Domain 3: Security Architecture and Engineering

Question 1

Memory Protection

Answer 1

Prevents one program from referencing memory not specifically assigned to it.
o If a program attempts to reference a memory address it is not permitted to access, the system blocks the access, suspends the program, and transfers control to the operating system.

Question 2

ISO/IEC 19249 (5 design principles)

Answer 2

o Least privilege
o Attack surface minimization
o Centralized parameter validation
o Centralized general security services
o Preparing for error and exception handling

Question 3

ISO/IEC 19249 (5 architectural principles)

Answer 3

o Domain Separation
o Layering
o Encapsulation
o Redundancy
o Virtualization

Question 4

Zero Trust Principles (3)

Answer 4

o Always verify
o Use least privilege access
o Assume breach

Question 5

Privacy by Design (7 principles)

Answer 5

1 - Proactive not Reactive; Preventative not Remedial
2 - Privacy as the Default Setting
3 - Privacy Embedded into Design
4 - Full Functionality — Positive-Sum, not Zero-Sum
5 - End-to-End Security — Full Lifecycle Protection
6 - Visibility and Transparency — Keep it Open
7 - Respect for User Privacy — Keep it User-Centric

Question 6

Bell-LaPadula Model Rules

Answer 6

o Simple Security Property - No read up
o Star Property - No write down
o Discretionary-Security Property

Question 7

Bilba Integrity Model Rules

Answer 7

• Simple Integrity Property - No read down
• Star Integrity Property - No write up

Question 8

Clark-Wilson Model (2 Concepts & 4 Terms)

Answer 8

• Well-formed transaction is that subjects are constrained to make only those changes that maintain the integrity of the data.
• Separation of duties
• • Constrained data item (CDI) - This is the key data type in the Clark– Wilson model, and it refers to data whose integrity must be preserved.
• • Unconstrained data item (UDI) - This includes all data other than CDIs, typically system inputs.
• • Integrity verification procedures (IVPs) - These procedures check and ensure that all CDIs are valid.
• • Transformation procedures (TPs) - These procedures enforce a system’s integrity policy and maintain the integrity of CDIs.

Question 9

Brewer-Nash Model

Answer 9

Subject can right to an object if and only if the subject cannot read another object in a different data set.

Prevents conflict of interest.

Question 10

Secure Cryptoprocessor

Answer 10

Hardware modules that are resistant to tampering and have a limited interface, making it easier to verify the integrity and secure operation of the (limited) code running on the cryptoprocessor.

Question 11

Trusted Platform Module (TPM) & 3 Functions

Answer 11

Secure Cryptoprocessor that provides secure storage and cryptographic services as specified by iSO/IEC 11889. It has three core functions:
- Attestation: Creates a cryptographic hash of the system’s known good hardware and software state, allowing third-party verification of the system’s integrity
- Binding: Encrypts data using a cryptographic key that is uniquely associated with (or bound to) the system
- Sealing: Ensures that ciphertext can be decrypted only if the system is attested to be in a known good state

Question 12

Full-disk Encryption

Answer 12

At the lowest level protects all the data on the storage media, protecting against the physical theft or loss of the drive itself.
It provides no protection from threat actors who have logical access to the system.

Question 13

Filesystem-level encryption

Answer 13

Allows the encryption to occur at the filesystem level.

Question 14

Transparent data encryption (TDE)

Answer 14

Protects the data from those who have direct access to the filesystem (i.e., the “root” user), but do not have permission to access the database system and the specific database item.
- Is not intended to be used alone as it doesn’t protect against malicious users (disgruntled admins, SQL Injection, etc.).

Question 15

Cell-level encryption (CLE)

Answer 15

Encrypts database information at the cell or column level. With this approach, data remains encrypted when read from the database and is decrypted only when requested.
- Can be cumbersome to processing

Question 16

Symmetric Key Encryption

Answer 16

AKA Secret Key Encryption
- Uses the same key to encrypt and decrypt
- More convenient, but less secure as you have to share the key.

Question 17

Asymmetric Encryption

Answer 17

AKA: Public key encryption
- Uses a public private key pair. Encrypting with your private key provides non-repudiation

Question 18

Stream Cipher

Answer 18

Encryption algorithm that works one character or bit at a time.

Question 19

Block Cipher

Answer 19

A deterministic algorithm that takes a fixed-sized block of bits and a key value and produces an encrypted block of the same size as the plaintext block.

Question 20

Block Cipher Types

Answer 20

|Name | Size | Key Size | Rounds|
|DES | 64 | 56 | 16|
|AES-128 | 128 | 128 | 10|
|AES-192 | 128 | 192 | 12|
|AES-256 | 128 | 256 | 14|

Question 21

Data Encryption Standard Types

Answer 21

• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB)
• Counter (CTR)
• Triple DES

Question 22

DES-ECB

Answer 22

The simplest and weakest form of DES; no initialization vector or chaining; identical plaintexts with identical keys encrypt to identical ciphertexts.

Question 23

DES-CBC

Answer 23

Cipher Block Chaining (CBC): A block mode of DES; XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted; first encrypted block is an initialization vector that contains random data.
- Weakness: the “chaining” destroys patterns.

Question 24

DES-CFB

Answer 24

Very similar to CBC; the primary difference is CFB is a stream mode; uses feedback (the name for chaining when used in stream modes) to destroy patterns; like CBC, CFB uses an initialization vector and destroys patterns, and errors propagate.

