacture.
    • Storage Root Key (SRK): Master wrapping key used to secure keys in the TPM.
  • Versatile Memory:
    • Attestation Identify Key (AIK): Linked to the TPM’s identity at the development, linked to the EK.
    • Platform Configuration Registers (PCR): Storage of hashes used for TPM’s sealing.
    • Storage keys: Used to encrypt the storage media
46
Q

What is Digital Rights Management (DRM)?

A

DRM is a set of technologies that is applied to controlling access to copyrighted data.

  • For SaaS, uses standard authentication and authorisation technologies to ensure you only install the allowed amount.
  • Use of product keys when there is no internet, can reverse engineered to develop a product key generator. Better approach is a one-time online activation
  • Use of watermarks to identify owner of the person illegally distributing files.
47
Q

What attacks can be made against Cryptography?

A
  • Ciphertext-only most common type of attack, by getting ciphertext from passive sniffing traffic.
  • Known-plaintext has the plaintext and corresponding ciphertext. Usually from patterns in communication - messages typically start and end in the same way.
  • Chosen plaintext attacker can choose the plaintext that gets encrypted to see the corresponding ciphertext.
  • Chosen ciphertext attacker chooses the ciphertext to be decrypted and has access to the resulting decrypted plaintext.
  • Differential Cryptanalysis attack looks at ciphertext pairs generated by encryption of plaintext pairs with specific differences and analyzes the effect and result of those differences.
  • Linear Cryptanalysis carries out a known-plaintext on several different messages encrypted with the same key. Attacker evaluates the input and output values for each s-box, and output combinations allow him to assign probability values to different keys.
  • Side Channel infer the value of encryption key, but detecting how much power consumption is used, radiation emissions, and the timing of functions.
  • Replay capturing of data and resubmitting it, addressed by timestamps and sequence numbers
  • Algebraic analyzes the vulnerabilities in the algorithim and exploit properities such as the encryption of “o” being “o”.
  • Analytic Identifying structual weakness or flaws, as opposed to brute-force
  • Statistical identifying patterns such as number of 0’s vs 1’s in RNGs
  • Social Engineering
48
Q

What are some threats to the physical security of a facility?

A
  • Natural environment Floods, eathquakes
  • Supply System Power distribution outages, communication interruptions
  • Manmade threats Unauthorised access, explosions, damage by disgruntled employees
  • Poltically motivated Strikes, riots, civil disobediences
  • Physical security is a combination of people, processes, procedures, technology, and equipment to protect resources.
  • Acceptable risk level should be derived from the laws and regulations with which the organization must comply and from the threat profile of the organization overall.
49
Q

What are some goals for a physical security program?

A
  • Crime and disruption prevention through deterrence Fences, security guards, warning signs
  • Reduction of damage through the use of delaying mechanisms Layers of defenses that slows down attackers locks, barriers and security personnel
  • Crime or disruption detection Smoke detectors, CCTV
  • Incident assessment Responses of security guard to incidents
  • Response procedures Fire suppression mechanisms, emgergency reponse
  • Physical security team must carry out risk analysis to determine vulnerabilities, threats, and business impact
  • Use of performance based approach to devise measurements and metrics to gauge the effectiveness of your countermeasures
50
Q

What is the best approach to building a secure facility?

A
  • Best approach is usually to build an environment from a CPTED apprach and then apply the target-hardening components on top of the design.
  • Crime Prevention through environmental design (CPTED) is a discipline that outlines how proper design can reduce crime by affecting human behaviour.
    • Natural access control Guidance of people entering and leaving a space by the placement of doors, fences, lighting. Clear lines of signts and creating security zones.
    • Natural surveillance make criminals feel uncomfortable by providing many ways the public can see them and prevent malicious activites.
    • Natural territortial reinforcement creates a sense of community and ownership through the use of walls, fences, landscaping, lighting, flags, and clearly marked address.
51
Q

What are some of the considerations for physical construction?

A

Different building material various levels of fire protection and have different rates of combustibility, which gives a fire rating.

The load (how much weight it can handle) of a buildings walls, floors, and ceilings.

Windows may need to have UV protection, shaterproof, or need to be translucent or opaque.

  • Walls: Fire rating, Combustibility, Re-inforcements
  • Doors: Combustibility, Fire rating, Secure hinges, Resistance to forcible entry
  • Ceilings: Weight bearing, drop-ceiling
  • Windows: Shatter proof, alarms
  • Floorings: Raised floor, weight bearing
  • HVAC: emergency shut off valves, dedicated power
  • Electric power: Backup supplies, clean and steady powerlines.
  • Water and gas lines: Shut off valves, positive flow
  • Fire detection and suppression: Placement of sensors and detectors.
52
Q

What are some entry point considerations?

A

Entry points may include doors, windows, roof access, fire escapes, chimneys, service delivery access points.

Window at the ground level should be fortified

Ventilation ducts and utility tunnels must fit with sensors and access control mechanisms.

Doors and surrounding walls/ceilings should have the same strength.

Man trap is a small room with 2 doors, Each door requires a person to be authenticated, and in between authentication attempts users are trapped between doors.

Fail secure configuration means doors should be locked in power failure, but emergency doors cannot.

Internal partitions are used to create barriers between areas but should not be used to segment senstive areas, as they commonly use drop ceilings, and allow intruder to move between areas easily.

53
Q

What are some Data Centre considerations?

A
  • Data centers should be located in the core areas of a facility, with strict access control mechanisms.
  • Alarms should be activated during off-hours.
  • Ventilation and HVAC systems should be protected with bars and too small for anyone to crawl through
  • Smoke and fire sensors used with fire extinguishers
  • Water sensors should be placed under raised floors and on drop ceilings
  • Maintain proper tempreture and humidity - if too high then results in corrosion of computers, too low then static electricity is introduced.
  • Must have redundant power supplies, such as two different power suppliers or the use of generators with UPSs.
54
Q

What are some of the Electric power issues?

A
  • Two types interferences: electromagnetic Interferences (EMI) caused by lightning and electric motors and radio frequency interferences (RFI), caused by anything that creates radio waves - Fluorsecent lighting.
  • Power excess
    • ​Spike: Momentary high voltage
    • Surge Prolonged high voltage
  • ​Power loss
    • ​Fault Momentary power outage
    • Blackout Prolonged and complete loss of power
  • ​Power degradation:
    • ​Sag/dip momentary low voltage
    • Brown out Prolonged below normal voltage
    • In rush current Intial surge of current to start
55
Q

What are FIre Prevention, Detection and Suppression techniques?

A

Fire prevention includes training employees on how to react properly when faced with a fire.

Fire detection response systems come in many different forms. Manual detection response systems are the red pull boxes, Automatic detection have sensors that detect presense of fire or smoke.

FIre suppresion is the use of the appropriate suppression agent for the four classes of Fire (A (Common Combustibles)- water/foam,B (liquid) - Gas/foam,C (Electrical) - Gas/Dry powder,D (Combustible metals) Dry powder). HVAC systems must be shut down to prevent the spread of smoke.

56
Q

What are the four main types of water sprinklers?

A
  • Wet pipe Always contains water in the pipes and discharged by tempreture control. May freeze in winter
  • Dry pipe Water is contained in a holding tank. First a sensor is activated, causing the pressure in the pipes to drop and fill with water from tank, fire alarm sounds, electric power is shut and finally water is allowed out.
  • Preaction Similar to dry pipes, water is not held in pipes. A thermal fusible link on the sprinkler needs to melt before water is released - gives more time to respond to false postives.
  • Deluge Sprinkler heads wide open to allow a large volume of water to be released in a shorter peroid.