Domain 3 Flashcards
Shared Responsibility Model
On-Prem
(How Responsibility is delegated)
You 100%
- Apps
- Data
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking
Shared Responsibility Model
IaaS
(How Responsibility is delegated)
You 50%
- Apps
- Data
- Runtime
- Middleware
- OS
Cloud Service Provider 50%
- Virtualization
- Servers
- Storage
- Networking
Shared Responsibility Model
PaaS
(How Responsibility is delegated)
You 25%
- Apps
- Data
Cloud Service Provider 75%
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking
Shared Responsibility Model
SaaS
(How Responsibility is delegated)
Cloud Service Provider 100%
- Apps
- Data
- Runtime
- Middleware
- OS
- Virtualization
- Servers
- Storage
- Networking
Public Cloud
(Name the Pros)
Everything runs on CSP hardware
Scalable, Agile, pay-as-you-go, no maintenance, low skill
Private Cloud
(Name the Pros)
A cloud env in your own data center
legacy support, control, compliance
Hybrid Cloud
(Name the Pros)
Combines both Public / Private, allows you to run your apps in the right location
flexibility in legacy / compliance / scalability
Cloud Access Security Broker (CASB)
Security policy enforcement solution that may be install On-prem or in the cloud
Shadow IT Prevention
Post-Quantum Cryptography
Developing new cryptographic approaches developed by normal computers to be resilient to Quantum computers
How well do current encryption hold up to Quant?
Post-Quantum Cryptography
Symmetric Encryption
- Does better
-
Grovers Algorithm: Shows Quant computer halve key length
- 256 bit key is as strong as a 128 bit to a normal computer
Post-Quantum Cryptography
Asymmetric Encryption
- Does worse
-
Shor’s Algorithm: can easily break public key algos
- RSA & Elliptic Curve is vulnerable
- Lattice offers resilience
Post-Quantum Cryptography
Lattice Algorithms
Based on shortest vector problem and closest vector problem
- potential to replace all current endangered schemes
- Lattice based schemes make up most publications on post-quant crypto
TIP:
If a ?’s ask ab a “asymmetric encryption” that is “quant resilient”, answer is Lattice
Cryptography
Code
Crypto system of symbols that operate on words or phrases and are sometimes secret but do NOT
ensure confidentiality
Cryptography
Cypher
Always meant to hide true meaning
Types of Cyphers
Stream
Symmetric key, plaintext combined with cypher digit stream ( key stream ) . Each plaintext digit is encrypted one at a time with the corresponding digit on keystream to produce cipher text stream
Types of Cyphers
Block
encrypts plain text in blocks at a time, like 64- bits
Types of Cyphers
Substitution
replace each character with a different one. Ex ceasar cipher
Types of Cyphers
Transposition
Shuffle each digit
Initialization Vector (IV)
( Random Number ) a random string ( nonce ) that is XORed with message
used by ceasar, Vigenere, One time Pad
- main diff bt them is key length
- 1 char > word / sentence > one time pad
One Time Pad
Type of substitution cypher where key stream is at least as long as the message.
Success needs:
- generated randomly
- at least as long as message
- protected from disclosure
- Pad used once then deleted
Zero Knowledge Proof
specific info is exchanged but no real data transferred, only with digital signatures and certs
Prove knowledge of a fact without revealing the fact
Split knowledge
The privilege required to do operation is divided among multiple users
- no single person can comprimise security
Work Function (Work Factor)
Way to measure strength of crypto function by cost / time to decrypt message
Nonrepudiation
provide undeniable proof that sender actually authored it.
- prevents sender from denying it
DES Modes
Electronic Codebook Mode (ECB)
Least Secure, encrypts 64 bit blocks with the same key.
- if same block in plaintext, same ciphertext generated
DES Modes
Cipher Block Chaining (CBC)
Plaintext XORed with Cipher text immediately preceding
DES Modes
Cipher Feedback (CFB)
Streaming version of CBC, Works on data in real time, used memory buffers of same block size. When buffer fills, data is encrypted and transmitted. Uses chaining, so errors propagate.
DES Modes
Output Feedback (OFB)
Similar to CFB, XORs plaintext with seed value. No chaining so less propagated errors
DES Modes
Counter (CTR)
Uses incrementing counter rather than a seed
Key Clustering
Weakness where same ciphertext is generated from 2 different keys
Asymmetric Key Types
Hash Function Requirements
- Inputs of any length
- Fixed length outputs
- Relatively easy to compute hash for any input
- Provide 1 way functionality
- Collision Free
Asymmetric Key Types
Rainbow Tables
Pre-computed values to ID common passwords
Asymmetric Key Types
Salt
Random data added to hash input.
- salts reduce effectiveness of rainbow tables
Asymmetric Key Types
Digital Signature Standard (DSS)
Uses SHA-1, SHA-2, SHA-3, message digest functions.
