Chapter 8 Flashcards

1
Q

Trust and Threats - Core Concepts

A
  • Definition: Security involves managing trust and threats.
  • Key Points:
    • Trust: Assumptions about the behavior of entities within the system.
    • Threats: Potential failure scenarios that must be addressed to ensure security.
    • Balance: Security measures must balance trust, threat evaluation, and risk mitigation.
    • Realization: Perfect security is unattainable; measures are about reducing risk.
  • Example: Trusting a fiber link in a secure data center vs. securing WiFi messages on an open campus.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of Threats - Confidentiality

A
  • Definition: Ensuring that information is accessible only to those authorized to access it.
  • Key Points:
    • Encryption: A method to protect data from being intercepted and read by unauthorized parties.
    • Eavesdropping: Without confidentiality measures, adversaries can intercept and understand the contents of messages.
  • Example: Encrypting email messages to prevent unauthorized users from reading sensitive information.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Threats - Integrity

A
  • Definition: Ensuring that information has not been altered during transmission.
  • Key Points:
    • Tampering Detection: Mechanisms to detect if data has been altered.
    • Tampering Impact: Even encrypted messages can be modified to change their meaning.
  • Example: Using checksums or digital signatures to verify that a message has not been changed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Types of Threats - Authentication

A
  • Definition: Verifying the identities of the entities involved in communication.
  • Key Points:
    • Identity Verification: Ensures that the communicating parties are who they claim to be.
    • DNS Attacks: Redirecting users to false websites highlights the importance of authentication.
  • Example: Using SSL/TLS certificates to authenticate websites and prevent man-in-the-middle attacks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Real-world Threats - Malware

A
  • Definition: Malicious software designed to disrupt, damage, or gain unauthorized access to systems.
  • Key Points:
    • Worms and Viruses: Types of malware that can self-replicate and spread.
    • Botnets: Networks of infected machines used to launch coordinated attacks.
  • Example: A computer virus that replicates by inserting copies of itself into other programs or files.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Real-world Threats - Access Control

A
  • Access Control: Ensuring that only authorized users can access and modify resources.
    • Key Points:
      • Authorization: Verifying that a user has permission to perform an action.
      • Prevention: Protecting systems from unauthorized changes.
    • Example: Implementing user roles and permissions to control access to a company’s internal network.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Real-world Threats -Availability

A
  • Availability: Ensuring that services are available and functional when needed.
    • Key Points:
      • DoS Attacks: Overloading a system with traffic to make it unavailable to legitimate users.
      • Redundancy: Implementing backup systems to maintain availability.
    • Example: Using load balancers to distribute traffic and prevent DoS attacks from affecting service availability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk Mitigation - Cost-effective Security

A
  • Definition: Implementing security measures that provide the best protection for their cost.
  • Key Points:
    • Risk Assessment: Identifying and prioritizing potential threats.
    • Cost-Benefit Analysis: Balancing the cost of security measures against the potential impact of threats.
  • Example: Encrypting sensitive data but not all data, based on the likelihood and impact of interception.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risk Mitigation - Explicit Trust Assumptions

A
  • Definition: Clearly stating the trust assumptions made within a system.
  • Key Points:
    • Transparency: Making trust assumptions explicit helps in understanding and managing risks.
    • Unexpected Adversaries: Helps in preparing for sophisticated and unexpected attacks.
  • Example: Trusting the integrity of server execution and ensuring no leakage of unencrypted messages.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Principles of Ciphers

A
  • Definition: Encryption transforms a message to make it unintelligible to unauthorized parties.
  • Key Points:
    • Encryption Function: Applied to plaintext to create ciphertext.
    • Decryption Function: Applied to ciphertext to recover the original plaintext.
    • Cipher: Combination of encryption and decryption functions.
  • Example: Encrypting a message before sending it over the network ensures that only the intended recipient can read it.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Symmetric-Key Ciphers

