Domain 3: Security Engineering Flashcards
Asymetric Encryption
2 keys
Graham-Denning Security Model
Defines rights based on the commands that the subjects can execute R1: Transfer access R2: Grant access R3: Delete access R4: Read objects R5: Create objects R6: Delete objects R7: Create subjects R8: Delete subjects
Brewer-Nash Security Model
Designed to avoid conflicts of interests
AKA: Chinese wall
Clark-Wilson
- Well formed transactions
- authorization access modifications made in organized manner
- Real-world technology model
- Separation of duties ensures that authorized users do not change data in inappropriate way
Biba Security Model
Integrity of objects
- Simple Integrity Axiom
- no read down
- Integrity Axiom
- no write up
- Integrity Axiom
Lattice-based Access Control
Upper and Lower Limits
- Every relationship between subjects and objects has upper and lower limits.
- Multilevel and multilateral
Bell-LaPadula Security Model
Confidentiality of objects
- Designed for Dept of Defense
- Simple Security Property
- No read up
- Security Property
- No write down
- Strong Tranquility Property - security labels will not change while system on operating.
- Weak Tranquility Property - security labels will not change in a way that conflicts with defined security properties.
ITSEC
Information Technology Security Evaluation Criteria
- Used extensively in Europe
- Assurance correctness rating E0 (inadequate) - E6 (formal model of security policy)
- References the orange book but added
F- Functionality
Q- Effectiveness
E- Correctness
TCSEC
Trusted Computer System Evaluation Criteria
- Orange Book
- Developed on 1983
(KNOW THE LEVELS)
D- minimal protections
C- Discretionary protection
B- Mandatory protection - B1 labeled
- B2 structured
- B3 Security Domains
A- Verified Protection
-A1- Verified Domains
Rule-based Access Control
RBA
- Firewall
- Based on a set of rules
- Stored in Access Control List
Role-based Access Control
- Non-discretionary access control
- Assigns permissions to roles in the organization
Mandatory Access Control
MAC
- Access control where OS constrains the ability of the subject to access or perform on a object
- Rules enforced on OS kernel
- Security policy administrator controls
Trusted Computer System Evaluation Criteria
- Discretionary access control (DAC)
- Restricts access to objects based on the identity of the subjects and the groups they belong to
- Subjects with certain permissions are capable of passing that permission
4 Modes of Systems/ Access Control
- Dedicated - one classification for all objects - subject must have clearance equal or greater than the system label
- Systems High - mixed labels - subject must have clearance equal or greater than the highest object label
- Compartmented -objects placed in compartments. Subjects must have a formal need to know.
>All subjects must have- NDA for ALL. Clearance for ALL information on the system. - Multi-level- objects of varying levels. Subjects with varying clearances can access the system, Reference monitor mediates access. NDA. Clearance for SOME information on the system
Common Criteria
- Internationally agreed upon standard for describing
and the the security of IT products.
-primary objects is to eliminate known vulnerabilities of the target for testing.
Terms:
>Target of Evaluation (ToE): system or product being tested
>Security Target (ST): documentation describing the TOE
>Protections Profile (PP): independent set of security requirements and objectives for a specific category of products or systems
>Evaluation Assurance Level (EAL): evaluation score of the tested…
- Latest version July 2009
Common Criteria 7 levels of Evaluations (EAL)
EAL1: Functionally tested
EAL2: Structurally tested
EAL3: Methodically tested and checked
EAL4: Methodically designed, tested, and reviewed
EAL5: Semi-formally designed and tested
EAL6: Semi-formally verified, designed, and tested
EAL7: Formally verified, designed, and tested
Layering
- Separates HW and SW functions into Modular tiers.
- Actions that take place at one layer to not directly affect components of another
- Generic list of security architecture layers
.Kernel - 0
.OS - 1
.Hardware - 2
.Applications - 3
Abstractions
Unnecessary details are hidden from the user
Ring Model
- CPU HW layering to separate and protect domains (user mode from kernel mode)
- Ring 0: Kernel
- Ring 1: OS components outside of Ring 0
- Ring 2: Device drivers
- Ring 3: User applications
- Processes communicate between ring via system call.
- Rings allow abstraction.
- Allows layering
Computer Bus
- Primary communications channel on a computer.