Works in conjunction with 1 of 3:
1. Digital Signature Algorithm (DSA)
2. Rivest, Shamir, Alderman (RSA)
3. Elliptic Curve DSA (ECDSA)
Public Key Infrastructure (PKI)
Certificate Authorities (CA)
Body’s that generate Digital Certificates containing public keys of systems’ Users
- Users distribute certs to who they want to talk to
- Cert recipient verify a cert using CA’s public key
Securing Web Traffic
Email (Protocols)
- S/MIME
- Pretty Good Privacy (PGP)
Securing Web Traffic
Web (Protocols)
- HTTP over Transport Layer Security (TLS)
replacing SSL
Securing Web Traffic
Network
IPsec
Securing Web Traffic
IPsec
Architecture framework that supports secure communications over IP
- Establishes a secure channel in either transport mode or tunnel mode
- Can be used to establish direct comms between computers over VPN
- Uses 2 Protocols
- Authentication Header (AH)
- Encapsulating Security Payload (ESP)
Digital Rights Management (DRM)
Allow conent owners to enforce restriction on use of their content by others
- Common in entertainment industry
- Sometime protects sensitive info stored in docs
Top 3 Public Key Cryptosystems
RSA
Factoring product of prime numbers
Top 3 Public Key Cryptosystems
El Gamal
Modular arithmetic
Top 3 Public Key Cryptosystems
Elliptic Curve
Elliptic curve discrete logarithm problem and provides more security than the other 2
Digital Signature
Rely on public key crypto / hashing
MUST use SHA-2+ hashing
Currently approved:
- DSA
- RSA
- Elliptic Curve DSA
Security Model
Used to determine how security is implemented
- Formalize security Policy
- enforce CIA triad
- models lay out broad guidelines
- up to devs to decide how its functionally implemented
Top –> Down
- Security Policy
- Security Model
- Program Code
- OS
State Machine Model (SMM)
System is always secure, no matter what state it is in
- Based on FSM
- State - snapshot of a system
- if each state transition results in another secure state = SMM
Information Flow Model (IFM)
Based on SMM, focused on flow of information
- Biba = Flow from low to hight security level
- **Bell - LaPadula = prevent info from high to low
Non-Interference Model
How actions f high level affect system state of action at a low level
- ensures actions dont interfere with each other
Lattice Based Models
Interactions between
- objects - resources, computers, apps
- subjects - users, groups, orgs
Used to ID levels of security for obj / subj
3 Properties for Models
- Simple - Rules for read
-
Star - Rules for write
3, Invocation - Rules for calls to subjects
Security Models
Biba
Based on Integrity
No Read down, no write up
- Lattice Based
- Simple integrity = “no read down”
- Star integrity = “no write up
Security Models
Bell-LaPeluda
Based on Confidentiality
No read up, no write down
- SMM enforces Confidentiality
- Uses Mandatory Access Controls
- Simple security policy “no read up”
- Star property “no write down”
- Lattice Based
Security Models
Clark - Wilson
Integrity
Access Control Triple, uses security labels to access objects
Security Models
Goguen- Meseguer
Integrity
Non-interference
Security Models
Sutherland
Integrity
Prevent interference, info flow / SMM
Security Models
Brewer + Nash
Confidentiality
“Chinese Wall”
Prevents conflict of interest
Security Models
Take Grant
Confidentiality
uses “direct graph”
Supports 4 operations:
1. Take
2. Grant
3. Create
4. Revoke
Security Model: Clark - Wilson
Constrained Data Item (CDI)
data item who integrity is protected by the security model
Security Model: Clark - Wilson
Unconstrained Data Item (UDI)
data item that is NOT
controlled by security model
Security Model: Clark - Wilson
Integrity Verification Procedure (IVP)
a procedure that scans data items and confirms their integrity
Security Model: Clark - Wilson
Transformation Procedure (TP)
Only process allowed to modify a CDI
Security Model: Clark - Wilson
Access Control Triplet
- Authenticated Principal (User / Subjects)
- Programs (TPs)
- Data Items (UDIs + CDIs) (objects)
Security Models
Graham - Denning Model
Protection rules where each object has an owner and controller
- focus on secure creation and deletion of both subject and object
- 8 primary protection rules:
- Securely create object
- Securely create subject
- Securely delete object
- Securely delete subject
- Securely provide the read access
- Securely provide the grant access
- Securely provide the delete access
- Securely provide the transfer access
Symmetric Cryptography Algorithms Table
Hash Algorithms Table
Asymmetric Cryptography Algorithms Table
Security Modes
Dedicated Mode
Security clearance that permits access to ALL
info processed by system, approval for ALL
info processed by system, and valid need-to-know for ALL
info processed by system
Security Modes
Multilevel Mode
Can process info at different levels even when all system users do not have the required security clearance to access all info processed by the system
Security Modes
System High Mode
Each user must have valid security clearance, access approval for ALL
info processed by system, and valid need-to-know for at least SOME
info on the system. Offers most granular control over resources and users of thew modes
Security Modes
Compartmented Mode
Goes one step further than system high mode
Each user must have a valid security clearance access approval for ALL INFO
processed by system, but requires valie need-to-know for ALL INFO
they will have access to on the system
Trusted Computing Base
A combination of hardware, software and controls that work together to form a “trusted” base” to enforce your security policy.
- Is a subset of the complete information system.
- is the only portion that can be trusted to adhere to and enforce your security policy
- TCB must create secure channels ( trusted paths ) to communicate withthe rest of the system
- Protects subject from comprimise as a result of TCB interchange
Trusted Computing Base
Security Perimeter
An imaginary boundary that separates TCB from the rest of the system.