A
  • Definition: Both participants share the same key for encryption and decryption.
  • Key Points:
    • Secret-Key Ciphers: Another name for symmetric-key ciphers since the key must be kept secret.
    • DES: Data Encryption Standard, a widely used symmetric-key cipher.
    • 3DES: Triple DES, uses three DES keys for increased security.
    • AES: Advanced Encryption Standard, supports key lengths of 128, 192, or 256 bits, and is efficient for both software and hardware.
  • Example: AES is used for securing data on mobile devices due to its efficiency and small memory requirements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Public-Key Ciphers

A
  • Definition: Uses a pair of related keys—one for encryption (public key) and one for decryption (private key).
  • Key Points:
    • RSA: Relies on the computational difficulty of factoring large numbers.
    • ElGamal: Based on the discrete logarithm problem, often used with elliptic curve cryptography for added security.
    • Public and Private Keys: The public key is distributed widely, while the private key is kept secret.
  • Example: RSA is often used for secure key exchange and digital signatures.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Modes of Operation

A
  • Definition: Techniques to use block ciphers securely.
  • Key Points:
    • ECB (Electronic Codebook): Encrypts each block independently, but identical plaintext blocks produce identical ciphertext blocks.
    • CBC (Cipher Block Chaining): Each plaintext block is XORed with the previous ciphertext block before encryption.
    • Counter Mode: Uses a counter for each block, ensuring unique encryption for each block.
  • Example: CBC mode ensures that even identical plaintext blocks produce different ciphertext blocks due to the chaining process.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cryptographic Hash Functions

A
  • Definition: Produces a fixed-size hash value from input data.
  • Key Points:
    • MD5 and SHA-1: Common hash algorithms, though MD5 has known weaknesses.
    • SHA-2: A family of hash functions designed to replace SHA-1.
    • Collision Resistance: Difficult to find two different inputs that produce the same hash value.
  • Example: SHA-256, part of the SHA-2 family, is widely used for data integrity checks.
  • Security Note: The hash function must ensure that outputs are randomly distributed to prevent collisions.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Message Authentication Codes (MACs)

A
  • Definition: A value used to verify both the integrity and authenticity of a message.
  • Key Points:
    • HMAC: A MAC based on hash functions, commonly using SHA-1 or SHA-256.
    • Construction: The MAC is computed using both the message and a secret key.
  • Example: HMAC-SHA256 is used to ensure that a message has not been tampered with and is from a legitimate sender.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Authenticators

A
  • Definition: Values added to messages to verify their integrity and authenticity.
  • Key Points:
    • Encryption of Digest: One method is to encrypt the hash of the message.
    • MACs and HMACs: Provide proof that the sender knows a secret key.
    • Inseparability: Integrity and authentication are fundamentally linked.
  • Example: Encrypting both the message and its MAC ensures confidentiality and authentication.
  • Security Note: Prevents adversaries from undetectably tampering with messages.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Principles of Ciphers - Encryption Function

A
  • Definition: A process that transforms plaintext into ciphertext using an encryption algorithm and a key.
  • Details: Ensures data confidentiality by making the content unintelligible to unauthorized parties.
  • Example: AES encrypts a plaintext message using a secret key to produce ciphertext that appears as a random sequence of characters.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Principles of Ciphers - Decryption Function

A
  • Definition: A process that transforms ciphertext back into plaintext using a decryption algorithm and a key.
  • Details: Reverses the encryption process to make the original message readable by authorized parties.
  • Example: Using the same AES key to decrypt ciphertext back into its original plaintext form.
  • Figure: Symmetric-key encryption and decryption (Figure 1).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Symmetric-Key Ciphers - Secret-Key Ciphers

A
  • Definition: Encryption and decryption use the same secret key, which must be kept confidential between communicating parties.
  • Details: Symmetric-key algorithms are efficient and suitable for large-scale data encryption.
  • Example: AES, where both the sender and the receiver use the same key for encryption and decryption.
  • Security Note: Key management and distribution are critical challenges in symmetric-key cryptography.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Principles of Ciphers - Cipher