- Communications between CPU, memory, and input/output devices
Northbridge
Southbridge
- Northbridge = memory controller hub
. connects cpu to ram and video memory
. directly connected to CPU
Southbridge = I/O controller hub
. connects I/O devices
. Keyboards, mice, etc
Thread
- CPU action where one process has spawned another process
- Threads can share memory
Trusted Platform Module
- International standard
- Hardware-based encryption (fast)
- Platform integrity and disk encryption (primary uses)
- Boot integrity
- DoD requires TPM 1.2 or higher
Kernel
- Interface between OS and HW
- Reference monitor is its core function: mediates all access between subjects and objects.
-Two primary types
. Monolithic kernel: compiles int one static executable.
. Microkernel: modular, can add functionality
-Reference monitor is core
.
Cloud computing
- Leverages economies of scale
. IaaS - customer configures OS and all else
. PaaS - pre-configured OS, customer does all else
. SaaS - everything is configured, customer uses. (Webmail) - Cloud Security Issues
. Need strict SLA
. Limited visibility
. Shared infrastructure and shared target
. Right to audit, right to assess (vulnerabilities), right to test (pentest)
. Physical boundaries (geographical)
Emanations
- Energy the escapes and electronic signal
- Potential side-channel attack
- TEMPEST: NSA spec and NATO cert referring to spying through leaking emanations.
Rootkit
- Replaces part of the kernel or OS
- User-mode (ring 3, called userland) and kernel mode (ring 0)
Database Security
- Polyinstantiation: two different objects with the same name
- Inference: requires deductions using clues
- Aggregation: mathematical process that asks every question, no deduction.
- Data Mining: searching through DB looking for patterns
Cryptography - Key Terms
- Cryptology: the science of secure communications
- Cryptography: creates messages with hidden meanings
- Cryptoanalysis: the science of breaking hidden messages (recovering their meanings)
- Cryptology: encompasses cryptography and cryptoanalysis
- Cipher: cryptographic algorithm
- Plaintext: an unencrypted message
- Cyphertext: an encrypted message
- Encryption: converts plaintext to cyphertext
- Decryption: turning cyphertext back into plaintext.
Confusion, Diffusion, Substitution, Permutation
- Confusion: means the relationship between the plaintext and cyphertext should be as confused or random as possible
- Diffusion: the order of the plaintext should be diffused (dispersed) in the cyphertext
- Substitution: replace one character with another to provide diffusion
- Permutation:provided confusion by rearranging the characters of the plaintext; anagram style
Cryptographic Strength
- Work factor: how long it takes to break a cryptosysten (decrypt a cyphertext without a key)
- Kerchoffs’ principle - secrecy of the cryptographic algorithm does not provide strength
Monoalphabetic and Polyalphabetic Ciphers
Monalphabetic cyphers: uses one alphabet, a specific letter “ like E” is substituted for another (like X).
- Suseptible to frequency analysis
Polyalphabetic cipher: uses multiple alphabets: E may be substituted for X one round and S the next round.
Rotation Cipher
- Julius Caesar
- Rotated each letter of the plaintext forward three times. (Rot-3) A became D
- Rot-13 frequently used
Codebooks
- assign a codeword for important people, locations and terms
- One-Time Pad
. Uses identical paired pads of random characters
. One page used to encrypt (sender) and decrypt (receiver)
. Pages never reused
. Only encryption method that is mathematically proved to be secure if the following conditions are met:- character are truly random
- pads are kept secure
- No page is ever reused.
Wassenaar Agreement
- 1996
- many countries relaxed restrictions on exporting cryptography
Data Encryption Standard (DES)
Symmetric Encryption
- Describes the Data Encryption Algorithm (DEA)
- 1976 was made the US federal standard symmetric cipher
- 64-bit block size (64 bits each round and a 56-bit key)
DES
5 modes
- Modes primary difference is block versus (emulated stream, use of initialization vectors and whether errors in encryption propagate to subsequent blocks.
- 5 modes
. Electronic code book (ECB) - Weakest
. Cipher block chaining (CBC)
. Cipher feedback (CFB)
. Output feedback (OFB)
. Counter mode (CTR)
Notice the words “chaining” and “feedback”
- Chaining = block mode
- Feedback = stream mode
Electronic Code Book (ECB)
Data Encryption Standard (DES) -Symmetric Encryption
- Simplest and weakest form of DES
- Identical plaintext and identical keys encrypt to identical cyphertext
Cipher Block Chaining (CBC)
Data Encryption Standard (DES) -Symmetric Encryption
- First encrypted block is the initialization vector (IV)
- Chaining destroys patterns.