Question 25

DES-CTR

Answer 25

Like OFB; the difference again is the feedback: CTRmode uses a counter; shares the same advantages as OFB (patterns are destroyed and errors do not propagate) with an additional advantage: since the feedback can be as simple as an ascending number, CTR mode encryption can be done in parallel.

Question 26

DES-Triple DES

Answer 26

Applies DES encryption three times per block; FIPS 46-3 describes “Encrypt, Decrypt, Encrypt” (EDE) order using three keying options: one, two, or three unique keys (called 1TDES EDE, 2TDES EDE, and 3TDES EDE, respectively).

Question 27

Advanced Encryption Standard (AES)

Answer 27

• 128-bit (with 10 rounds of encryption)
• 192-bit (12 rounds of encryption) or
• 256-bit (14 rounds of encryption) keys to encrypt 128-bit blocks of data.

Question 28

Rivest Ciphers

Answer 28

• RC2 is a block cipher that uses a 64-bit block size and a variable-length key. RC2 is vulnerable to chosen-plaintext attacks and should not be used.
• RC4 is a stream cipher used in internet protocols such as TLS and SSH, with variable length, ranging from 40 to 2048 bits. RC4 is not considered secure and should not be used, although it still is in many places.
• RC5 is like the RC2 block cipher, but with a variable block size (32, 64, or 128 bits) and variable key size (0 to 2040 bits). RC5 is considered secure with sufficient rounds of encryption.
• RC6 is a derivative of RC5 that uses a 128-bit block size and variable length keys (128, 192, or 256 bits). RC6 is an improvement upon RC5 and is a secure algorithm.

Question 29

Diffie-Hellman key agreement protocol

Answer 29

AKA Diffie-Hellman Key Exchange allows two parties to securely agree on a symmetric key via a public channel.

Question 30

Elliptic Curve Cryptography (ECC)

Answer 30

One-way function that uses discrete logarithms as applied to elliptic curves. Algorithms based on Elliptic Curve Cryptography (ECC) are much stronger per bit than systems using discrete logarithms. Requires less computational resources because shorter keys can be used compared to other asymmetric methods.

Question 31

Public Key Infrastructure (PKI)

Answer 31

Leverages all three forms of encryption (symmetric, asymmetric, and one-way hash) to provide and manage digital certificates.

Question 32

Certificate Authorities

Answer 32

Issues digital certificates and authenticates the identity of a person or organization before issuing a certificate.

Question 33

Digital Signatures

Answer 33

Used to cryptographically sign documents and provide nonrepudiation, which includes authentication of the identity of the signer, and proof of the document’s integrity.

Use a hash function to generate a hash value of the plaintext. Create the digital signature by encrypting the hash with a private key. Digital signatures provide authentication and integrity, which forms nonrepudiation. They do not provide confidentiality: the plaintext remains unencrypted.

• Vulnerabilities: Hash collision, Private key, and CA compromise

Question 34

Hash Function

Answer 34

An algorithm that takes a block of data (i.e., a message or file) and computes a derived value such that any change to the data will result in a change to the hash value.
- Provides encryption using an algorithm and no key.
- Primarily used to provide integrity: if the hash of a plaintext changes, the plaintext itself has changed.

Question 35

Checksum

Answer 35

A mathematical function that takes a block of data and calculates a number (the checksum) in a manner such that any single change to the block of data will cause the checksum number to change.

Question 36

Hash Collision

Answer 36

Hashes are not unique, because the number of possible plaintexts is far larger than the number of possible hashes. More than one document could have the same hash: this is called a collision.`

Question 37

MD5

Answer 37

Creates a 128-bit hash value based on any input length.
- Considered cryptographically broken, but it can be used safely as a checksum.

Question 38

Hash-based Message Authentication Code (HMAC)

Answer 38

Concatenates a secret key (which has been XORed with a string to pad it to a fixed length) and hashes that. It then takes that hash, combines it with the key again, and hashes it a second time, producing the HMAC value. HMAC is a less complex method of ensuring message integrity and authentication, but with the overhead of sharing a symmetric cipher key

Question 39

Evidence Storage Controls

Answer 39

• Strict policies surrounding who is permitted access
• Video Monitoring
• Double locks on the evidence storage doors

Question 40

Environmental Controls

Answer 40

Power, HVAC, and fire safety are considered environmental controls

Question 41

Class A Fires

Answer 41

• Organic Materials (e.g., paper, wood, and
  plastic)
• Extinguisher Types: Water, Foam, Dry Powder, and Wet Chemical

Question 42

Class B Fires

Answer 42

• Class B: Flammable liquids (e.g., gasoline)
• Extinguisher Types: Foam, Dry Powder, and CO2

Question 43

Class C Fires

Answer 43

• Flammable Gases
• Dry Powder is the only extinguisher type.

Question 44

Class D Fires

Answer 44

• Combustible metals (e.g., lithium metal, but not
  lithium-ion batteries, which are considered Class B)
• Dry Powder only extinguisher type

Question 45

Electrical Equipment Fires

Answer 45

• Computers and Servers
• Dry Powder and CO2 only extinguisher Type

Question 46

Class F/K Fires

Answer 46

• Cooking oils and greases
• Wet Chemical only extinguisher type.