A
  • Definition: A combination of encryption and decryption functions used together to ensure secure communication.
  • Details: Ciphers are the fundamental tools for implementing data security in various applications.
  • Example: AES as a cipher is used to encrypt data at rest and in transit, ensuring both confidentiality and integrity.
  • Figure: Symmetric-key encryption and decryption (Figure 1).
21
Q

Symmetric-Key Ciphers - DES (Data Encryption Standard)

A
  • Definition: A symmetric-key encryption algorithm that encrypts data in 64-bit blocks using a 56-bit key.
  • Details: Widely used since its adoption in 1977 but considered insecure against modern attacks.
  • Example: DES encrypts data by processing each 64-bit block through a series of permutations and substitutions.
  • Security Note: Vulnerable to brute-force attacks due to its relatively short key length.
22
Q

Symmetric-Key Ciphers - 3DES (Triple DES)

A
  • Definition: Enhances DES security by applying the DES algorithm three times with three different keys.
  • Details: Provides a higher level of security than single DES by effectively increasing the key length to 168 bits.
  • Example: Data is encrypted with the first key, decrypted with the second key, and encrypted again with the third key.
  • Security Note: More secure than DES but slower and gradually being replaced by AES.
22
Q

Symmetric-Key Ciphers - AES (Advanced Encryption Standard)

A
  • Definition: A symmetric-key encryption standard that encrypts data in 128-bit blocks using key sizes of 128, 192, or 256 bits.
  • Details: Designed for both software and hardware efficiency, widely adopted for its strong security and performance.
  • Example: AES encrypts data by processing each block through multiple rounds of substitution, permutation, and mixing.
  • Security Note: Resistant to all known practical attacks and considered secure for the foreseeable future.
23
Q