- One limitation is CBC encryption error will propagate.
. an error in one block will cascade through subsequent block due to chaining, thus destroying their integrity
Cipher Feedback (CFB)
Data Encryption Standard (DES) -Symmetric Encryption
- Feedback = stream
- Errors propagate
Output Feedback (OFB)
Data Encryption Standard (DES) -Symmetric Encryption
- Stream
- Uses previous ciphertext for feedback
- Error WILL NOT propagate
Counter (CTR)
Data Encryption Standard (DES) -Symmetric Encryption
- Uses a counter
- Errors WILL NOT propagate
Mode Comparison Chart
Memorize
Triple DES
- applies singe DES 3 times per block
- 168 bits of key length
- 1999 became a recommended standard
- primary weakness is slow and complex
International Data Encryption Algorithm (IDEA)
- International replacement to DES
- Uses 128-bit key and 64-bit block size
Advanced Encryption Standard (AES)
Symmetric Encryption
- Current US standard for symmetric block
- Rijndael algorithm chosen in 1999
- 128 bit block size
-Uses
. 128 bit (10 rounds)
. 192-bits (12 rounds)
. 256-bits (14 rounds)
Symmetric Encryption
AES
Four functions
- SubBytes: confusion by substituting bytes
- ShiftRows: diffusion by shifting rows
- MixColumns: diffusion by mixing columns
- AddRoundKeys: final function applied to each round, subket different for each round
Symmetric Encryption
Blowfish
Twofish
- Block ciphers by Bruce Schneier
- Blowfish: 32 - 488 bits. default is 128. Keys encrypt 64 bits of data
- Twofish: 128-bit blocks, using 128-256 bit keys
Symmetric Encryption
RC5 and RC6
RC5
- symmetric block cipher by RSA laboratories
- uses 32-bit blocks Key sizes 0 - 2040 bits
RC6
- based on RC5 but altered to meed AES requirements
- 128-bit blocks encrypted, using keys of 128, 192 or 256 bits
Asymmetric Encryption
-Solved the challenge of pre-shared key
-1976 Diffie-Hillman key exchange
-2 keys, if you encrypt with one you may decrypt with the other
-called public-key
-Math lies beneath.
. one-way functions; easy to computer one way, difficult to computer in opposite direction.
Asymmetric Encryption
Method: Factoring Prime numbers
Factoring Prime numbers
- factoring a composite number (prime x prime) to its prime
- no shortcut has been found for hundreds of years.
- basis of RSA algorithm
- public key: factoring large primes number is so difficult that the composite can be publicly posted
- private key: the prime number that are multiplied to create the public key. must be kept secret
Asymmetric Encryption
Method: Discrete Logarithm
Discrete Logarithm
- is the opposite of exponentiation
- asking what number is factored to create 9999999999999
- basis of Diffie-Hilman and EIGamal asymmetric algorithm
Diffie-Hillman Key exchange
Asymmetric Encryption
allows two parties to securely agree on a symmetric key via a public channel
Elliptical Curve Cryptography (ECC)
Asymmetric Encryption
- one way function the uses discrete logarithms applied to elliptic curves
- requires less computational power because of shorter keys compared to other asymmetric methods
- often used on lower power devices.
Hash Functions
-provides encryption using an algorithm and no key
-called “one way hash functions” because there is no way to reverse the encryption
-variable length plaintext is hashed in the fixed length hash values called “hash” or message digest”
-primarily used to provide integrity
. if the hash of a plaintext has changed, then the plaintext itself has changed
-Collision: more than one document can produce the same hash
Hash Algorithms
- Secure Hash Algorithms-1 (SHA-1) 160-bit hash and message digest
- Message Digest 5 (MD5): creates 128-bit hash
- Newer alternatives like SHA-2 are recommended
Hash Algorithms
MD5
-Message Digest Algorithm 5 by Ronald Rivest
-create 128-bit hash value based on any input value length
-Weakness discovered where collisions can be found
MD6 now recommended (2008)
Hash Algorithms
Secure Hash Algorithm (SHA)
- SHA-1 - 1993 Created 160-bit hash value
- SHA-2 recommended over SHA-1 and MD5
- SHA-3 is the standard in 2015 (Keccak algorithm)
Hash Algorithms
HAVAL
- Hash of variable length
- 126, 160, 192,224,256 length message digests
- 3,4 or 5 rounds
Cryptographic Attacks
Brute Force
Known Plaintext
Chosen Plaintext
-Brute Force: used crytpoanalysts to recover plaintext without the key or to recover the key itself.