Public-Key Ciphers - RSA

A
  • Definition: A public-key encryption algorithm based on the computational difficulty of factoring large numbers.
  • Details: Uses a pair of keys (public and private) for encryption and decryption; the public key is used to encrypt data, and the private key is used to decrypt it.
  • Example: RSA can be used to encrypt a message for secure communication or to digitally sign a document for authentication.
  • Security Note: The security of RSA depends on the key size; commonly used key sizes range from 2048 to 4096 bits.
24
**Public-Key Ciphers - ElGamal**
- **Definition**: A public-key encryption algorithm based on the discrete logarithm problem. - **Details**: Often used in conjunction with elliptic curve cryptography for added security and efficiency. - **Example**: ElGamal encryption involves generating a random key for each message, ensuring semantic security. - **Security Note**: The security of ElGamal depends on the difficulty of computing discrete logarithms.
25
**Public-Key Ciphers - Public and Private Keys**
- **Definition**: In public-key cryptography, each user has a public key for encryption and a private key for decryption. - **Details**: The public key is shared openly, while the private key remains confidential. - **Example**: A sender uses the recipient's public key to encrypt a message, and the recipient uses their private key to decrypt it. - **Security Note**: The private key must be protected against unauthorized access to ensure security.
26
**Modes of Operation - ECB (Electronic Codebook)**
- **Definition**: A mode of operation where each block of plaintext is encrypted independently. - **Details**: Simple but can reveal patterns in the plaintext if the same block is repeated. - **Example**: Encrypting each 128-bit block of a message independently using AES in ECB mode. - **Security Note**: Not recommended for encrypting data with repeating patterns, as it does not provide semantic security.
27
**Modes of Operation - CBC (Cipher Block Chaining)**
- **Definition**: A mode of operation where each plaintext block is XORed with the previous ciphertext block before encryption. - **Details**: Provides better security than ECB by ensuring that identical plaintext blocks produce different ciphertext blocks. - **Example**: Encrypting data with AES in CBC mode, where an initialization vector (IV) is used for the first block. - **Security Note**: The IV must be unique and unpredictable for each encryption session to maintain security.
28
**Modes of Operation - Counter Mode**
- **Definition**: A mode of operation where a counter is used for each block, ensuring unique encryption for each block. - **Details**: Converts a block cipher into a stream cipher, allowing for parallel processing of blocks. - **Example**: Encrypting data with AES in counter mode, where each block is XORed with the encrypted counter value. - **Security Note**: The counter value must never be reused with the same key to prevent security vulnerabilities.
29
**Cryptographic Hash Functions - MD5 and SHA-1**
- **Definition**: Cryptographic hash functions that produce a fixed-size hash value from input data. - **Details**: MD5 produces a 128-bit hash, while SHA-1 produces a 160-bit hash. - **Example**: Generating a hash of a message to verify its integrity. - **Security Note**: Both MD5 and SHA-1 have known vulnerabilities and are not recommended for secure applications.
30
**Cryptographic Hash Functions - SHA-2**
- **Definition**: A family of cryptographic hash functions designed to replace SHA-1. - **Details**: Includes SHA-224, SHA-256, SHA-384, and SHA-512, with varying hash output sizes. - **Example**: Using SHA-256 to generate a 256-bit hash of a message for secure data integrity checks. - **Security Note**: SHA-2 is currently considered secure and widely used in security protocols.
31
**Cryptographic Hash Functions - Collision Resistance**
- **Definition**: A property of a hash function where it is difficult to find two different inputs that produce the same hash value. - **Details**: Essential for ensuring the integrity and uniqueness of hashed data. - **Example**: Using a collision-resistant hash function to prevent two different files from having the same hash. - **Security Note**: A secure hash function must have a low probability of collisions to maintain data integrity.
32
**Message Authentication Codes (MACs) - HMAC**
- **Definition**: A type of MAC based on hash functions, typically using SHA-1 or SHA-256. - **Details**: Combines a cryptographic hash function with a secret key to produce a MAC. - **Example**: HMAC-SHA256 is used to verify the integrity and authenticity of a message. - **Security Note**: HMAC provides strong security and is resistant to various cryptographic attacks.
33
**Message Authentication Codes (MACs) - Construction**
- **Definition**: The MAC is computed using both the message and a secret key. - **Details**: Ensures that any changes to the message will result in a different MAC value. - **Example**: Calculating a MAC for a message before transmission to ensure it has not been tampered with. - **Security Note**: The secret key must be kept confidential to prevent unauthorized message authentication.
34
**Authenticators - Encryption of Digest**
- **Definition**: Adding an authenticator by encrypting the hash (digest) of the message. - **Details**: Provides integrity and authentication by ensuring that the message has not been altered. - **Example**: Encrypting the hash of a message with a secret key to create a secure authenticator. - **Security Note**: The encrypted digest ensures that only authorized parties can verify the message's integrity.
35
**Authenticators - MACs and HMACs**
- **Definition**: Provide proof that the sender knows a secret key and that the message has not been altered. - **Details**: MACs and HMACs are widely used for secure message authentication in various protocols. - **Example**: Using HMAC-SHA256 to authenticate an API request, ensuring it is legitimate and unaltered. - **Security Note**: The strength of the MAC depends on the
36
**Predistribution of Symmetric Keys**
- **Issue:** Symmetric keys need to be kept secret, unlike public keys. - **Challenges:** 1. **Number of Keys:** N(N-1)/2 keys are needed for N entities. 2. **Secrecy:** Keys must be kept secret. - **Solution:** Use a Key Distribution Center (KDC). - **KDC Function:** - Shares a secret key with each entity. - Reduces keys to N-1. - Participates in authentication and session key generation for Alice and Bob. - **Outcome:** Alice and Bob communicate directly using a session key. **Example:** Kerberos system employs a KDC to manage symmetric keys for secure communication.
37
**Predistribution of Public Keys:**
- Public and private key pairs are generated using publicly known algorithms. - Alice can generate her own keys, but she needs to assert her public key's ownership. - Public Key Infrastructure (PKI) is used to certify this ownership. - PKI starts by verifying identities and binding them to keys out of band. - This process can involve direct exchanges like in-person meetings or organizational configurations.
38
**Public Key Certificates:**
- A certificate is a digitally signed statement asserting ownership of a public key. - Certificates include: entity identity, public key, signer identity, digital signature, and optionally an expiration time. - Certificates are created by Certification Authorities (CAs) like VeriSign. - They formalize trust in public key ownership. - X.509 is a standard for certificate structure, defining essential components such as identity and digital signature.
39
**Trust in Public Key Infrastructure (PKI):**
- PKI formalizes trust in public keys using digital signatures. - Bob, as a Certification Authority (CA), can issue certificates to assert key ownership. - Trust in certificates can scale by trusting the initial CA's public key. - Certificates need a well-defined identity space, such as email addresses or DNS domains. - PKI formalizes trust through careful verification and binding of identities to public keys.
40
**Certification Authorities (CAs):**
- CAs are entities trusted to verify identities and issue public key certificates. - They play a critical role in establishing digital trust through certificate chains. - CAs can be commercial, governmental, or free. - Users must know a CA's public key to trust certificates it issues. - Certificate chains link entities through certificates signed by trusted CAs.
41
**Chain of Trust:**
- Trust is binary; either you trust an entity completely or not at all. - Certificate chains allow trust to propagate from one entity to another. - If X certifies Y's key, and Y certifies Z's key, a chain exists from X to Z. - Participants only need to trust the root CA's key to trust certificates signed by CAs in the chain. - Chains are structured hierarchically in a tree-like model for scalability.
42
**Issues with Chains of Trust:**
- Chain integrity depends on each CA properly verifying identities. - One compromised CA in the chain undermines the trustworthiness of the entire chain. - X.509 certificates can restrict which entities a certificate's subject can certify. - Multiple root CAs are common in web security (e.g., Firefox and Internet Explorer). - Browsers come pre-configured with trusted CAs; users can add more in preferences.
43
**Web Transactions and CAs:**
- Web browsers use SSL/TLS for securing transactions. - SSL/TLS relies on trusted CAs to validate server identities. - Users can view trusted CAs in browser certificate settings. - SSL/TLS ensures secure communication between clients and servers. - Understanding CAs is crucial for ensuring the security of web transactions.
44
**Web of Trust (PGP):**
- PGP uses an alternative trust model without Certification Authorities (CAs). - Users individually decide whom and how much to trust; trust is a matter of degree. - Email addresses are identities bound to keys and signed by other users. - Certificates in PGP can include confidence levels indicating the trust in key bindings. - Users may require multiple certificates to trust a key binding.
45
**Building Trust in PGP:**
- If Alice provides a certificate for Bob, a moderate level of trust is assigned. - Certificates from others (C, D) who are moderately trusted can increase confidence in Bob's key. - Users can attend PGP key-signing parties to: - Collect public keys from known individuals. - Provide their public keys to others. - Sign others' public keys to help them build trust. - Collect certificates from trusted individuals to strengthen their own set.
46
**Philosophy of PGP:**
- PGP acknowledges that trust is a personal matter, not hierarchical. - Users make independent decisions rather than relying on a single CA structure. - Developed by Phil Zimmerman, PGP allows users to manage their own security. - Quote: "PGP is for people who prefer to pack their own parachutes." - Popular in the networking community, especially in events like IETF meetings.
47
**PGP and Networking Events:**
- PGP key-signing parties are common at networking events like IETF meetings. - Individuals: - Exchange and verify public keys in person. - Sign each other's public keys to establish trust. - Collect certificates from others they trust. - Over time, users build a collection of certificates with varying degrees of trust.
48
**Certificate Revocation:**
* One issue with certificates is how to revoke them if compromised. * If someone discovers your private key, they can impersonate you using valid certificates. * To solve this, certificates can be revoked. Each Certification Authority (CA) issues a Certificate Revocation List (CRL). * CRL is a digitally signed list of revoked certificates, periodically updated and publicly available. * Alice checks the latest CRL before trusting a certificate. * Certificates have expiration dates to limit the time they stay on CRLs. * Once expired, a revoked certificate can be removed from the CRL.