. Every possible key
. Effective key-based ciphers (except one-time pad)
-Known Plaintext:
. relies on recovering and analyzing a matching plaintext and ciphertext pair
. goal is the derive the key used
Chosen Plaintext:
. chooses the plaintext to be encrypted
. goal is to derive the key
. adapts further rounds of encryption based on the previous rounds
Cryptographic Attacks
Chosen Ciphertext
Meet in the middle
-Chosen Ciphertext
. similar to chosen plaintext, except cryptoanalyst chooses the ciphertext to be decrypted
. usually launched against asymmetric cryptosystems
-Meet in the Middle
. attacker has a copy of a matching plaintext and ciphertext, and seeks to recover the two keys used to encrypt
. encrypts one side, decrypts the other side and meets in the middle
. common attack again “double DES”
Cryptographic Attacks
Known Key
Differential Cryptanalysis
Known Key:
. cryptanalyst know something about the key, i.e. all upper case letters, so omits other character in attack
Differential Cryptanalysis:
. seeks to find difference between related plaintexts that are encrypted
Cryptographic Attacks
Linear cryptanalysis
Side-channel attack
Linear cryptanalysis:
. analysts finds large amounts of plaintext/ciphertext pairs created with the same key. Studies to derive information about the key used to create them
Side Channel attack:
. uses physical data to break a cryptosystem, such a monitor CPU cycles used while encrypting
Cryptographic Attacks
Birthday attacks
Key Clustering
Birthday attacks:
. named after the birthday paradox
Key Clustering:
. occurs when two different symmetric keys applied to same plaintext produce the same ciphertext
Digital Signatures
- Used the cryptographically sign documents
- Provide nonrepudiation
- Uses hash function
- Creates digital signature by encrypting the hash with a private key
- Provide authentication and integrity, which form non-repudiation
- Do not provide confidentiality as the plaintext remain unencrypted.
HMAC
- Combines symmetric encryption with hashing
- HMACs are used by IPSec
- Two parties must preshare a secret key
- The receiver hashed the plaintext locally and also decrypts the HMAC with their copy of the private key, recovering the sender’s hash
Public Key Infrastructure
- Leverages 3 forms of encryption to provide and manage digital certificates
- Used for SSL websites
PKI
Certificate Authorities
-Certificate Authorities
. Issue digital certificates
. Authenticate identity before issuing
. May be private or public run
-Certificate Revocation List maintained by CAs
IPSec
- Suite of protocols that provide cryptographic layer to both IPv4 and IPv6
- Includes two primary protocols
. Authentication Header (AH)
. Encapsulating Header (ESP)
IPSec
AH
ESP
- Authentication header: provided authentication and integrity for each packet on network data. No confidentiality
- Encapsulating header: provides confidentiality be encrypting packet data
IPSEC
Tunnel Mode
Transport Mode
-Transport Mode: used by security gateway ( which provides point to point IPSec tunnels.
- ESP Tunnel mode encrypts the entire packet
- ESP Transport mode only encrypts the data
IPSec
Internet Key Exchange (IKE)
- IPSec can use a variety of encryption algorithms (MD5m SHA-1
- Algorithm selection process negotiated by Internet Key Exchange (IKE)
- Two side of the IPSec tunnel will typically use IKE to negotiate that hightest and fastest level of security, selecting AES over single DES for confidentiality, for example, if both sides support AES
SSL and TLS
-Secure Socket Layer (SSL): authenticates and provides confidentiality to web traffic
. developed for Netscape browser in 1990s
-Transport Layer Security (TLS): Successor to SSL
. TLS 1.3 is the current release in RFC 8446 (August 2018)
-Both uses as a part of HTTPS
PGP
-Pretty Good Privacy
. Asymmetric Encryption
. Phil Zimmerman
- uses web of trust model to authenticate digital certificates
S/MIME
- MIME Multipurpose Internet Mail Extensions
- S/MIME leverages PKI to encrypt and authenticate MIME encrypted mail
Escrow Encryption
Clipper chip
- Takes private key and divides into two parts.
- Parts held in escrow by trusted third party, will only release with court order
Clipper chip: the name of the technology used in Escrow Encryption Standard.
- announced in 1993 by US Government
- created media firestorm and abandoned on 1996
